Leaderboard

That's it! thank you guys!

I'd like to point out for the benefit of the original poster that the demo does *not* protect the credentials. This is a major security concern for a production system, as anything else in the browser can read the credentials out of the cookies on the user's machine. For a production grade solution you must therefore not store the credentials themselves, but rather a login token. Or if you must store the credentials themselves, then they must be encrypted on the server using strong encryption (say AES256). If you use a token, then it should be validated upon use, to prevent eg. token theft and/or impersonation by a malicious third party. So for example a token should ideally include some way to validate the IP address making use of the token. (In our system I ended up employing AES256 encryption to protect the credentials in the browser, to allow seamless processing and auto-login from a specific URL straight to a specific screen/form/page without demanding the user to login - if the credentials are absent then of course you are asked to login as normal. Edit: To add, we used SynCrypto.pas, part of mORMot framework, for the AES encryption. )

\FMSoft\Framework\uniGUI\Demos\Desktop\LoginForm Cookies

Hi, Please see our demo