Home » U++ Library support » U++ MT-multithreading and servers » Skylark session verification
Skylark session verification [message #53804] |
Sun, 03 May 2020 02:28 |
|
Xemuth
Messages: 387 Registered: August 2018 Location: France
|
Senior Member |
|
|
Hello,
I'm currently using Skylark to developpe my own website and I have a little doubt about skylark session.
On my website, I want user authenticate themself. so Actually I'm using a form with $post_identity() to start a session.
When user send is data to be logged on, I check if he is legitimate then, if he is, I do this :
if(Data sent by user is good){
http.NewIdentity(); //Set new session identity
http.SessionSet("RIGHT", AsString(us->GetRight())); //Set Right of user
http.SessionSet("USERNAME", us->GetLogin()); //Set username of user
http.Redirect(PrivateScreen); //Redirect to the privateScreen
}else{
http.Redirect(Auth); //Else redirect to authentification page
}
On other page (like PrivateScreen) for example, I do this to ensure the user is connected :
if( !http[".USERNAME"].ToString().IsEmpty()){
...Process everythings
}else{
http.Redirect(Auth); //Else redirect to authentification page
}
Is this way of working is safe ? should I instead, generate a special ID related to sessionID of the user, send it to cookies and comparing it every time ?
Thanks in advance
|
|
|
Goto Forum:
Current Time: Mon May 06 03:20:07 CEST 2024
Total time taken to generate the page: 0.02516 seconds
|