Part 4 - Further legacy site work
We discussed about some updates we will do to our legacy site - mainly what I call the secure client-side session provider and the open-id connect implementation.
While we are here I also migrated the platform over to Azure Front-Door.
Secure client-side session provider
This was quiet straight-forward to implement, the logic roughly follows the last post.
Got stuck with a set-cookie override race condition, plus setting cookie with other headers (like Location) which has all been worked out.
Basically we read the state into memory, read/modify as required and if modified, then set the cookie before doing anything else, especially rendering or outputting anything.
So as a result there’s an encrypted cookie on the client which contains state and some other information.
So we can move on as quickly as possible, we just grab an id-token for the user from B2C. Straight-forward OIDC/OAuth2 type stuff.
This actually removed a fair bit of code, as we don’t have to do any local form of registration or user processing; just flick off to B2C and get a token back and handle accordingly.
As of now, user ‘sign in’ using Microsoft/Google is now opened and anyone can leave a review. I will do a bit more testing and remove all current dummy reviews.
Without going to much into it, the site was cut across to Azure Front-Door.
Due to the fact we now handle state in a cookie, which is updated and subsequently reflected on/to client-side, you cannot cache any pages that send a new set-cookie header. This is because the response would get cached, so people hitting the same PoP would get the same session.
So there has to be a split of base PHP pages and static content, which makes sense. Azure Front-Door is extremely cost-effective when compared to other large CDN providers, for what you get out of the box. While certain features are lacking, it’s great value and performs exceptionally well (also has free TLS).
The site is at a point where we can start to decompose it, perform analysis on functional/non-functional requirements and features and start to develop some seperate services.