[Cppcms-users] Validating user's login using session ID
Brought to you by:
artyom-beilis
Menu
▾
▴
[Cppcms-users] Validating user's login using session ID
|
From: <cn...@gr...> - 2010-09-12 11:36:11
|
Hello! Gurus,
I want some services to be only available to logged in users. My design goes like this way:
1. The user fills out the login form and sends account and password to server through https protocol.
2. The server validates the incoming account and password. If the account and password are valid, the server sets that session ID as the cookie value to that client using this assignment (and cppcms will do the rest for me?):
cppcms::application::session()["logged_in_sid"]=<the_current_session_id>;
3. When requested for the special services, server will first check if the client already logged in before offering them:
if(session().is_set("logged_in_sid")){
//Offer the special services here.
}
I assume that the session ID's generated by cppcms do not overlap for fairly long time. I most likely will configure cppcms server to session.expire="browser". Also, I feel setting session ID as the only cookie data in browsers is pretty efficient because its size is very small.
Here are the questions I need your enlightenment:
1. Is such design correct, efficient, and not too vulnerable? Do I miss any thing?
2. I don't see a member function that returns the current session ID in class "session_interface". Where can I have it instead?
Best Regards,
CN
|
