Solved

webbroker, using cookies to verify page requests

Posted on 2002-04-11
4
470 Views
Last Modified: 2010-04-04
Hi there,

I've been getting into delphi 6 webbroker and it's a lot fun. However, cookies are a little beyond me right now. I understand what they can but not how to do them.

What i've got is a user that logs in with a password and login name. The site handles orders for products so i want to make sure that the page requests being sent actually come from the person who has logged in. I've seen an example from Motaz on keeping the cookie for a period of time to remember the login details (like a "remember me" i guess). Is it along the same lines?

Cheers

Neil
0
Comment
Question by:NeilLewis
4 Comments
 
LVL 9

Expert Comment

by:ginsonic
ID: 6935997
listening
0
 

Author Comment

by:NeilLewis
ID: 6936042
I've been trying request.RemoteAddr and global variables instead but need to use cookies i know.

eg, in the web module create i say

strUserAddress := request.RemoteAddr;

with strUserAddress being a global variable. Then in a function ...

procedure TWebModule1.CheckIPAddress();
var
    strCompareIPAddress : string;
    textcompare : integer;
begin

strCompareIPAddress := request.RemoteAddr;
textcompare := comparestr(strCompareIPAddress, strIPAddress);

if textcompare <> 0 then //the strings don't match
begin
   response.Content := 'Address does not match';
else
  ;//do nothing (carry on)
end;


And that function is put where you want to check where the page requests are coming from. BUT I WANT TO USE COOKIES!

Neil
0
 

Accepted Solution

by:
RayNorrish earned 100 total points
ID: 7184050
Your approach is wrong. You should not use request.RemoteAddr for anything critical, as this could be a proxy address, and does not indicate a unique client.

Here is the approach I use:

Have a user database table that contains at least:

User, Password, Session ID

Collect the user and password at login, and generate a session ID (some random alphanumeric).

Set the sessionID as your cookie. You must verify this session ID for all future actions of that session.

This has at least two benefits - one is that you don`t continually keep passing a usrname, password to maintain state, but a "useless" sessionID that is only valid for that session, and the other is that you should make this cookie "session only" ie. set it's expiration to 0 or -1 so that it cannot be reused.

I have written my own session management around this model, but there are several 3rd party options available.
A search for MDWeb by Mark Brittingham would be useful, and especially a visit to Shiv Kumar's tutorials (www.matlus.com) should totally enlighten you :)
0
 
LVL 1

Expert Comment

by:pnh73
ID: 9003177
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept Answer from RayNorrish

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Paul (pnh73)
EE Cleanup Volunteer
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Thread safe  opinion 7 126
PDF library for Delphi 2 104
calling Tcolordialog in dll make the form disappear 8 103
Making delphi communicate with a c# service 16 88
A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now