[Libwebsockets] RFC: lightweight sessions

Andy Green andy at warmcat.com
Tue May 24 19:32:08 CEST 2016



On May 25, 2016 1:23:50 AM GMT+08:00, Colin Adams <colinpauladams at gmail.com> wrote:
>I'm still seeing a blank page (from display:none on the divs).

Check your browser js console... when you first saw this it was because the browser looked for /lwsgs.js when it should have looked at /lwsgs/lwsgs.js, and got a 404.  After that it won't be able to process the scripts.

That should be solved by the / at the end of the url.

For reference if I clear the cookie by hand at the browser and then go to http://localhost:7681/lwsgs the log is

lwsws[12811]: failed to get sid from wsi
lwsws[12811]: failed to get sid from wsi
lwsws[12811]: LWS_CALLBACK_ADD_HEADERS: setting cookie 'id=8c0325ae054f18f5eaf8428de75c77d5c9038aee;Expires=2016-05-24 17:45 GMT;path=/;Max-Age=1464111957;HttpOnly'
lwsws[12811]: want /usr/share/libwebsockets-test-server/generic-sessions//lwsgs.js interpreted by protocol-generic-sessions

and I have the login page up (which can login using the default admin credentials).

-Andy

>The log looks innocuous:
>
>wsws[12023]: Set privs to user 'apache'
>lwsws[12023]: failed to get sid from wsi
>lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>'id=da8e98cc0e4b771f77e042121183a3b8f2b0b86d;Expires=2016-05-24 17:41
>GMT;path=/;Max-Age=1464111699;HttpOnly'
>lwsws[12023]: failed to get sid from wsi
>lwsws[12023]: failed to get sid from wsi
>lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>'id=c7762dcda3c39bd0f1c3628b77cf50d61b22bca9;Expires=2016-05-24 17:41
>GMT;path=/;Max-Age=1464111704;HttpOnly'
>lwsws[12023]: failed to get sid from wsi
>lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>'id=2d3a680609d72519c539c7f1822fdf40a7ffd1e3;Expires=2016-05-24 17:43
>GMT;path=/;Max-Age=1464111783;HttpOnly'
>
>
>On Tue, 24 May 2016 at 18:12 Andy Green <andy at warmcat.com> wrote:
>
>>
>>
>> On 05/25/2016 01:04 AM, Colin Adams wrote:
>> > It's the same result, although it takes longer, and the log entries
>are
>> > different:
>> >
>> > wsws[11461]: Set privs to user 'apache'
>> > lwsws[11461]: failed to get sid from wsi
>> > lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> > 'id=3f1d8b0159ffe2c1f1abaf74a2cbbee84f229391;Expires=2016-05-24
>17:23
>> > GMT;path=/;Max-Age=1464110613;HttpOnly'
>> > lwsws[11461]: failed to get sid from wsi
>> > lwsws[11461]: want
>> >
>/usr/local/share/libwebsockets-test-server/generic-sessions//lwsgs.js
>> > interpreted by protocol-generic-sessions
>> > lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> > 'id=abc1299229ef19850166323b1dcd055ecf155d7a;Expires=2016-05-24
>17:23
>> > GMT;path=/;Max-Age=1464110613;HttpOnly'
>> > lwsws[11461]: Used up interpret padding
>> > lwsws[11461]: LWS_CALLBACK_HTTP
>> > lwsws[11461]: failed to get sid from wsi
>> > lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> > 'id=157a2df7dac198c16b3477a5ce494a713d486b7a;Expires=2016-05-24
>17:23
>> > GMT;path=/;Max-Age=1464110613;HttpOnly'
>> > lwsws[11461]: wsi 0x229b8b0: TIMEDOUT WAITING on 10 (did hdr 1, ah
>> > 0x224f3a0, wl 0, pfd events 0)
>> > lwsws[11461]: lws_header_table_detach: wsi 0x229b8b0: ah held 21s,
>> > ah.rxpos 568, ah.rxlen 568, mode/state 2 4,wsi->more_rx_waiting 0
>> > lwsws[11461]: failed to get sid from wsi
>>
>> If you update to master again, the need for / and that problem should
>> both be gone.
>>
>> -Andy
>>
>> >
>> >
>> > On Tue, 24 May 2016 at 17:57 Andy Green <andy at warmcat.com
>> > <mailto:andy at warmcat.com>> wrote:
>> >
>> >
>> >
>> >     On 05/25/2016 12:32 AM, Colin Adams wrote:
>> >      > Oh, sid stands for session-id - I see.
>> >      >
>> >      > I thought I'd changed the /usr/share to /usr/local/share -
>but as
>> you
>> >      > worked out, I hadn't.
>> >      >
>> >      > Now I've fixed that, I see an empty page. Looking at the
>source,
>> >     I see
>> >      > style="display:none" on both the div elements.
>> >
>> >     If you go to
>> >
>> >     http://localhost:7681/lwsgs/
>> >
>> >     (note the final / ) I think you'll be working.
>> >
>> >     -Andy
>> >
>> >      > On Tue, 24 May 2016 at 17:11 Andy Green <andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      > <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>> wrote:
>> >      >
>> >      >
>> >      >
>> >      >     On 05/24/2016 11:52 PM, Colin Adams wrote:
>> >      >      > OK. Getting nearer now.
>> >      >      >
>> >      >      > If I understand the readme correctly, to get a login
>page
>> >     i need to
>> >      >      > point my browser to
>> >      >      >
>> >      >      > http://localhost:7681/lwsgs
>> >      >      >
>> >      >      > If I do that, I get a 404, and the log says:
>> >      >
>> >      >     The canned paths in the readme assume things installed
>in
>> >     /usr/share,
>> >      >     you'll need to slip a '/local' in them if that's where
>they
>> were
>> >      >     installed.
>> >      >
>> >      >      > lwsws[10660]: failed to get sid from wsi
>> >      >
>> >      >     That's ok since no chance to paint the client with a
>cookie
>> the
>> >      >     first time.
>> >      >
>> >      >     -Andy
>> >      >
>> >      >      >
>> >      >      > On Tue, 24 May 2016 at 16:26 Colin Adams
>> >      >     <colinpauladams at gmail.com
><mailto:colinpauladams at gmail.com>
>> >     <mailto:colinpauladams at gmail.com
><mailto:colinpauladams at gmail.com>>
>> >      >      > <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>> wrote:
>> >      >      >
>> >      >      >     Confirmed that it acquired the apache id:
>> >      >      >
>> >      >      >     ps -U root -u apache u | grep lwsws
>> >      >      >     apache   10599  0.0  0.0  70032  6108 ?        Ss
>> >       16:25   0:00
>> >      >      >     /usr/local/bin/lwsws -D
>> >      >      >
>> >      >      >
>> >      >      >     On Tue, 24 May 2016 at 16:16 Colin Adams
>> >      >     <colinpauladams at gmail.com
><mailto:colinpauladams at gmail.com>
>> >     <mailto:colinpauladams at gmail.com
><mailto:colinpauladams at gmail.com>>
>> >      >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>> wrote:
>> >      >      >
>> >      >      >         I'm just calling
>> >      >      >         sudo /usr/local/bin/lwsws
>> >      >      >         so it ought to be running as root
>> >      >      >
>> >      >      >         On Tue, 24 May 2016 at 16:13 Andy Green
>> >     <andy at warmcat.com <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >         <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>> wrote:
>> >      >      >
>> >      >      >
>> >      >      >
>> >      >      >             On May 24, 2016 11:10:32 PM GMT+08:00,
>Colin
>> Adams
>> >      >      >             <colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>
><mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>>
>> >      >      >             wrote:
>> >      >      >              >OK. I've got it installed.
>> >      >      >              >
>> >      >      >              >But when running I get messages:
>> >      >      >              >
>> >      >      >              >lwsws[10192]: Unable to open session db
>> >      >      >             /var/www/sessions/lws.sqlite3:
>> >      >      >              >unable to open database file
>> >      >      >              >
>> >      >      >              >I don't know anything about sqlite3,
>but I'm
>> >     guessing
>> >      >      >             perhaps I need to
>> >      >      >              >define a user name first? Or is there
>> >     something missing
>> >      >      >             from the readme
>> >      >      >              >(I
>> >      >      >              >issued the two commands to create the
>> >     directory and set
>> >      >      >             the owner to
>> >      >      >              >root.apache).
>> >      >      >
>> >      >      >             Are you starting it as root?  Otherwise
>it
>> doesn't
>> >      >     have the
>> >      >      >             rights to change to run under apache uid.
>> >      >      >
>> >      >      >             -Andy
>> >      >      >
>> >      >      >              >On Tue, 24 May 2016 at 15:38 Andy Green
>> >      >     <andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >             <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>>>>
>> >      >     wrote:
>> >      >      >              >
>> >      >      >              >>
>> >      >      >              >>
>> >      >      >              >> On 05/24/2016 09:06 PM, Colin Adams
>wrote:
>> >      >      >              >> > I did:
>> >      >      >              >> > git pull
>> >      >      >              >> > cd build
>> >      >      >              >> > make
>> >      >      >              >> > sudo make install
>> >      >      >              >> >
>> >      >      >              >> > and got:
>> >      >      >              >> > CMake Error at
>cmake_install.cmake:427
>> >     (file):
>> >      >      >              >> > file INSTALL cannot find
>> >      >      >             
>>"/home/colin/libwebsockets/plugins/lwsgs.js".
>> >      >      >              >> >
>> >      >      >              >> > I had previously done:
>> >      >      >              >> >
>> >      >      >              >> > cmake -D LWS_WITHOUT_DAEMONIZE=OFF
>-D
>> >      >     LWS_WITH_PLUGINS=ON
>> >      >      >              >> > -DLWS_WITH_LWSWS=1 ..
>> >      >      >              >> >
>> >      >      >              >> > so is there anything else I should
>have
>> >     done?
>> >      >      >              >>
>> >      >      >              >> No it's my fault, I missed it from
>git
>> >     add.  Please
>> >      >      >             fetch (not pull)
>> >      >      >              >> master again.
>> >      >      >              >>
>> >      >      >              >> Because master doesn't have a
>history, you
>> >     need
>> >      >     to track
>> >      >      >             it like
>> >      >      >              >this,
>> >      >      >              >> assuming you have no local patches
>> >      >      >              >>
>> >      >      >              >> $ git fetch
>> >      > https://github.com/warmcat/libwebsockets.git
>> >      >      >             +master:m &&
>> >      >      >              >> git reset --hard m
>> >      >      >              >>
>> >      >      >              >> -Andy
>> >      >      >              >>
>> >      >      >              >> >
>> >      >      >              >> > On Tue, 24 May 2016 at 11:26 Andy
>Green
>> >      >      >             <andy at warmcat.com
><mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>> >      >      >              >> > <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>
>> >      >      >             wrote:
>> >      >      >              >> >
>> >      >      >              >> >
>> >      >      >              >> >
>> >      >      >              >> >     On 05/24/2016 06:15 PM, Colin
>Adams
>> >     wrote:
>> >      >      >              >> >      > My opinion is that I
>personally
>> >     will not
>> >      >     need
>> >      >      >             anything
>> >      >      >              >beyond
>> >      >      >              >> >     what you
>> >      >      >              >> >      > have already described (but
>I am
>> >      >     assuming that
>> >      >      >             the email
>> >      >      >              >address
>> >      >      >              >> that
>> >      >      >              >> >      > the user used for
>registration is
>> >      >     available in
>> >      >      >             the DB. And
>> >      >      >              >maybe
>> >      >      >              >> that
>> >      >      >              >> >      > assumption is wrong).
>> >      >      >              >> >
>> >      >      >              >> >     It will be... you can see the
>schema
>> >     here
>> >      >      >              >> >
>> >      >      >              >> >
>> >      >      >              >>
>> >      >      >
>> >      >
>> >      >
>>
>https://github.com/warmcat/libwebsockets/blob/master/plugins/protocol_generic_sessions.c#L522
>> >      >      >              >> >
>> >      >      >              >> >     but the register / email part
>is not
>> >     wired
>> >      >     up yet.
>> >      >      >              >> >
>> >      >      >              >> >     Currently I am imagining this
>> >      >     "generic-sessions"
>> >      >      >             plugin only
>> >      >      >              >deals
>> >      >      >              >> with
>> >      >      >              >> >     authentication of a username. 
>That
>> >     includes
>> >      >      >             registration,
>> >      >      >              >email
>> >      >      >              >> >     confirmation, "forgot
>password",
>> >     eventually
>> >      >     admin
>> >      >      >             maintenance
>> >      >      >              >pages,
>> >      >      >              >> >     managing the sesion database
>and so
>> >     on, but
>> >      >     NO other
>> >      >      >              >information
>> >      >      >              >> except
>> >      >      >              >> >     the client has a cookie
>> >     authenticated for a
>> >      >     given
>> >      >      >             username (or
>> >      >      >              >no
>> >      >      >              >> >     username if not logged in).
>> >      >      >              >> >
>> >      >      >              >> >     So the api to this in your ws
>> >     protocol handler
>> >      >      >             would only be
>> >      >      >              >"what's
>> >      >      >              >> my
>> >      >      >              >> >     username".  If it gives you a
>> >     username, you
>> >      >     know
>> >      >      >             it has been
>> >      >      >              >> >     authenticated.  You can also
>> segregate
>> >      >     access to
>> >      >      >             mounts by if
>> >      >      >              >you're
>> >      >      >              >> >     logged in, or logged in as
>admin, but
>> >      >     that's it.
>> >      >      >              >> >
>> >      >      >              >> >     Storing stuff that your
>protocol
>> handler
>> >      >     deals in
>> >      >      >             for that
>> >      >      >              >user, eg,
>> >      >      >              >> >     using the username as the db
>key, is
>> >      >     completely a
>> >      >      >             separate
>> >      >      >              >issue
>> >      >      >              >> private
>> >      >      >              >> >     to your protocol handler.  It
>would,
>> eg,
>> >      >     use its
>> >      >      >             own sqlite3
>> >      >      >              >database
>> >      >      >              >> >     for it if that's what he wanted
>to
>> do.
>> >      >      >              >> >
>> >      >      >              >> >     -Andy
>> >      >      >              >> >
>> >      >      >              >> >
>> >      >      >              >> >      > On Tue, 24 May 2016 at 11:11
>Andy
>> >     Green
>> >      >      >             <andy at warmcat.com
><mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>> >      >      >              >> >     <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>> >      >      >              >> >      > <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >             <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>>>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >             <mailto:andy at warmcat.com <mailto:
>> andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>>
>> wrote:
>> >      >      >              >> >      >
>> >      >      >              >> >      >
>> >      >      >              >> >      >
>> >      >      >              >> >      >     On 05/23/2016 11:37 PM,
>Andy
>> >     Green
>> >      >     wrote:
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      > On May 23, 2016
>9:14:57 PM
>> >     GMT+08:00,
>> >      >      >             Colin Adams
>> >      >      >              >> >      >      >
><colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>
>> >      >      >             <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>
>> >      >      >              >> >    
><mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>
>> >      >      >             <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>>
>> >      >      >              ><mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>
>> >      >      >             <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>
>> >      >      >              >> >    
><mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>
>> >      >      >             <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>
>> >      >     <mailto:colinpauladams at gmail.com
>> >     <mailto:colinpauladams at gmail.com>>>>>> wrote:
>> >      >      >              >> >      >      >> This sounds like
>> >     something that
>> >      >     I was
>> >      >      >             going to have
>> >      >      >              >to
>> >      >      >              >> >     write myself
>> >      >      >              >> >      >      >> for my application
>(a game
>> >      >     server). I
>> >      >      >             can't think
>> >      >      >              >offhand
>> >      >      >              >> >     of any
>> >      >      >              >> >      >      >> further
>improvements, but
>> I
>> >      >     might find
>> >      >      >             something
>> >      >      >              >when I
>> >      >      >              >> >     try it
>> >      >      >              >> >      >      >> out. My C skills are
>17
>> >     years rusty
>> >      >      >             (apart from
>> >      >      >              >fragments
>> >      >      >              >> >     involved
>> >      >      >              >> >      >      >> in writing language
>> >     bindings),
>> >      >     but I'm
>> >      >      >             sure I can
>> >      >      >              >polish
>> >      >      >              >> >     them up if
>> >      >      >              >> >      >      >> I find any
>enhancements
>> >     needed.
>> >      >     Is this
>> >      >      >             in master
>> >      >      >              >now?
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      > No, it's very much a
>WIP.
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      > But today it's
>working for
>> >     admin
>> >      >     login /
>> >      >      >             logout, the
>> >      >      >              >> cookies,
>> >      >      >              >> >      >      > persistent session
>db,
>> >     rewriting r/o
>> >      >      >             copies of the
>> >      >      >              >state
>> >      >      >              >> >     into js vars
>> >      >      >              >> >      >      > (so the example login
>page
>> >     js can
>> >      >     change
>> >      >      >             to a logout
>> >      >      >              >form
>> >      >      >              >> >      >      > appropriately), and
>all
>> >      >     customization in
>> >      >      >             the lwsws
>> >      >      >              >JSON
>> >      >      >              >> >     and login
>> >      >      >              >> >      >      > html (there are
>hidden
>> >     form elements
>> >      >      >             that control the
>> >      >      >              >next
>> >      >      >              >> url
>> >      >      >              >> >      >      > depending on how the
>login
>> /
>> >      >     logout went).
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      > I'll tidy it up and
>add
>> >     some docs
>> >      >      >             tomorrow, and check
>> >      >      >              >if
>> >      >      >              >> >     it broke
>> >      >      >              >> >      >      > anything else, but
>you can
>> see
>> >      >     it's only
>> >      >      >             usable for
>> >      >      >              >> >     development
>> >      >      >              >> >      >      > today.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     I pushed what there is
>of
>> >     it... for now
>> >      >      >             it's enabled in
>> >      >      >              >cmake
>> >      >      >              >> >     with
>> >      >      >              >> >      >     LWS_WITH_LWSWS.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     See
>> >      >      >              >> >      >
>> >      >      >              >> >      >
>> >      >      >              >> >
>> >      >      >              >>
>> >      >      >
>> >      >
>> >      >
>>
>https://github.com/warmcat/libwebsockets/blob/master/README.generic-sessions.md
>> >      >      >              >> >      >
>> >      >      >              >> >      >     You can add the mounts
>> >     mentioned in
>> >      >     there
>> >      >      >             and the
>> >      >      >              >protocol
>> >      >      >              >> >     import part
>> >      >      >              >> >      >     to the existing lwsws
>example
>> >     config.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     The admin account and
>> >     password in the
>> >      >      >             protocol config
>> >      >      >              >part is
>> >      >      >              >> >     admin /
>> >      >      >              >> >      >     jipdocesExunt
>> >      >      >              >> >      >
>> >      >      >              >> >      >     If you navigate to
>> >      >      > http://localhost:7681/lwsgs you
>> >      >      >              >should see
>> >      >      >              >> >     a login
>> >      >      >              >> >      >     form that you can login
>with
>> >     those
>> >      >      >             credentials, which
>> >      >      >              >will
>> >      >      >              >> >     take you to a
>> >      >      >              >> >      >     URL in
>/lwsgs/needadmin/...
>> >     that cannot
>> >      >      >             otherwise be
>> >      >      >              >served.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     If you go back and
>refresh
>> >     the login
>> >      >     page,
>> >      >      >             it now knows
>> >      >      >              >your
>> >      >      >              >> >     session is
>> >      >      >              >> >      >     authenticated and this
>time
>> >     shows your
>> >      >      >             login name
>> >      >      >              >together
>> >      >      >              >> >     with a logout
>> >      >      >              >> >      >     button... this is done
>in JS
>> >     clientside
>> >      >      >             with the tiny
>> >      >      >              >rewrite
>> >      >      >              >> of
>> >      >      >              >> >      >     "$lwsgs_user" in the
>included
>> >     lwsgs.js.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     The active sessions are
>> stored in
>> >      >     sqlite3
>> >      >      >             on the server
>> >      >      >              >side
>> >      >      >              >> >     and the
>> >      >      >              >> >      >     expiry, controlled from
>the
>> >     config file,
>> >      >      >             should be
>> >      >      >              >respected.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     The actual users will
>also go
>> >     in a
>> >      >     table in
>> >      >      >             sqlite3, but
>> >      >      >              >> admin's
>> >      >      >              >> >      >     credentials are set in
>the
>> config
>> >      >     outside
>> >      >      >             of that.
>> >      >      >              >Those
>> >      >      >              >> >     users and
>> >      >      >              >> >      >     registration aren't done
>yet.
>> >      >      >              >> >      >
>> >      >      >              >> >      >      > I'm mainly wondering
>what
>> >     people want
>> >      >      >             from the
>> >      >      >              >persistent
>> >      >      >              >> >     user state,
>> >      >      >              >> >      >      > in my case once
>> authenticated,
>> >      >     the next
>> >      >      >             url is an
>> >      >      >              >html
>> >      >      >              >> >     page opening a
>> >      >      >              >> >      >      > ws link that will
>also get
>> the
>> >      >     logged-in
>> >      >      >             session
>> >      >      >              >cookie.
>> >      >      >              >> My
>> >      >      >              >> >      >      > application is static
>html
>> >     + js that
>> >      >      >             dynamically
>> >      >      >              >> >     configures itself
>> >      >      >              >> >      >      > around the returned
>> >     (user-context
>> >      >     aware)
>> >      >      >             JSON from
>> >      >      >              >the ws
>> >      >      >              >> >     link.
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      > Put another way the
>> >     application's
>> >      >     custom
>> >      >      >             ws protocol
>> >      >      >              >> >     handler code is
>> >      >      >              >> >      >      > the guy who actually
>> >     defines what
>> >      >      >             different users
>> >      >      >              >see...
>> >      >      >              >> >     that pattern
>> >      >      >              >> >      >      > removes the need for
>any
>> other
>> >      >     server-side
>> >      >      >              >interpreter and
>> >      >      >              >> >     just
>> >      >      >              >> >      >      > manifests itself as
>> >     delivering an
>> >      >      >             authenticated
>> >      >      >              >username
>> >      >      >              >> >     into custom
>> >      >      >              >> >      >      > ws protocol code you
>would
>> >     have
>> >      >     to write
>> >      >      >             anyway.
>> >      >      >              >Other
>> >      >      >              >> >      >      > presentation-related
>code
>> that
>> >      >     needs to
>> >      >      >             be aware of
>> >      >      >              >> >     authentication
>> >      >      >              >> >      >      > state (eg, show login
>> form, or
>> >      >     "logged
>> >      >      >             in as xxx" +
>> >      >      >              >logout
>> >      >      >              >> >     button)
>> >      >      >              >> >      >      > moves out of what
>would
>> >     have been
>> >      >     server
>> >      >      >             scripts and
>> >      >      >              >into
>> >      >      >              >> >     js that got
>> >      >      >              >> >      >      > some rewriting pixie
>> >     dust.  But I am
>> >      >      >             curious if that
>> >      >      >              >> >     pattern is
>> >      >      >              >> >      >      > enough to solve other
>> peoples'
>> >      >      >             session-related tasks,
>> >      >      >              >> >     perhaps with a
>> >      >      >              >> >      >      > little thought.
>> >      >      >              >> >      >
>> >      >      >              >> >      >     Still curious about
>opinions
>> >     on this
>> >      >     (maybe
>> >      >      >             it's not
>> >      >      >              >> >     explained clearly
>> >      >      >              >> >      >     enough yet).
>> >      >      >              >> >      >
>> >      >      >              >> >      >     -Andy
>> >      >      >              >> >      >
>> >      >      >              >> >      >      > -Andy
>> >      >      >              >> >      >      >
>> >      >      >              >> >      >      >> On Mon, 23 May 2016
>at
>> 12:44
>> >      >     Andy Green
>> >      >      >              ><andy at warmcat.com
><mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>> >      >      >              >> >     <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>> >      >      >              >> >      >     <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >             <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>>>
>> >      >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>> >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>> >      >      >             <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>> >     <mailto:andy at warmcat.com>>>>>>
>> >      >      >              >wrote:
>> >      >      >              >> >      >      >>
>> >      >      >              >> >      >      >>> Hi -
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> I am partway
>through
>> >     making a
>> >      >     plugin
>> >      >      >             called
>> >      >      >              >> >     "generic-sessions",
>> >      >      >              >> >      >      >> intended
>> >      >      >              >> >      >      >>> to provide
>lightweight
>> >      >     persistent http
>> >      >      >             sessions
>> >      >      >              >without a
>> >      >      >              >> >      >      >>> server-side
>interpreter.
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> The overall ideas
>are:
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - random 20-byte
>session
>> id
>> >      >     managed in
>> >      >      >             a cookie
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - all information
>> >     related to the
>> >      >      >             session held at
>> >      >      >              >the
>> >      >      >              >> server,
>> >      >      >              >> >      >      >> nothing
>> >      >      >              >> >      >      >>> managed clientside
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - sqlite3 used at
>the
>> >     server to
>> >      >     manage
>> >      >      >             active
>> >      >      >              >sessions
>> >      >      >              >> >     and users
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - defaults to
>creating
>> >     anonymous
>> >      >      >             sessions with no
>> >      >      >              >user
>> >      >      >              >> >      >      >>> associated
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - admin account
>(with
>> >      >     user-selectable
>> >      >      >             username) is
>> >      >      >              >> >     defined in
>> >      >      >              >> >      >      >> config
>> >      >      >              >> >      >      >>> with a SHA-1 of the
>> >     password;
>> >      >     rest of
>> >      >      >             the accounts
>> >      >      >              >are in
>> >      >      >              >> >      >      >>> sqlite3
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - login, logout,
>register
>> >      >     account + email
>> >      >      >              >verification
>> >      >      >              >> >     built-in
>> >      >      >              >> >      >      >> with
>> >      >      >              >> >      >      >>> examples
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - in a mount, some
>file
>> >      >     suffixes (ie,
>> >      >      >             .js) can be
>> >      >      >              >> >     associated with
>> >      >      >              >> >      >      >>> a protocol for the
>> >     purposes of
>> >      >     rewriting
>> >      >      >              >symbolnames.
>> >      >      >              >> >     These are
>> >      >      >              >> >      >      >> read-only
>> >      >      >              >> >      >      >>> copies of logged-in
>> >     server state.
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - When your page
>fetches
>> >     .js or
>> >      >     other
>> >      >      >             rewritten
>> >      >      >              >files
>> >      >      >              >> >     from that
>> >      >      >              >> >      >      >> mount,
>> >      >      >              >> >      >      >>> "$lwsgs_user" and
>so on
>> are
>> >      >     rewritten
>> >      >      >             on the fly
>> >      >      >              >using
>> >      >      >              >> >     chunked
>> >      >      >              >> >      >      >> transfer
>> >      >      >              >> >      >      >>> encoding
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - Eliminates
>server-side
>> >     scripting
>> >      >      >             with a few
>> >      >      >              >rewritten
>> >      >      >              >> >     symbols
>> >      >      >              >> >      >      >>> and javascript on
>client
>> >     side
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - 32-bit bitfield
>for
>> >      >     authentication
>> >      >      >             sectoring,
>> >      >      >              >mounts
>> >      >      >              >> can
>> >      >      >              >> >      >      >>> provide
>> >      >      >              >> >      >      >> a
>> >      >      >              >> >      >      >>> mask on the
>loggin-in
>> >     session's
>> >      >     associated
>> >      >      >              >server-side
>> >      >      >              >> >     bitfield
>> >      >      >              >> >      >      >>> that must be set
>for
>> access.
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> - No code (just
>config)
>> >      >     required for,
>> >      >      >             eg, private
>> >      >      >              >URL
>> >      >      >              >> >     namespace
>> >      >      >              >> >      >      >> that
>> >      >      >              >> >      >      >>> requires login to
>access.
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> Login, logout,
>cookies,
>> >      >     rewriting are
>> >      >      >             already done,
>> >      >      >              >I am
>> >      >      >              >> >     curious
>> >      >      >              >> >      >      >> about
>> >      >      >              >> >      >      >>> any comments or
>> >     suggestions to
>> >      >     make it
>> >      >      >             more useful
>> >      >      >              >> >     (especially
>> >      >      >              >> >      >      >>> if
>> >      >      >              >> >      >      >> anyone
>> >      >      >              >> >      >      >>> is motivated to
>> contribute).
>> >      >      >              >> >      >      >>>
>> >      >      >              >> >      >      >>> -Andy
>> >      >      >
>> >_______________________________________________
>> >      >      >              >> >      >      >>> Libwebsockets
>mailing
>> list
>> >      >      >              >> > Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>
>> >      >     <mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>>
>> >      >      >            
><mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>
>> >      >     <mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>>>
>> >      >      >              >> >
>> >       <mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>
>> >      >     <mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>>
>> >      >      >            
><mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>
>> >      >     <mailto:Libwebsockets at ml.libwebsockets.org
>> >     <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>> >      >      >              >> >      >
>> >      >       <mailto:<




More information about the Libwebsockets mailing list