Home » U++ Library support » U++ MT-multithreading and servers » Skylark session verification
Skylark session verification [message #53804] |
Sun, 03 May 2020 02:28 |
|
Xemuth
Messages: 387 Registered: August 2018 Location: France
|
Senior Member |
|
|
Hello,
I'm currently using Skylark to developpe my own website and I have a little doubt about skylark session.
On my website, I want user authenticate themself. so Actually I'm using a form with $post_identity() to start a session.
When user send is data to be logged on, I check if he is legitimate then, if he is, I do this :
if(Data sent by user is good){
http.NewIdentity(); //Set new session identity
http.SessionSet("RIGHT", AsString(us->GetRight())); //Set Right of user
http.SessionSet("USERNAME", us->GetLogin()); //Set username of user
http.Redirect(PrivateScreen); //Redirect to the privateScreen
}else{
http.Redirect(Auth); //Else redirect to authentification page
}
On other page (like PrivateScreen) for example, I do this to ensure the user is connected :
if( !http[".USERNAME"].ToString().IsEmpty()){
...Process everythings
}else{
http.Redirect(Auth); //Else redirect to authentification page
}
Is this way of working is safe ? should I instead, generate a special ID related to sessionID of the user, send it to cookies and comparing it every time ?
Thanks in advance
|
|
|
|
|
|
|
Re: Skylark session verification [message #54090 is a reply to message #53804] |
Sun, 31 May 2020 10:30 |
|
deep
Messages: 265 Registered: July 2011 Location: Bangalore
|
Experienced Member |
|
|
Xemuth
I think what you were doing was okay. What gets transmitted is only session id.
Every thing else is stored at server end.
You can use anything to store in session. Skylark will retrieve it from server side local storage.
I checked this with couple of examples.
Warm Regards
Deepak
[Updated on: Sun, 31 May 2020 10:31] Report message to a moderator
|
|
|
Goto Forum:
Current Time: Fri Sep 20 07:22:02 CEST 2024
Total time taken to generate the page: 0.02725 seconds
|