User Session Management - ddpalacios/home-server GitHub Wiki

When a user logs in into the application, there must be a unique session ID that would be assoicated with the user to ensure proper security of navigating the application with the proper user information

Struct sessions will be created and stored inside a server-side database where it would be used to validate every client request.

sessions would be required in order to access the application - without one, the user will be navigated back to the login screen

image

image

image

Tasks:

  1. Create Session.h/.c files
  2. create session struct when login exists
  3. use session ID to create cookie
  4. store session info to server side database
  5. send cookie HTTP response to client
  6. Retrieve valid session & user objects on HTTP requests
  7. Conditionally navigate to login screen if valid session does not exists
  8. Create 'logout' button
  9. When logout, remove stored session ID & nav back to log in screen

pseudocode:

struct Session {

char* Id; char* userId; char* login_time;

}

IF POST /login_validation {

If (login_valid) {

struct Session session = create_session( ... );

char* cookie = create_cooke( key, value)

insert_session(session);

send_response_code(200, cookie);

} }

char* incoming_session_id = retrieve_cookie( key ) IF GET /home {

render_template('home.htmtl', cSSL, incoming_session_id )

}

// HTTP.c

void render_template(filename, SSL* cSSL, char* sessionId) {

if ( !session_exists ( sessionId )) {

  // if session does not exists, navigate to login screen

 SSL_write( 'index.html', cSSL)
 
 exit(1);

}else{

Session session = get_session (sessionId )

User user = get_user( session.userId)

SSL_write(filename , CSSL);

SSL_write( { userId, username } , CSSL)

}

}