[Libwebsockets] RFC: lightweight sessions

Andy Green andy at warmcat.com
Tue May 24 19:12:30 CEST 2016



On 05/25/2016 01:04 AM, Colin Adams wrote:
> It's the same result, although it takes longer, and the log entries are
> different:
>
> wsws[11461]: Set privs to user 'apache'
> lwsws[11461]: failed to get sid from wsi
> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
> 'id=3f1d8b0159ffe2c1f1abaf74a2cbbee84f229391;Expires=2016-05-24 17:23
> GMT;path=/;Max-Age=1464110613;HttpOnly'
> lwsws[11461]: failed to get sid from wsi
> lwsws[11461]: want
> /usr/local/share/libwebsockets-test-server/generic-sessions//lwsgs.js
> interpreted by protocol-generic-sessions
> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
> 'id=abc1299229ef19850166323b1dcd055ecf155d7a;Expires=2016-05-24 17:23
> GMT;path=/;Max-Age=1464110613;HttpOnly'
> lwsws[11461]: Used up interpret padding
> lwsws[11461]: LWS_CALLBACK_HTTP
> lwsws[11461]: failed to get sid from wsi
> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
> 'id=157a2df7dac198c16b3477a5ce494a713d486b7a;Expires=2016-05-24 17:23
> GMT;path=/;Max-Age=1464110613;HttpOnly'
> lwsws[11461]: wsi 0x229b8b0: TIMEDOUT WAITING on 10 (did hdr 1, ah
> 0x224f3a0, wl 0, pfd events 0)
> lwsws[11461]: lws_header_table_detach: wsi 0x229b8b0: ah held 21s,
> ah.rxpos 568, ah.rxlen 568, mode/state 2 4,wsi->more_rx_waiting 0
> lwsws[11461]: failed to get sid from wsi

If you update to master again, the need for / and that problem should 
both be gone.

-Andy

>
>
> On Tue, 24 May 2016 at 17:57 Andy Green <andy at warmcat.com
> <mailto:andy at warmcat.com>> wrote:
>
>
>
>     On 05/25/2016 12:32 AM, Colin Adams wrote:
>      > Oh, sid stands for session-id - I see.
>      >
>      > I thought I'd changed the /usr/share to /usr/local/share - but as you
>      > worked out, I hadn't.
>      >
>      > Now I've fixed that, I see an empty page. Looking at the source,
>     I see
>      > style="display:none" on both the div elements.
>
>     If you go to
>
>     http://localhost:7681/lwsgs/
>
>     (note the final / ) I think you'll be working.
>
>     -Andy
>
>      > On Tue, 24 May 2016 at 17:11 Andy Green <andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      > <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>> wrote:
>      >
>      >
>      >
>      >     On 05/24/2016 11:52 PM, Colin Adams wrote:
>      >      > OK. Getting nearer now.
>      >      >
>      >      > If I understand the readme correctly, to get a login page
>     i need to
>      >      > point my browser to
>      >      >
>      >      > http://localhost:7681/lwsgs
>      >      >
>      >      > If I do that, I get a 404, and the log says:
>      >
>      >     The canned paths in the readme assume things installed in
>     /usr/share,
>      >     you'll need to slip a '/local' in them if that's where they were
>      >     installed.
>      >
>      >      > lwsws[10660]: failed to get sid from wsi
>      >
>      >     That's ok since no chance to paint the client with a cookie the
>      >     first time.
>      >
>      >     -Andy
>      >
>      >      >
>      >      > On Tue, 24 May 2016 at 16:26 Colin Adams
>      >     <colinpauladams at gmail.com <mailto:colinpauladams at gmail.com>
>     <mailto:colinpauladams at gmail.com <mailto:colinpauladams at gmail.com>>
>      >      > <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>> wrote:
>      >      >
>      >      >     Confirmed that it acquired the apache id:
>      >      >
>      >      >     ps -U root -u apache u | grep lwsws
>      >      >     apache   10599  0.0  0.0  70032  6108 ?        Ss
>       16:25   0:00
>      >      >     /usr/local/bin/lwsws -D
>      >      >
>      >      >
>      >      >     On Tue, 24 May 2016 at 16:16 Colin Adams
>      >     <colinpauladams at gmail.com <mailto:colinpauladams at gmail.com>
>     <mailto:colinpauladams at gmail.com <mailto:colinpauladams at gmail.com>>
>      >      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>> wrote:
>      >      >
>      >      >         I'm just calling
>      >      >         sudo /usr/local/bin/lwsws
>      >      >         so it ought to be running as root
>      >      >
>      >      >         On Tue, 24 May 2016 at 16:13 Andy Green
>     <andy at warmcat.com <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>> wrote:
>      >      >
>      >      >
>      >      >
>      >      >             On May 24, 2016 11:10:32 PM GMT+08:00, Colin Adams
>      >      >             <colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>> <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>>
>      >      >             wrote:
>      >      >              >OK. I've got it installed.
>      >      >              >
>      >      >              >But when running I get messages:
>      >      >              >
>      >      >              >lwsws[10192]: Unable to open session db
>      >      >             /var/www/sessions/lws.sqlite3:
>      >      >              >unable to open database file
>      >      >              >
>      >      >              >I don't know anything about sqlite3, but I'm
>     guessing
>      >      >             perhaps I need to
>      >      >              >define a user name first? Or is there
>     something missing
>      >      >             from the readme
>      >      >              >(I
>      >      >              >issued the two commands to create the
>     directory and set
>      >      >             the owner to
>      >      >              >root.apache).
>      >      >
>      >      >             Are you starting it as root?  Otherwise it doesn't
>      >     have the
>      >      >             rights to change to run under apache uid.
>      >      >
>      >      >             -Andy
>      >      >
>      >      >              >On Tue, 24 May 2016 at 15:38 Andy Green
>      >     <andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >             <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>>>>
>      >     wrote:
>      >      >              >
>      >      >              >>
>      >      >              >>
>      >      >              >> On 05/24/2016 09:06 PM, Colin Adams wrote:
>      >      >              >> > I did:
>      >      >              >> > git pull
>      >      >              >> > cd build
>      >      >              >> > make
>      >      >              >> > sudo make install
>      >      >              >> >
>      >      >              >> > and got:
>      >      >              >> > CMake Error at cmake_install.cmake:427
>     (file):
>      >      >              >> > file INSTALL cannot find
>      >      >              >"/home/colin/libwebsockets/plugins/lwsgs.js".
>      >      >              >> >
>      >      >              >> > I had previously done:
>      >      >              >> >
>      >      >              >> > cmake -D LWS_WITHOUT_DAEMONIZE=OFF -D
>      >     LWS_WITH_PLUGINS=ON
>      >      >              >> > -DLWS_WITH_LWSWS=1 ..
>      >      >              >> >
>      >      >              >> > so is there anything else I should have
>     done?
>      >      >              >>
>      >      >              >> No it's my fault, I missed it from git
>     add.  Please
>      >      >             fetch (not pull)
>      >      >              >> master again.
>      >      >              >>
>      >      >              >> Because master doesn't have a history, you
>     need
>      >     to track
>      >      >             it like
>      >      >              >this,
>      >      >              >> assuming you have no local patches
>      >      >              >>
>      >      >              >> $ git fetch
>      > https://github.com/warmcat/libwebsockets.git
>      >      >             +master:m &&
>      >      >              >> git reset --hard m
>      >      >              >>
>      >      >              >> -Andy
>      >      >              >>
>      >      >              >> >
>      >      >              >> > On Tue, 24 May 2016 at 11:26 Andy Green
>      >      >             <andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>      >      >              >> > <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>
>      >      >             wrote:
>      >      >              >> >
>      >      >              >> >
>      >      >              >> >
>      >      >              >> >     On 05/24/2016 06:15 PM, Colin Adams
>     wrote:
>      >      >              >> >      > My opinion is that I personally
>     will not
>      >     need
>      >      >             anything
>      >      >              >beyond
>      >      >              >> >     what you
>      >      >              >> >      > have already described (but I am
>      >     assuming that
>      >      >             the email
>      >      >              >address
>      >      >              >> that
>      >      >              >> >      > the user used for registration is
>      >     available in
>      >      >             the DB. And
>      >      >              >maybe
>      >      >              >> that
>      >      >              >> >      > assumption is wrong).
>      >      >              >> >
>      >      >              >> >     It will be... you can see the schema
>     here
>      >      >              >> >
>      >      >              >> >
>      >      >              >>
>      >      >
>      >
>      >https://github.com/warmcat/libwebsockets/blob/master/plugins/protocol_generic_sessions.c#L522
>      >      >              >> >
>      >      >              >> >     but the register / email part is not
>     wired
>      >     up yet.
>      >      >              >> >
>      >      >              >> >     Currently I am imagining this
>      >     "generic-sessions"
>      >      >             plugin only
>      >      >              >deals
>      >      >              >> with
>      >      >              >> >     authentication of a username.  That
>     includes
>      >      >             registration,
>      >      >              >email
>      >      >              >> >     confirmation, "forgot password",
>     eventually
>      >     admin
>      >      >             maintenance
>      >      >              >pages,
>      >      >              >> >     managing the sesion database and so
>     on, but
>      >     NO other
>      >      >              >information
>      >      >              >> except
>      >      >              >> >     the client has a cookie
>     authenticated for a
>      >     given
>      >      >             username (or
>      >      >              >no
>      >      >              >> >     username if not logged in).
>      >      >              >> >
>      >      >              >> >     So the api to this in your ws
>     protocol handler
>      >      >             would only be
>      >      >              >"what's
>      >      >              >> my
>      >      >              >> >     username".  If it gives you a
>     username, you
>      >     know
>      >      >             it has been
>      >      >              >> >     authenticated.  You can also segregate
>      >     access to
>      >      >             mounts by if
>      >      >              >you're
>      >      >              >> >     logged in, or logged in as admin, but
>      >     that's it.
>      >      >              >> >
>      >      >              >> >     Storing stuff that your protocol handler
>      >     deals in
>      >      >             for that
>      >      >              >user, eg,
>      >      >              >> >     using the username as the db key, is
>      >     completely a
>      >      >             separate
>      >      >              >issue
>      >      >              >> private
>      >      >              >> >     to your protocol handler.  It would, eg,
>      >     use its
>      >      >             own sqlite3
>      >      >              >database
>      >      >              >> >     for it if that's what he wanted to do.
>      >      >              >> >
>      >      >              >> >     -Andy
>      >      >              >> >
>      >      >              >> >
>      >      >              >> >      > On Tue, 24 May 2016 at 11:11 Andy
>     Green
>      >      >             <andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>      >      >              >> >     <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>      >      >              >> >      > <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >             <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>>>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >             <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>> wrote:
>      >      >              >> >      >
>      >      >              >> >      >
>      >      >              >> >      >
>      >      >              >> >      >     On 05/23/2016 11:37 PM, Andy
>     Green
>      >     wrote:
>      >      >              >> >      >      >
>      >      >              >> >      >      >
>      >      >              >> >      >      > On May 23, 2016 9:14:57 PM
>     GMT+08:00,
>      >      >             Colin Adams
>      >      >              >> >      >      > <colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>
>      >      >             <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>
>      >      >              >> >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>
>      >      >             <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>>
>      >      >              ><mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>
>      >      >             <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>
>      >      >              >> >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>
>      >      >             <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>
>      >     <mailto:colinpauladams at gmail.com
>     <mailto:colinpauladams at gmail.com>>>>>> wrote:
>      >      >              >> >      >      >> This sounds like
>     something that
>      >     I was
>      >      >             going to have
>      >      >              >to
>      >      >              >> >     write myself
>      >      >              >> >      >      >> for my application (a game
>      >     server). I
>      >      >             can't think
>      >      >              >offhand
>      >      >              >> >     of any
>      >      >              >> >      >      >> further improvements, but I
>      >     might find
>      >      >             something
>      >      >              >when I
>      >      >              >> >     try it
>      >      >              >> >      >      >> out. My C skills are 17
>     years rusty
>      >      >             (apart from
>      >      >              >fragments
>      >      >              >> >     involved
>      >      >              >> >      >      >> in writing language
>     bindings),
>      >     but I'm
>      >      >             sure I can
>      >      >              >polish
>      >      >              >> >     them up if
>      >      >              >> >      >      >> I find any enhancements
>     needed.
>      >     Is this
>      >      >             in master
>      >      >              >now?
>      >      >              >> >      >      >
>      >      >              >> >      >      > No, it's very much a WIP.
>      >      >              >> >      >      >
>      >      >              >> >      >      > But today it's working for
>     admin
>      >     login /
>      >      >             logout, the
>      >      >              >> cookies,
>      >      >              >> >      >      > persistent session db,
>     rewriting r/o
>      >      >             copies of the
>      >      >              >state
>      >      >              >> >     into js vars
>      >      >              >> >      >      > (so the example login page
>     js can
>      >     change
>      >      >             to a logout
>      >      >              >form
>      >      >              >> >      >      > appropriately), and all
>      >     customization in
>      >      >             the lwsws
>      >      >              >JSON
>      >      >              >> >     and login
>      >      >              >> >      >      > html (there are hidden
>     form elements
>      >      >             that control the
>      >      >              >next
>      >      >              >> url
>      >      >              >> >      >      > depending on how the login /
>      >     logout went).
>      >      >              >> >      >      >
>      >      >              >> >      >      > I'll tidy it up and add
>     some docs
>      >      >             tomorrow, and check
>      >      >              >if
>      >      >              >> >     it broke
>      >      >              >> >      >      > anything else, but you can see
>      >     it's only
>      >      >             usable for
>      >      >              >> >     development
>      >      >              >> >      >      > today.
>      >      >              >> >      >
>      >      >              >> >      >     I pushed what there is of
>     it... for now
>      >      >             it's enabled in
>      >      >              >cmake
>      >      >              >> >     with
>      >      >              >> >      >     LWS_WITH_LWSWS.
>      >      >              >> >      >
>      >      >              >> >      >     See
>      >      >              >> >      >
>      >      >              >> >      >
>      >      >              >> >
>      >      >              >>
>      >      >
>      >
>      >https://github.com/warmcat/libwebsockets/blob/master/README.generic-sessions.md
>      >      >              >> >      >
>      >      >              >> >      >     You can add the mounts
>     mentioned in
>      >     there
>      >      >             and the
>      >      >              >protocol
>      >      >              >> >     import part
>      >      >              >> >      >     to the existing lwsws example
>     config.
>      >      >              >> >      >
>      >      >              >> >      >     The admin account and
>     password in the
>      >      >             protocol config
>      >      >              >part is
>      >      >              >> >     admin /
>      >      >              >> >      >     jipdocesExunt
>      >      >              >> >      >
>      >      >              >> >      >     If you navigate to
>      >      > http://localhost:7681/lwsgs you
>      >      >              >should see
>      >      >              >> >     a login
>      >      >              >> >      >     form that you can login with
>     those
>      >      >             credentials, which
>      >      >              >will
>      >      >              >> >     take you to a
>      >      >              >> >      >     URL in /lwsgs/needadmin/...
>     that cannot
>      >      >             otherwise be
>      >      >              >served.
>      >      >              >> >      >
>      >      >              >> >      >     If you go back and refresh
>     the login
>      >     page,
>      >      >             it now knows
>      >      >              >your
>      >      >              >> >     session is
>      >      >              >> >      >     authenticated and this time
>     shows your
>      >      >             login name
>      >      >              >together
>      >      >              >> >     with a logout
>      >      >              >> >      >     button... this is done in JS
>     clientside
>      >      >             with the tiny
>      >      >              >rewrite
>      >      >              >> of
>      >      >              >> >      >     "$lwsgs_user" in the included
>     lwsgs.js.
>      >      >              >> >      >
>      >      >              >> >      >     The active sessions are stored in
>      >     sqlite3
>      >      >             on the server
>      >      >              >side
>      >      >              >> >     and the
>      >      >              >> >      >     expiry, controlled from the
>     config file,
>      >      >             should be
>      >      >              >respected.
>      >      >              >> >      >
>      >      >              >> >      >     The actual users will also go
>     in a
>      >     table in
>      >      >             sqlite3, but
>      >      >              >> admin's
>      >      >              >> >      >     credentials are set in the config
>      >     outside
>      >      >             of that.
>      >      >              >Those
>      >      >              >> >     users and
>      >      >              >> >      >     registration aren't done yet.
>      >      >              >> >      >
>      >      >              >> >      >      > I'm mainly wondering what
>     people want
>      >      >             from the
>      >      >              >persistent
>      >      >              >> >     user state,
>      >      >              >> >      >      > in my case once authenticated,
>      >     the next
>      >      >             url is an
>      >      >              >html
>      >      >              >> >     page opening a
>      >      >              >> >      >      > ws link that will also get the
>      >     logged-in
>      >      >             session
>      >      >              >cookie.
>      >      >              >> My
>      >      >              >> >      >      > application is static html
>     + js that
>      >      >             dynamically
>      >      >              >> >     configures itself
>      >      >              >> >      >      > around the returned
>     (user-context
>      >     aware)
>      >      >             JSON from
>      >      >              >the ws
>      >      >              >> >     link.
>      >      >              >> >      >      >
>      >      >              >> >      >      > Put another way the
>     application's
>      >     custom
>      >      >             ws protocol
>      >      >              >> >     handler code is
>      >      >              >> >      >      > the guy who actually
>     defines what
>      >      >             different users
>      >      >              >see...
>      >      >              >> >     that pattern
>      >      >              >> >      >      > removes the need for any other
>      >     server-side
>      >      >              >interpreter and
>      >      >              >> >     just
>      >      >              >> >      >      > manifests itself as
>     delivering an
>      >      >             authenticated
>      >      >              >username
>      >      >              >> >     into custom
>      >      >              >> >      >      > ws protocol code you would
>     have
>      >     to write
>      >      >             anyway.
>      >      >              >Other
>      >      >              >> >      >      > presentation-related code that
>      >     needs to
>      >      >             be aware of
>      >      >              >> >     authentication
>      >      >              >> >      >      > state (eg, show login form, or
>      >     "logged
>      >      >             in as xxx" +
>      >      >              >logout
>      >      >              >> >     button)
>      >      >              >> >      >      > moves out of what would
>     have been
>      >     server
>      >      >             scripts and
>      >      >              >into
>      >      >              >> >     js that got
>      >      >              >> >      >      > some rewriting pixie
>     dust.  But I am
>      >      >             curious if that
>      >      >              >> >     pattern is
>      >      >              >> >      >      > enough to solve other peoples'
>      >      >             session-related tasks,
>      >      >              >> >     perhaps with a
>      >      >              >> >      >      > little thought.
>      >      >              >> >      >
>      >      >              >> >      >     Still curious about opinions
>     on this
>      >     (maybe
>      >      >             it's not
>      >      >              >> >     explained clearly
>      >      >              >> >      >     enough yet).
>      >      >              >> >      >
>      >      >              >> >      >     -Andy
>      >      >              >> >      >
>      >      >              >> >      >      > -Andy
>      >      >              >> >      >      >
>      >      >              >> >      >      >> On Mon, 23 May 2016 at 12:44
>      >     Andy Green
>      >      >              ><andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>      >      >              >> >     <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>      >      >              >> >      >     <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >             <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>>>
>      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>      >      >             <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>     <mailto:andy at warmcat.com>>>>>>
>      >      >              >wrote:
>      >      >              >> >      >      >>
>      >      >              >> >      >      >>> Hi -
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> I am partway through
>     making a
>      >     plugin
>      >      >             called
>      >      >              >> >     "generic-sessions",
>      >      >              >> >      >      >> intended
>      >      >              >> >      >      >>> to provide lightweight
>      >     persistent http
>      >      >             sessions
>      >      >              >without a
>      >      >              >> >      >      >>> server-side interpreter.
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> The overall ideas are:
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - random 20-byte session id
>      >     managed in
>      >      >             a cookie
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - all information
>     related to the
>      >      >             session held at
>      >      >              >the
>      >      >              >> server,
>      >      >              >> >      >      >> nothing
>      >      >              >> >      >      >>> managed clientside
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - sqlite3 used at the
>     server to
>      >     manage
>      >      >             active
>      >      >              >sessions
>      >      >              >> >     and users
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - defaults to creating
>     anonymous
>      >      >             sessions with no
>      >      >              >user
>      >      >              >> >      >      >>> associated
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - admin account (with
>      >     user-selectable
>      >      >             username) is
>      >      >              >> >     defined in
>      >      >              >> >      >      >> config
>      >      >              >> >      >      >>> with a SHA-1 of the
>     password;
>      >     rest of
>      >      >             the accounts
>      >      >              >are in
>      >      >              >> >      >      >>> sqlite3
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - login, logout, register
>      >     account + email
>      >      >              >verification
>      >      >              >> >     built-in
>      >      >              >> >      >      >> with
>      >      >              >> >      >      >>> examples
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - in a mount, some file
>      >     suffixes (ie,
>      >      >             .js) can be
>      >      >              >> >     associated with
>      >      >              >> >      >      >>> a protocol for the
>     purposes of
>      >     rewriting
>      >      >              >symbolnames.
>      >      >              >> >     These are
>      >      >              >> >      >      >> read-only
>      >      >              >> >      >      >>> copies of logged-in
>     server state.
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - When your page fetches
>     .js or
>      >     other
>      >      >             rewritten
>      >      >              >files
>      >      >              >> >     from that
>      >      >              >> >      >      >> mount,
>      >      >              >> >      >      >>> "$lwsgs_user" and so on are
>      >     rewritten
>      >      >             on the fly
>      >      >              >using
>      >      >              >> >     chunked
>      >      >              >> >      >      >> transfer
>      >      >              >> >      >      >>> encoding
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - Eliminates server-side
>     scripting
>      >      >             with a few
>      >      >              >rewritten
>      >      >              >> >     symbols
>      >      >              >> >      >      >>> and javascript on client
>     side
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - 32-bit bitfield for
>      >     authentication
>      >      >             sectoring,
>      >      >              >mounts
>      >      >              >> can
>      >      >              >> >      >      >>> provide
>      >      >              >> >      >      >> a
>      >      >              >> >      >      >>> mask on the loggin-in
>     session's
>      >     associated
>      >      >              >server-side
>      >      >              >> >     bitfield
>      >      >              >> >      >      >>> that must be set for access.
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> - No code (just config)
>      >     required for,
>      >      >             eg, private
>      >      >              >URL
>      >      >              >> >     namespace
>      >      >              >> >      >      >> that
>      >      >              >> >      >      >>> requires login to access.
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> Login, logout, cookies,
>      >     rewriting are
>      >      >             already done,
>      >      >              >I am
>      >      >              >> >     curious
>      >      >              >> >      >      >> about
>      >      >              >> >      >      >>> any comments or
>     suggestions to
>      >     make it
>      >      >             more useful
>      >      >              >> >     (especially
>      >      >              >> >      >      >>> if
>      >      >              >> >      >      >> anyone
>      >      >              >> >      >      >>> is motivated to contribute).
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >>> -Andy
>      >      >              >_______________________________________________
>      >      >              >> >      >      >>> Libwebsockets mailing list
>      >      >              >> > Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>
>      >      >              >> >
>       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>      >      >              >> >      >
>      >       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>
>      >      >              >> >
>       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>>>
>      >      >              >> >      >      >>>
>      >      >
>      >http://libwebsockets.org/mailman/listinfo/libwebsockets
>      >      >              >> >      >      >>>
>      >      >              >> >      >      >
>      >      >              >> >      >      >
>      >      >             _______________________________________________
>      >      >              >> >     Libwebsockets mailing
>      >      >              >> >      >      > list
>      > Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>
>      >      >              >> >
>       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>      >      >              >> >      >
>      >       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>
>      >      >              >> >
>       <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>
>      >      >             <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>
>      >     <mailto:Libwebsockets at ml.libwebsockets.org
>     <mailto:Libwebsockets at ml.libwebsockets.org>>>>>
>      >      >              >> >      >      >
>      >      >
>      >http://libwebsockets.org/mailman/listinfo/libwebsockets
>      >      >              >> >      >      >
>      >      >              >> >      >
>      >      >              >> >
>      >      >              >>
>      >      >
>      >
>



More information about the Libwebsockets mailing list