[fpc-pascal] web app and application persistency
Andrew Brunner
andrew.t.brunner at gmail.com
Mon Aug 1 17:23:39 CEST 2011
On Mon, Aug 1, 2011 at 10:07 AM, Gustavo Enrique Jimenez
<gejimenez at gmail.com> wrote:
> Hi:
>
> I send cookies to the client. One of those cookies is a "sessionID",
> a random number generated at login.
> My sequence is something like
>
> Login
> Client: username/password ->Login html button
> Server: run cgi app with username/password parameters -> ¿Valid user?
> -> generate sessionID, store in DB. Send sessionID to the client as a
> cookie.
>
> Transaction
> Client: Product -> Search product html button (sessionID is also sent
> to the server)
> Server: run cgi app with product/username parameter. sessionID is
> implicit, as any cookie. if username/sessionID from the client is the
> same as in the DB, send data to the client.
>
> The sessionID cookie will remain until logout or expire time. This
> way, you don't have to store password in html. The sessionID cookie
> must be random+hash, unique to every session. sessionID is sort of
> temporal password.
>
> Cliente: username -> Logout html button
> Server: run cgi app with username/sessionID. Verify
> username/sessionID, then send an empty sessionID cookie (this will
> delete the sessionID cookie in client)
I agree with this one. The only thing I could add would be AJAX &
WebSockets for really advanced applications.
More information about the fpc-pascal
mailing list