Re: [Cppcms-users] Validating user's login using session ID
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Validating user's login using session ID
|
From: Artyom <art...@ya...> - 2010-09-12 16:55:14
|
>
>1. The user fills out the login form and sends account and password to server
>through https protocol.
>2. The server validates the incoming account and password. If the account and
>password are valid, the server sets that session ID as the cookie value to that
>client using this assignment (and cppcms will do the rest for me?):
CppCMS handles the session cookies for you, all you need is to set some
values in session, For example:
cppcms::application::session()["logged_in_user_name"] = valid_user_name
User can't alter the content of the sessions so its OK.
Small note:
If user is banned or for example unregistered its session still may be
valid and he can do some operations, so the better way to also to check that
for example if this user name exits. See as example see
http://cppcms.svn.sourceforge.net/viewvc/cppcms/wikipp/branches/for_cppcms_v100/users.cpp?revision=1200&view=markup
If you don't care about such stuff, just mark it and that's it.
>
>I assume that the session ID's generated by cppcms do not overlap for fairly
>long time. I most likely will configure cppcms server to
>session.expire="browser". Also, I feel setting session ID as the only cookie
>data in browsers is pretty efficient because its size is very small.
Actually there are several options for session storage, the most efficient
is actually to use encrypted cookies and not session ids.
>2. I don't see a member function that returns the current session ID in class
>"session_interface". Where can I have it instead?
Because it is not always session id, sometimes all session data remains on
client side.
(Of course it is signed or encrypted so user can't alter it too much)
Artyom
|
