[Libwebsockets] RFC: lightweight sessions
colinpauladams at gmail.com
Mon May 23 15:14:57 CEST 2016
This sounds like something that I was going to have to write myself for my
application (a game server). I can't think offhand of any further
improvements, but I might find something when I try it out.
My C skills are 17 years rusty (apart from fragments involved in writing
language bindings), but I'm sure I can polish them up if I find any
Is this in master now?
On Mon, 23 May 2016 at 12:44 Andy Green <andy at warmcat.com> wrote:
> Hi -
> I am partway through making a plugin called "generic-sessions", intended
> to provide lightweight persistent http sessions without a server-side
> The overall ideas are:
> - random 20-byte session id managed in a cookie
> - all information related to the session held at the server, nothing
> managed clientside
> - sqlite3 used at the server to manage active sessions and users
> - defaults to creating anonymous sessions with no user associated
> - admin account (with user-selectable username) is defined in config
> with a SHA-1 of the password; rest of the accounts are in sqlite3
> - login, logout, register account + email verification built-in with
> - in a mount, some file suffixes (ie, .js) can be associated with a
> protocol for the purposes of rewriting symbolnames. These are read-only
> copies of logged-in server state.
> - When your page fetches .js or other rewritten files from that mount,
> "$lwsgs_user" and so on are rewritten on the fly using chunked transfer
> - Eliminates server-side scripting with a few rewritten symbols and
> - 32-bit bitfield for authentication sectoring, mounts can provide a
> mask on the loggin-in session's associated server-side bitfield that
> must be set for access.
> - No code (just config) required for, eg, private URL namespace that
> requires login to access.
> Login, logout, cookies, rewriting are already done, I am curious about
> any comments or suggestions to make it more useful (especially if anyone
> is motivated to contribute).
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Libwebsockets