[Libwebsockets] RFC: lightweight sessions

Andy Green andy at warmcat.com
Tue May 24 19:38:37 CEST 2016



On 05/25/2016 01:32 AM, Andy Green wrote:
>
>
> On May 25, 2016 1:23:50 AM GMT+08:00, Colin Adams <colinpauladams at gmail.com> wrote:
>> I'm still seeing a blank page (from display:none on the divs).
>
> Check your browser js console... when you first saw this it was because the browser looked for /lwsgs.js when it should have looked at /lwsgs/lwsgs.js, and got a 404.  After that it won't be able to process the scripts.
>
> That should be solved by the / at the end of the url.
>
> For reference if I clear the cookie by hand at the browser and then go to http://localhost:7681/lwsgs the log is
>
> lwsws[12811]: failed to get sid from wsi
> lwsws[12811]: failed to get sid from wsi
> lwsws[12811]: LWS_CALLBACK_ADD_HEADERS: setting cookie 'id=8c0325ae054f18f5eaf8428de75c77d5c9038aee;Expires=2016-05-24 17:45 GMT;path=/;Max-Age=1464111957;HttpOnly'
> lwsws[12811]: want /usr/share/libwebsockets-test-server/generic-sessions//lwsgs.js interpreted by protocol-generic-sessions
>
> and I have the login page up (which can login using the default admin credentials).

Sorry one more update on master that might be related.

-Andy

> -Andy
>
>> The log looks innocuous:
>>
>> wsws[12023]: Set privs to user 'apache'
>> lwsws[12023]: failed to get sid from wsi
>> lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> 'id=da8e98cc0e4b771f77e042121183a3b8f2b0b86d;Expires=2016-05-24 17:41
>> GMT;path=/;Max-Age=1464111699;HttpOnly'
>> lwsws[12023]: failed to get sid from wsi
>> lwsws[12023]: failed to get sid from wsi
>> lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> 'id=c7762dcda3c39bd0f1c3628b77cf50d61b22bca9;Expires=2016-05-24 17:41
>> GMT;path=/;Max-Age=1464111704;HttpOnly'
>> lwsws[12023]: failed to get sid from wsi
>> lwsws[12023]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>> 'id=2d3a680609d72519c539c7f1822fdf40a7ffd1e3;Expires=2016-05-24 17:43
>> GMT;path=/;Max-Age=1464111783;HttpOnly'
>>
>>
>> On Tue, 24 May 2016 at 18:12 Andy Green <andy at warmcat.com> wrote:
>>
>>>
>>>
>>> On 05/25/2016 01:04 AM, Colin Adams wrote:
>>>> It's the same result, although it takes longer, and the log entries
>> are
>>>> different:
>>>>
>>>> wsws[11461]: Set privs to user 'apache'
>>>> lwsws[11461]: failed to get sid from wsi
>>>> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>>>> 'id=3f1d8b0159ffe2c1f1abaf74a2cbbee84f229391;Expires=2016-05-24
>> 17:23
>>>> GMT;path=/;Max-Age=1464110613;HttpOnly'
>>>> lwsws[11461]: failed to get sid from wsi
>>>> lwsws[11461]: want
>>>>
>> /usr/local/share/libwebsockets-test-server/generic-sessions//lwsgs.js
>>>> interpreted by protocol-generic-sessions
>>>> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>>>> 'id=abc1299229ef19850166323b1dcd055ecf155d7a;Expires=2016-05-24
>> 17:23
>>>> GMT;path=/;Max-Age=1464110613;HttpOnly'
>>>> lwsws[11461]: Used up interpret padding
>>>> lwsws[11461]: LWS_CALLBACK_HTTP
>>>> lwsws[11461]: failed to get sid from wsi
>>>> lwsws[11461]: LWS_CALLBACK_ADD_HEADERS: setting cookie
>>>> 'id=157a2df7dac198c16b3477a5ce494a713d486b7a;Expires=2016-05-24
>> 17:23
>>>> GMT;path=/;Max-Age=1464110613;HttpOnly'
>>>> lwsws[11461]: wsi 0x229b8b0: TIMEDOUT WAITING on 10 (did hdr 1, ah
>>>> 0x224f3a0, wl 0, pfd events 0)
>>>> lwsws[11461]: lws_header_table_detach: wsi 0x229b8b0: ah held 21s,
>>>> ah.rxpos 568, ah.rxlen 568, mode/state 2 4,wsi->more_rx_waiting 0
>>>> lwsws[11461]: failed to get sid from wsi
>>>
>>> If you update to master again, the need for / and that problem should
>>> both be gone.
>>>
>>> -Andy
>>>
>>>>
>>>>
>>>> On Tue, 24 May 2016 at 17:57 Andy Green <andy at warmcat.com
>>>> <mailto:andy at warmcat.com>> wrote:
>>>>
>>>>
>>>>
>>>>      On 05/25/2016 12:32 AM, Colin Adams wrote:
>>>>       > Oh, sid stands for session-id - I see.
>>>>       >
>>>>       > I thought I'd changed the /usr/share to /usr/local/share -
>> but as
>>> you
>>>>       > worked out, I hadn't.
>>>>       >
>>>>       > Now I've fixed that, I see an empty page. Looking at the
>> source,
>>>>      I see
>>>>       > style="display:none" on both the div elements.
>>>>
>>>>      If you go to
>>>>
>>>>      http://localhost:7681/lwsgs/
>>>>
>>>>      (note the final / ) I think you'll be working.
>>>>
>>>>      -Andy
>>>>
>>>>       > On Tue, 24 May 2016 at 17:11 Andy Green <andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       > <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>> wrote:
>>>>       >
>>>>       >
>>>>       >
>>>>       >     On 05/24/2016 11:52 PM, Colin Adams wrote:
>>>>       >      > OK. Getting nearer now.
>>>>       >      >
>>>>       >      > If I understand the readme correctly, to get a login
>> page
>>>>      i need to
>>>>       >      > point my browser to
>>>>       >      >
>>>>       >      > http://localhost:7681/lwsgs
>>>>       >      >
>>>>       >      > If I do that, I get a 404, and the log says:
>>>>       >
>>>>       >     The canned paths in the readme assume things installed
>> in
>>>>      /usr/share,
>>>>       >     you'll need to slip a '/local' in them if that's where
>> they
>>> were
>>>>       >     installed.
>>>>       >
>>>>       >      > lwsws[10660]: failed to get sid from wsi
>>>>       >
>>>>       >     That's ok since no chance to paint the client with a
>> cookie
>>> the
>>>>       >     first time.
>>>>       >
>>>>       >     -Andy
>>>>       >
>>>>       >      >
>>>>       >      > On Tue, 24 May 2016 at 16:26 Colin Adams
>>>>       >     <colinpauladams at gmail.com
>> <mailto:colinpauladams at gmail.com>
>>>>      <mailto:colinpauladams at gmail.com
>> <mailto:colinpauladams at gmail.com>>
>>>>       >      > <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>> wrote:
>>>>       >      >
>>>>       >      >     Confirmed that it acquired the apache id:
>>>>       >      >
>>>>       >      >     ps -U root -u apache u | grep lwsws
>>>>       >      >     apache   10599  0.0  0.0  70032  6108 ?        Ss
>>>>        16:25   0:00
>>>>       >      >     /usr/local/bin/lwsws -D
>>>>       >      >
>>>>       >      >
>>>>       >      >     On Tue, 24 May 2016 at 16:16 Colin Adams
>>>>       >     <colinpauladams at gmail.com
>> <mailto:colinpauladams at gmail.com>
>>>>      <mailto:colinpauladams at gmail.com
>> <mailto:colinpauladams at gmail.com>>
>>>>       >      >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>> wrote:
>>>>       >      >
>>>>       >      >         I'm just calling
>>>>       >      >         sudo /usr/local/bin/lwsws
>>>>       >      >         so it ought to be running as root
>>>>       >      >
>>>>       >      >         On Tue, 24 May 2016 at 16:13 Andy Green
>>>>      <andy at warmcat.com <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >         <mailto:andy at warmcat.com
>> <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>> wrote:
>>>>       >      >
>>>>       >      >
>>>>       >      >
>>>>       >      >             On May 24, 2016 11:10:32 PM GMT+08:00,
>> Colin
>>> Adams
>>>>       >      >             <colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>
>> <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>>
>>>>       >      >             wrote:
>>>>       >      >              >OK. I've got it installed.
>>>>       >      >              >
>>>>       >      >              >But when running I get messages:
>>>>       >      >              >
>>>>       >      >              >lwsws[10192]: Unable to open session db
>>>>       >      >             /var/www/sessions/lws.sqlite3:
>>>>       >      >              >unable to open database file
>>>>       >      >              >
>>>>       >      >              >I don't know anything about sqlite3,
>> but I'm
>>>>      guessing
>>>>       >      >             perhaps I need to
>>>>       >      >              >define a user name first? Or is there
>>>>      something missing
>>>>       >      >             from the readme
>>>>       >      >              >(I
>>>>       >      >              >issued the two commands to create the
>>>>      directory and set
>>>>       >      >             the owner to
>>>>       >      >              >root.apache).
>>>>       >      >
>>>>       >      >             Are you starting it as root?  Otherwise
>> it
>>> doesn't
>>>>       >     have the
>>>>       >      >             rights to change to run under apache uid.
>>>>       >      >
>>>>       >      >             -Andy
>>>>       >      >
>>>>       >      >              >On Tue, 24 May 2016 at 15:38 Andy Green
>>>>       >     <andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >             <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>>>>
>>>>       >     wrote:
>>>>       >      >              >
>>>>       >      >              >>
>>>>       >      >              >>
>>>>       >      >              >> On 05/24/2016 09:06 PM, Colin Adams
>> wrote:
>>>>       >      >              >> > I did:
>>>>       >      >              >> > git pull
>>>>       >      >              >> > cd build
>>>>       >      >              >> > make
>>>>       >      >              >> > sudo make install
>>>>       >      >              >> >
>>>>       >      >              >> > and got:
>>>>       >      >              >> > CMake Error at
>> cmake_install.cmake:427
>>>>      (file):
>>>>       >      >              >> > file INSTALL cannot find
>>>>       >      >
>>> "/home/colin/libwebsockets/plugins/lwsgs.js".
>>>>       >      >              >> >
>>>>       >      >              >> > I had previously done:
>>>>       >      >              >> >
>>>>       >      >              >> > cmake -D LWS_WITHOUT_DAEMONIZE=OFF
>> -D
>>>>       >     LWS_WITH_PLUGINS=ON
>>>>       >      >              >> > -DLWS_WITH_LWSWS=1 ..
>>>>       >      >              >> >
>>>>       >      >              >> > so is there anything else I should
>> have
>>>>      done?
>>>>       >      >              >>
>>>>       >      >              >> No it's my fault, I missed it from
>> git
>>>>      add.  Please
>>>>       >      >             fetch (not pull)
>>>>       >      >              >> master again.
>>>>       >      >              >>
>>>>       >      >              >> Because master doesn't have a
>> history, you
>>>>      need
>>>>       >     to track
>>>>       >      >             it like
>>>>       >      >              >this,
>>>>       >      >              >> assuming you have no local patches
>>>>       >      >              >>
>>>>       >      >              >> $ git fetch
>>>>       > https://github.com/warmcat/libwebsockets.git
>>>>       >      >             +master:m &&
>>>>       >      >              >> git reset --hard m
>>>>       >      >              >>
>>>>       >      >              >> -Andy
>>>>       >      >              >>
>>>>       >      >              >> >
>>>>       >      >              >> > On Tue, 24 May 2016 at 11:26 Andy
>> Green
>>>>       >      >             <andy at warmcat.com
>> <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>>>       >      >              >> > <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>
>>>>       >      >             wrote:
>>>>       >      >              >> >
>>>>       >      >              >> >
>>>>       >      >              >> >
>>>>       >      >              >> >     On 05/24/2016 06:15 PM, Colin
>> Adams
>>>>      wrote:
>>>>       >      >              >> >      > My opinion is that I
>> personally
>>>>      will not
>>>>       >     need
>>>>       >      >             anything
>>>>       >      >              >beyond
>>>>       >      >              >> >     what you
>>>>       >      >              >> >      > have already described (but
>> I am
>>>>       >     assuming that
>>>>       >      >             the email
>>>>       >      >              >address
>>>>       >      >              >> that
>>>>       >      >              >> >      > the user used for
>> registration is
>>>>       >     available in
>>>>       >      >             the DB. And
>>>>       >      >              >maybe
>>>>       >      >              >> that
>>>>       >      >              >> >      > assumption is wrong).
>>>>       >      >              >> >
>>>>       >      >              >> >     It will be... you can see the
>> schema
>>>>      here
>>>>       >      >              >> >
>>>>       >      >              >> >
>>>>       >      >              >>
>>>>       >      >
>>>>       >
>>>>       >
>>>
>> https://github.com/warmcat/libwebsockets/blob/master/plugins/protocol_generic_sessions.c#L522
>>>>       >      >              >> >
>>>>       >      >              >> >     but the register / email part
>> is not
>>>>      wired
>>>>       >     up yet.
>>>>       >      >              >> >
>>>>       >      >              >> >     Currently I am imagining this
>>>>       >     "generic-sessions"
>>>>       >      >             plugin only
>>>>       >      >              >deals
>>>>       >      >              >> with
>>>>       >      >              >> >     authentication of a username.
>> That
>>>>      includes
>>>>       >      >             registration,
>>>>       >      >              >email
>>>>       >      >              >> >     confirmation, "forgot
>> password",
>>>>      eventually
>>>>       >     admin
>>>>       >      >             maintenance
>>>>       >      >              >pages,
>>>>       >      >              >> >     managing the sesion database
>> and so
>>>>      on, but
>>>>       >     NO other
>>>>       >      >              >information
>>>>       >      >              >> except
>>>>       >      >              >> >     the client has a cookie
>>>>      authenticated for a
>>>>       >     given
>>>>       >      >             username (or
>>>>       >      >              >no
>>>>       >      >              >> >     username if not logged in).
>>>>       >      >              >> >
>>>>       >      >              >> >     So the api to this in your ws
>>>>      protocol handler
>>>>       >      >             would only be
>>>>       >      >              >"what's
>>>>       >      >              >> my
>>>>       >      >              >> >     username".  If it gives you a
>>>>      username, you
>>>>       >     know
>>>>       >      >             it has been
>>>>       >      >              >> >     authenticated.  You can also
>>> segregate
>>>>       >     access to
>>>>       >      >             mounts by if
>>>>       >      >              >you're
>>>>       >      >              >> >     logged in, or logged in as
>> admin, but
>>>>       >     that's it.
>>>>       >      >              >> >
>>>>       >      >              >> >     Storing stuff that your
>> protocol
>>> handler
>>>>       >     deals in
>>>>       >      >             for that
>>>>       >      >              >user, eg,
>>>>       >      >              >> >     using the username as the db
>> key, is
>>>>       >     completely a
>>>>       >      >             separate
>>>>       >      >              >issue
>>>>       >      >              >> private
>>>>       >      >              >> >     to your protocol handler.  It
>> would,
>>> eg,
>>>>       >     use its
>>>>       >      >             own sqlite3
>>>>       >      >              >database
>>>>       >      >              >> >     for it if that's what he wanted
>> to
>>> do.
>>>>       >      >              >> >
>>>>       >      >              >> >     -Andy
>>>>       >      >              >> >
>>>>       >      >              >> >
>>>>       >      >              >> >      > On Tue, 24 May 2016 at 11:11
>> Andy
>>>>      Green
>>>>       >      >             <andy at warmcat.com
>> <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>>>       >      >              >> >     <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>>>>       >      >              >> >      > <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >             <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>>>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >             <mailto:andy at warmcat.com <mailto:
>>> andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>>
>>> wrote:
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     On 05/23/2016 11:37 PM,
>> Andy
>>>>      Green
>>>>       >     wrote:
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      > On May 23, 2016
>> 9:14:57 PM
>>>>      GMT+08:00,
>>>>       >      >             Colin Adams
>>>>       >      >              >> >      >      >
>> <colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>
>>>>       >      >             <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>
>>>>       >      >              >> >
>> <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>
>>>>       >      >             <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>>
>>>>       >      >              ><mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>
>>>>       >      >             <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>
>>>>       >      >              >> >
>> <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>
>>>>       >      >             <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>
>>>>       >     <mailto:colinpauladams at gmail.com
>>>>      <mailto:colinpauladams at gmail.com>>>>>> wrote:
>>>>       >      >              >> >      >      >> This sounds like
>>>>      something that
>>>>       >     I was
>>>>       >      >             going to have
>>>>       >      >              >to
>>>>       >      >              >> >     write myself
>>>>       >      >              >> >      >      >> for my application
>> (a game
>>>>       >     server). I
>>>>       >      >             can't think
>>>>       >      >              >offhand
>>>>       >      >              >> >     of any
>>>>       >      >              >> >      >      >> further
>> improvements, but
>>> I
>>>>       >     might find
>>>>       >      >             something
>>>>       >      >              >when I
>>>>       >      >              >> >     try it
>>>>       >      >              >> >      >      >> out. My C skills are
>> 17
>>>>      years rusty
>>>>       >      >             (apart from
>>>>       >      >              >fragments
>>>>       >      >              >> >     involved
>>>>       >      >              >> >      >      >> in writing language
>>>>      bindings),
>>>>       >     but I'm
>>>>       >      >             sure I can
>>>>       >      >              >polish
>>>>       >      >              >> >     them up if
>>>>       >      >              >> >      >      >> I find any
>> enhancements
>>>>      needed.
>>>>       >     Is this
>>>>       >      >             in master
>>>>       >      >              >now?
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      > No, it's very much a
>> WIP.
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      > But today it's
>> working for
>>>>      admin
>>>>       >     login /
>>>>       >      >             logout, the
>>>>       >      >              >> cookies,
>>>>       >      >              >> >      >      > persistent session
>> db,
>>>>      rewriting r/o
>>>>       >      >             copies of the
>>>>       >      >              >state
>>>>       >      >              >> >     into js vars
>>>>       >      >              >> >      >      > (so the example login
>> page
>>>>      js can
>>>>       >     change
>>>>       >      >             to a logout
>>>>       >      >              >form
>>>>       >      >              >> >      >      > appropriately), and
>> all
>>>>       >     customization in
>>>>       >      >             the lwsws
>>>>       >      >              >JSON
>>>>       >      >              >> >     and login
>>>>       >      >              >> >      >      > html (there are
>> hidden
>>>>      form elements
>>>>       >      >             that control the
>>>>       >      >              >next
>>>>       >      >              >> url
>>>>       >      >              >> >      >      > depending on how the
>> login
>>> /
>>>>       >     logout went).
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      > I'll tidy it up and
>> add
>>>>      some docs
>>>>       >      >             tomorrow, and check
>>>>       >      >              >if
>>>>       >      >              >> >     it broke
>>>>       >      >              >> >      >      > anything else, but
>> you can
>>> see
>>>>       >     it's only
>>>>       >      >             usable for
>>>>       >      >              >> >     development
>>>>       >      >              >> >      >      > today.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     I pushed what there is
>> of
>>>>      it... for now
>>>>       >      >             it's enabled in
>>>>       >      >              >cmake
>>>>       >      >              >> >     with
>>>>       >      >              >> >      >     LWS_WITH_LWSWS.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     See
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >
>>>>       >      >              >> >
>>>>       >      >              >>
>>>>       >      >
>>>>       >
>>>>       >
>>>
>> https://github.com/warmcat/libwebsockets/blob/master/README.generic-sessions.md
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     You can add the mounts
>>>>      mentioned in
>>>>       >     there
>>>>       >      >             and the
>>>>       >      >              >protocol
>>>>       >      >              >> >     import part
>>>>       >      >              >> >      >     to the existing lwsws
>> example
>>>>      config.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     The admin account and
>>>>      password in the
>>>>       >      >             protocol config
>>>>       >      >              >part is
>>>>       >      >              >> >     admin /
>>>>       >      >              >> >      >     jipdocesExunt
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     If you navigate to
>>>>       >      > http://localhost:7681/lwsgs you
>>>>       >      >              >should see
>>>>       >      >              >> >     a login
>>>>       >      >              >> >      >     form that you can login
>> with
>>>>      those
>>>>       >      >             credentials, which
>>>>       >      >              >will
>>>>       >      >              >> >     take you to a
>>>>       >      >              >> >      >     URL in
>> /lwsgs/needadmin/...
>>>>      that cannot
>>>>       >      >             otherwise be
>>>>       >      >              >served.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     If you go back and
>> refresh
>>>>      the login
>>>>       >     page,
>>>>       >      >             it now knows
>>>>       >      >              >your
>>>>       >      >              >> >     session is
>>>>       >      >              >> >      >     authenticated and this
>> time
>>>>      shows your
>>>>       >      >             login name
>>>>       >      >              >together
>>>>       >      >              >> >     with a logout
>>>>       >      >              >> >      >     button... this is done
>> in JS
>>>>      clientside
>>>>       >      >             with the tiny
>>>>       >      >              >rewrite
>>>>       >      >              >> of
>>>>       >      >              >> >      >     "$lwsgs_user" in the
>> included
>>>>      lwsgs.js.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     The active sessions are
>>> stored in
>>>>       >     sqlite3
>>>>       >      >             on the server
>>>>       >      >              >side
>>>>       >      >              >> >     and the
>>>>       >      >              >> >      >     expiry, controlled from
>> the
>>>>      config file,
>>>>       >      >             should be
>>>>       >      >              >respected.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     The actual users will
>> also go
>>>>      in a
>>>>       >     table in
>>>>       >      >             sqlite3, but
>>>>       >      >              >> admin's
>>>>       >      >              >> >      >     credentials are set in
>> the
>>> config
>>>>       >     outside
>>>>       >      >             of that.
>>>>       >      >              >Those
>>>>       >      >              >> >     users and
>>>>       >      >              >> >      >     registration aren't done
>> yet.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >      > I'm mainly wondering
>> what
>>>>      people want
>>>>       >      >             from the
>>>>       >      >              >persistent
>>>>       >      >              >> >     user state,
>>>>       >      >              >> >      >      > in my case once
>>> authenticated,
>>>>       >     the next
>>>>       >      >             url is an
>>>>       >      >              >html
>>>>       >      >              >> >     page opening a
>>>>       >      >              >> >      >      > ws link that will
>> also get
>>> the
>>>>       >     logged-in
>>>>       >      >             session
>>>>       >      >              >cookie.
>>>>       >      >              >> My
>>>>       >      >              >> >      >      > application is static
>> html
>>>>      + js that
>>>>       >      >             dynamically
>>>>       >      >              >> >     configures itself
>>>>       >      >              >> >      >      > around the returned
>>>>      (user-context
>>>>       >     aware)
>>>>       >      >             JSON from
>>>>       >      >              >the ws
>>>>       >      >              >> >     link.
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      > Put another way the
>>>>      application's
>>>>       >     custom
>>>>       >      >             ws protocol
>>>>       >      >              >> >     handler code is
>>>>       >      >              >> >      >      > the guy who actually
>>>>      defines what
>>>>       >      >             different users
>>>>       >      >              >see...
>>>>       >      >              >> >     that pattern
>>>>       >      >              >> >      >      > removes the need for
>> any
>>> other
>>>>       >     server-side
>>>>       >      >              >interpreter and
>>>>       >      >              >> >     just
>>>>       >      >              >> >      >      > manifests itself as
>>>>      delivering an
>>>>       >      >             authenticated
>>>>       >      >              >username
>>>>       >      >              >> >     into custom
>>>>       >      >              >> >      >      > ws protocol code you
>> would
>>>>      have
>>>>       >     to write
>>>>       >      >             anyway.
>>>>       >      >              >Other
>>>>       >      >              >> >      >      > presentation-related
>> code
>>> that
>>>>       >     needs to
>>>>       >      >             be aware of
>>>>       >      >              >> >     authentication
>>>>       >      >              >> >      >      > state (eg, show login
>>> form, or
>>>>       >     "logged
>>>>       >      >             in as xxx" +
>>>>       >      >              >logout
>>>>       >      >              >> >     button)
>>>>       >      >              >> >      >      > moves out of what
>> would
>>>>      have been
>>>>       >     server
>>>>       >      >             scripts and
>>>>       >      >              >into
>>>>       >      >              >> >     js that got
>>>>       >      >              >> >      >      > some rewriting pixie
>>>>      dust.  But I am
>>>>       >      >             curious if that
>>>>       >      >              >> >     pattern is
>>>>       >      >              >> >      >      > enough to solve other
>>> peoples'
>>>>       >      >             session-related tasks,
>>>>       >      >              >> >     perhaps with a
>>>>       >      >              >> >      >      > little thought.
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     Still curious about
>> opinions
>>>>      on this
>>>>       >     (maybe
>>>>       >      >             it's not
>>>>       >      >              >> >     explained clearly
>>>>       >      >              >> >      >     enough yet).
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >     -Andy
>>>>       >      >              >> >      >
>>>>       >      >              >> >      >      > -Andy
>>>>       >      >              >> >      >      >
>>>>       >      >              >> >      >      >> On Mon, 23 May 2016
>> at
>>> 12:44
>>>>       >     Andy Green
>>>>       >      >              ><andy at warmcat.com
>> <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>>>       >      >              >> >     <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>>>>       >      >              >> >      >     <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >             <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>>>
>>>>       >     <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>>      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>>       >      >             <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>>      <mailto:andy at warmcat.com>>>>>>
>>>>       >      >              >wrote:
>>>>       >      >              >> >      >      >>
>>>>       >      >              >> >      >      >>> Hi -
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> I am partway
>> through
>>>>      making a
>>>>       >     plugin
>>>>       >      >             called
>>>>       >      >              >> >     "generic-sessions",
>>>>       >      >              >> >      >      >> intended
>>>>       >      >              >> >      >      >>> to provide
>> lightweight
>>>>       >     persistent http
>>>>       >      >             sessions
>>>>       >      >              >without a
>>>>       >      >              >> >      >      >>> server-side
>> interpreter.
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> The overall ideas
>> are:
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - random 20-byte
>> session
>>> id
>>>>       >     managed in
>>>>       >      >             a cookie
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - all information
>>>>      related to the
>>>>       >      >             session held at
>>>>       >      >              >the
>>>>       >      >              >> server,
>>>>       >      >              >> >      >      >> nothing
>>>>       >      >              >> >      >      >>> managed clientside
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - sqlite3 used at
>> the
>>>>      server to
>>>>       >     manage
>>>>       >      >             active
>>>>       >      >              >sessions
>>>>       >      >              >> >     and users
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - defaults to
>> creating
>>>>      anonymous
>>>>       >      >             sessions with no
>>>>       >      >              >user
>>>>       >      >              >> >      >      >>> associated
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - admin account
>> (with
>>>>       >     user-selectable
>>>>       >      >             username) is
>>>>       >      >              >> >     defined in
>>>>       >      >              >> >      >      >> config
>>>>       >      >              >> >      >      >>> with a SHA-1 of the
>>>>      password;
>>>>       >     rest of
>>>>       >      >             the accounts
>>>>       >      >              >are in
>>>>       >      >              >> >      >      >>> sqlite3
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - login, logout,
>> register
>>>>       >     account + email
>>>>       >      >              >verification
>>>>       >      >              >> >     built-in
>>>>       >      >              >> >      >      >> with
>>>>       >      >              >> >      >      >>> examples
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - in a mount, some
>> file
>>>>       >     suffixes (ie,
>>>>       >      >             .js) can be
>>>>       >      >              >> >     associated with
>>>>       >      >              >> >      >      >>> a protocol for the
>>>>      purposes of
>>>>       >     rewriting
>>>>       >      >              >symbolnames.
>>>>       >      >              >> >     These are
>>>>       >      >              >> >      >      >> read-only
>>>>       >      >              >> >      >      >>> copies of logged-in
>>>>      server state.
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - When your page
>> fetches
>>>>      .js or
>>>>       >     other
>>>>       >      >             rewritten
>>>>       >      >              >files
>>>>       >      >              >> >     from that
>>>>       >      >              >> >      >      >> mount,
>>>>       >      >              >> >      >      >>> "$lwsgs_user" and
>> so on
>>> are
>>>>       >     rewritten
>>>>       >      >             on the fly
>>>>       >      >              >using
>>>>       >      >              >> >     chunked
>>>>       >      >              >> >      >      >> transfer
>>>>       >      >              >> >      >      >>> encoding
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - Eliminates
>> server-side
>>>>      scripting
>>>>       >      >             with a few
>>>>       >      >              >rewritten
>>>>       >      >              >> >     symbols
>>>>       >      >              >> >      >      >>> and javascript on
>> client
>>>>      side
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - 32-bit bitfield
>> for
>>>>       >     authentication
>>>>       >      >             sectoring,
>>>>       >      >              >mounts
>>>>       >      >              >> can
>>>>       >      >              >> >      >      >>> provide
>>>>       >      >              >> >      >      >> a
>>>>       >      >              >> >      >      >>> mask on the
>> loggin-in
>>>>      session's
>>>>       >     associated
>>>>       >      >              >server-side
>>>>       >      >              >> >     bitfield
>>>>       >      >              >> >      >      >>> that must be set
>> for
>>> access.
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> - No code (just
>> config)
>>>>       >     required for,
>>>>       >      >             eg, private
>>>>       >      >              >URL
>>>>       >      >              >> >     namespace
>>>>       >      >              >> >      >      >> that
>>>>       >      >              >> >      >      >>> requires login to
>> access.
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> Login, logout,
>> cookies,
>>>>       >     rewriting are
>>>>       >      >             already done,
>>>>       >      >              >I am
>>>>       >      >              >> >     curious
>>>>       >      >              >> >      >      >> about
>>>>       >      >              >> >      >      >>> any comments or
>>>>      suggestions to
>>>>       >     make it
>>>>       >      >             more useful
>>>>       >      >              >> >     (especially
>>>>       >      >              >> >      >      >>> if
>>>>       >      >              >> >      >      >> anyone
>>>>       >      >              >> >      >      >>> is motivated to
>>> contribute).
>>>>       >      >              >> >      >      >>>
>>>>       >      >              >> >      >      >>> -Andy
>>>>       >      >
>>>> _______________________________________________
>>>>       >      >              >> >      >      >>> Libwebsockets
>> mailing
>>> list
>>>>       >      >              >> > Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>
>>>>       >     <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>>       >      >
>> <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>
>>>>       >     <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>>>
>>>>       >      >              >> >
>>>>        <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>
>>>>       >     <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>>       >      >
>> <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>
>>>>       >     <mailto:Libwebsockets at ml.libwebsockets.org
>>>>      <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>>>>       >      >              >> >      >
>>>>       >       <mailto:<
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets
>



More information about the Libwebsockets mailing list