User authentication and session managment in Wt.
Added by Amir Hadzic about 15 years ago
Hello Everyone!
Can anyone shed some light on this topic, please? Basicaly I want to use one WApplication for checking user credentials and then redirecting him/her to another part of my website. For example login application will be at /login and I want to redirect them to /inbox. They should ofcourse be able to navigate to other parts of the website /outbox, /profile etc. without logging in again.
Thank you!
Replies (2)
RE: User authentication and session managment in Wt. - Added by Amir Hadzic about 15 years ago
Hmmm maybe something like this...
Let's suppose we have a database table Users with Id, Username, Password, SessionId fields. User comes to /login, and if he/she successfully logs in then we write sessionId() output to its SessionId field, and we also set a cookie with that value. When the user navigates to /inbox or /outbox, or anywhere else on the site, we can check the session id in the cookie and search for any users with that session id written in their SessionId field.
Is this a good way to handle users in Wt ?
RE: User authentication and session managment in Wt. - Added by Koen Deforche about 15 years ago
Hey Amir,
That approach (with a cookie that stores a random token, in your case the sessionId() when logging in) is in my opinion the ideal approach, really.
Decoupling the session Id from authentication token is good because a session is usually short lived compared to authentication, and a user can also have multiple sessions (e.g. multiple tabs) which benefit from the same authentication.
Regards,
koen