[Warning: This is not wrote in an academic fashion in any way, this is just a brain-dump of what I’ve been working on to get things working. My final report will list the main reasons behind my choices along with why I decided to go about things in this way]

For the last two week’s I’ve been getting the design ready for our group project “Pocket Arena”. Within the game we will need to log the player in and retrieve the data related to the player, in this instance we need to get the player’s characters and items they have already unlocked.

I chose JSON to transfer the data between the web-service and the client due to its compact nature and very simple usage in PHP, the output that I was looking for is as follows:

  "type": "getUserData",
  "status": "success",
  "data": {
    "User": {
      "username": "test",
      "id": "6"
    "Character": [
        "id": "2",
        "name": "Test Character Two",
        "user_id": "6",
        "CharacterItem": [
            "id": "3",
            "character_id": "2",
            "item_id": "1",
            "equipped": "1"

The framework I am using for the Web-Service is CakePHP, there are many reasons why I feel that PHP is best suited for this environment  but the main one is that PHP is a free, commercial language that have been avidly tested in various situations and can be run on my current servers (As can C#, however MSSQL servers on my hosting can cost a significant amount!)

To track the users once they have logged in I implemented a token system using a GUID to be passed back to the client, this allows for the web-service to use sessions within a non-cookie environment simply by passing this token back to the web-service, IE.


In terms of security the GUID is randomly generated on each login and expires once the player logs out of the client application, the GUID is then SHA1 hashed which generates a 40-character alpha-numeric key which means there is 2^128 chance of it being generated coincidently.