Author | Topic: Session management | |
---|---|---|
Vladimir Iahnenco | Session management on Thu, 02 Sep 2004 01:15:07 -0400 Hi All, For user identification in a WAA application some time ago I used Context object. See function. I passed nUserID (RecNo) with login and got it later in waa forms. We got a case when a WAA server installed behind a proxy or a router screwed up users data so I removed this type of "authentication", set it through oHtml:GetVar(userId)/oHtml:setVar(userId) and looks like it works fine so far. I created a class, it uses waa1srv.dbf to save/retrieve session related data (similar to context object) but I have to pass it userId with every New() call as a parameter. Does anybody know how to get /set unique ID from/to a remote machine to make it working without the parameter. PHP and ASP have session management functions, but unfortunately we can't use them directly in html. The only way I see is to do something with cookies. Any ideas are welcome. Regards, Vladimir ========================== FUNCTION GetUserIndex(oContext, nUserId) oContext:OpenSession() If nUserId == NIL nUserId := oContext:GetCargo("UserID") Else //save for the next session oContext:SetCargo("UserID", nUserID) EndIf RETURN If(ValType(nUserId)=="N", nUserId, 0) | |
Klaus Overhage | Re: Session management on Thu, 02 Sep 2004 07:35:19 +0200 Vladimir Iahnenco schrieb: > Hi All, > For user identification in a WAA application some time ago I used Context > object. See function. I passed nUserID (RecNo) with login and got it later > in waa forms. > We got a case when a WAA server installed behind a proxy or a router screwed > up users data so I removed this type of "authentication", set it through > oHtml:GetVar(userId)/oHtml:setVar(userId) and looks like it works fine so > far. > I created a class, it uses waa1srv.dbf to save/retrieve session related data > (similar to context object) but I have to pass it userId with every New() > call as a parameter. Does anybody know how to get /set unique ID from/to a > remote machine to make it working without the parameter. PHP and ASP have > session management functions, but unfortunately we can't use them directly > in html. The only way I see is to do something with cookies. > Any ideas are welcome. > > Regards, > Vladimir > > ========================== > FUNCTION GetUserIndex(oContext, nUserId) > oContext:OpenSession() > If nUserId == NIL > nUserId := oContext:GetCargo("UserID") > Else > //save for the next session > oContext:SetCargo("UserID", nUserID) > EndIf > RETURN If(ValType(nUserId)=="N", nUserId, 0) > > > Vladimir, i doesn't work with WAA, so this is only a idea. You can use JavaScript directly in html. In this case i would prefer JavaScript. Klaus | |
Phil Ide | Re: Session management on Thu, 02 Sep 2004 10:25:31 +0100 Vladimir, > The only way I see is to do something with cookies. > Any ideas are welcome. Cookies are your only option. There are two things that can potentially hide the user's IP address from you aside from hacking and spoofing of course). 1. A proxy 2. AOL With AOL, each request for a page from the same client during the same session can have a different IP address. This is because the AOL gateway assigns an IP address per request. The only way around this is to use cookies, SSL or Basic-Auth authentication. Basic-Auth requires the user to login before they can access a page, and the login is handled at the operating system level )on the client machine), not at the IP level. Once logged in, the pages protected by the secured realm become visible until the client closes their browser. Once in, each request they send to the server is accompanied by their logon ID, which is made visible to CGI applications via an environment variable (IIRC, it is USER_NAME). For an example of Basic-Auth in action, goto: https://www.shorttermcover.com/webstats Note that without a correct username/password, you will not get past the dialog! Regards, Phil Ide *************************************** * Xbase++ FAQ, Libraries and Sources: * * goto: http://www.idep.org.uk/xbase * *************************************** A flashlight is a case for holding dead batteries. |