Alaska Software Inc. - Session management
Username: Password:
AuthorTopic: Session management
Vladimir IahnencoSession management
on Thu, 02 Sep 2004 01:15:07 -0400
Hi All,
For user identification in a WAA application some time ago I used Context
object. See function. I passed nUserID (RecNo) with login and got it later
in waa forms.
We got a case when a WAA server installed behind a proxy or a router screwed
up users data so I removed this type of "authentication", set it through
oHtml:GetVar(userId)/oHtml:setVar(userId) and looks like it works fine so
far.
I created a class, it uses waa1srv.dbf to save/retrieve session related data
(similar to context object)  but I have to pass it userId with every New()
call as a parameter. Does anybody know how to get /set unique ID from/to a
remote machine to make it working without the parameter. PHP and ASP have
session management functions, but unfortunately we can't use them directly
in html. The only way I see is to do something with cookies.
Any ideas are welcome.

Regards,
Vladimir

==========================
FUNCTION GetUserIndex(oContext, nUserId)
   oContext:OpenSession()
   If nUserId == NIL
      nUserId := oContext:GetCargo("UserID")
   Else
      //save for the next session
      oContext:SetCargo("UserID", nUserID)
   EndIf
RETURN If(ValType(nUserId)=="N", nUserId, 0)
Klaus Overhage Re: Session management
on Thu, 02 Sep 2004 07:35:19 +0200
Vladimir Iahnenco schrieb:
> Hi All,
> For user identification in a WAA application some time ago I used Context
> object. See function. I passed nUserID (RecNo) with login and got it later
> in waa forms.
> We got a case when a WAA server installed behind a proxy or a router screwed
> up users data so I removed this type of "authentication", set it through
> oHtml:GetVar(userId)/oHtml:setVar(userId) and looks like it works fine so
> far.
> I created a class, it uses waa1srv.dbf to save/retrieve session related data
> (similar to context object)  but I have to pass it userId with every New()
> call as a parameter. Does anybody know how to get /set unique ID from/to a
> remote machine to make it working without the parameter. PHP and ASP have
> session management functions, but unfortunately we can't use them directly
> in html. The only way I see is to do something with cookies.
> Any ideas are welcome.
> 
> Regards,
> Vladimir
> 
> ==========================
> FUNCTION GetUserIndex(oContext, nUserId)
>    oContext:OpenSession()
>    If nUserId == NIL
>       nUserId := oContext:GetCargo("UserID")
>    Else
>       //save for the next session
>       oContext:SetCargo("UserID", nUserID)
>    EndIf
> RETURN If(ValType(nUserId)=="N", nUserId, 0)
> 
> 
> 
Vladimir,

i doesn't work with WAA, so this is only a idea. You can use JavaScript
directly in html. In this case i would prefer JavaScript.

Klaus
Phil Ide
Re: Session management
on Thu, 02 Sep 2004 10:25:31 +0100
Vladimir,

> The only way I see is to do something with cookies.
> Any ideas are welcome.

Cookies are your only option.  There are two things that can potentially
hide the user's IP address from you aside from hacking and spoofing of
course).

1.  A proxy
2.  AOL

With AOL, each request for a page from the same client during the same
session can have a different IP address.  This is because the AOL gateway
assigns an IP address per request.

The only way around this is to use cookies, SSL or Basic-Auth
authentication.  Basic-Auth requires the user to login before they can
access a page, and the login is handled at the operating system level )on
the client machine), not at the IP level. Once logged in, the pages
protected by the secured realm become visible until the client closes their
browser.  Once in, each request they send to the server is accompanied by
their logon ID, which is made visible to CGI applications via an
environment variable (IIRC, it is USER_NAME).

For an example of Basic-Auth in action, goto:

  https://www.shorttermcover.com/webstats

Note that without a correct username/password, you will not get past the
dialog!

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

A flashlight is a case for holding dead batteries.