Avatar of Kapalua
Kapalua asked on

Logged in or not logged in; what's the difference?


In my application the clients are given a session id which is used to identify the session.
This id is unique for all sessions and if it's used as a argument with the correct stored procedure it will return information.

As the application works right now two computers could request this information at the same time with the same session id. Which means that if some can obtain a session id, they could get access to the same information as the logged in users.

My question is:
How does a generic login function set status to "logged in" for a user account and how can the program differentiate between logged in sessions and not logged in session so it can refuse requests from not logged in clients information?

Hope i have made myself understandable and that someone could give me some help with this problem who have bothered me for quite some time.

Avatar of undefined
Last Comment

8/22/2022 - Mon

Is this a thick client application (as in classical client/server) or a web  application?
In the latter you would use the standard HTTP session mechanisms and use cookies.

kr, J.

It's a classic client/server application.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck