[Libwebsockets] RFC: lightweight sessions

Colin Adams colinpauladams at gmail.com
Mon May 23 15:14:57 CEST 2016


This sounds like something that I was going to have to write myself for my
application (a game server). I can't think offhand of any further
improvements, but I might find something when I try it out.
My C skills are 17 years rusty (apart from fragments involved in writing
language bindings), but I'm sure I can polish them up if I find any
enhancements needed.
Is this in master now?

On Mon, 23 May 2016 at 12:44 Andy Green <andy at warmcat.com> wrote:

> Hi -
>
> I am partway through making a plugin called "generic-sessions", intended
> to provide lightweight persistent http sessions without a server-side
> interpreter.
>
> The overall ideas are:
>
>   - random 20-byte session id managed in a cookie
>
>   - all information related to the session held at the server, nothing
> managed clientside
>
>   - sqlite3 used at the server to manage active sessions and users
>
>   - defaults to creating anonymous sessions with no user associated
>
>   - admin account (with user-selectable username) is defined in config
> with a SHA-1 of the password; rest of the accounts are in sqlite3
>
>   - login, logout, register account + email verification built-in with
> examples
>
>   - in a mount, some file suffixes (ie, .js) can be associated with a
> protocol for the purposes of rewriting symbolnames.  These are read-only
> copies of logged-in server state.
>
>   - When your page fetches .js or other rewritten files from that mount,
> "$lwsgs_user" and so on are rewritten on the fly using chunked transfer
> encoding
>
>   - Eliminates server-side scripting with a few rewritten symbols and
> javascript on client side
>
>   - 32-bit bitfield for authentication sectoring, mounts can provide a
> mask on the loggin-in session's associated server-side bitfield that
> must be set for access.
>
>   - No code (just config) required for, eg, private URL namespace that
> requires login to access.
>
> Login, logout, cookies, rewriting are already done, I am curious about
> any comments or suggestions to make it more useful (especially if anyone
> is motivated to contribute).
>
> -Andy
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20160523/b22bd9b6/attachment-0001.html>


More information about the Libwebsockets mailing list