wjjw Posted November 9, 2021 Share Posted November 9, 2021 Hello, I have multiple uniGUI applications running on HyperServers. When you access first time/session on one app - e.g. app01 you need to login. There are links on app01 to the other apps using same DB (app02 and app03). If I click on this links while an existing valid session I don't want to login again. All user credentials are the same for all applications (app01-app03). What is the best and secure way/technique to do this? Cookies, parameters, ...? Best regards, /Werner Quote Link to comment Share on other sites More sharing options...
Hayri ASLAN Posted November 9, 2021 Share Posted November 9, 2021 14 hours ago, wjjw said: Hello, I have multiple uniGUI applications running on HyperServers. When you access first time/session on one app - e.g. app01 you need to login. There are links on app01 to the other apps using same DB (app02 and app03). If I click on this links while an existing valid session I don't want to login again. All user credentials are the same for all applications (app01-app03). What is the best and secure way/technique to do this? Cookies, parameters, ...? Best regards, /Werner I think the best way is cookies. https://medium.com/swlh/secure-httponly-samesite-http-cookies-attributes-and-set-cookie-explained-fc3c753dfeb6 Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 11, 2021 Share Posted November 11, 2021 Sometimes cookies can be blocked, I use Encrypted Local Storage 🙂 Quote Link to comment Share on other sites More sharing options...
wjjw Posted November 12, 2021 Author Share Posted November 12, 2021 11 hours ago, andyhill said: Sometimes cookies can be blocked, I use Encrypted Local Storage 🙂 Hi Andy! Sounds like a good solution. So if I understand it correctly - did you do it like this?: When you open the application(s) you check if the file exists If yes, check the correct values and the time stamp if OK, skip the login page if NOT OK, redirect to the login page and create the encrypted local storage file. Is this supported with all browsers? Is also my time stamp method correct? Do you have an example of your solution which you could share with me? Thanks a lot for your input. /Werner Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 12, 2021 Share Posted November 12, 2021 Werner, you can achieve what you want from many different ways. MainModule has a BeforeLogin Event, LoginForm has a BeforeShow Event etc. Here is the Local Storage code (off memory) where the data is stored as key A0 (edtUserName is a TUniEdit):- Fetch key A0 data into edtUserName.Text edtUserName.JSInterface.JSCall('setValue', [jsstatement('localStorage.getItem("A0")')]); // Must Use Double Quotes Save custom text using edtUserName's interface edtUserName.JSInterface.JSCallGlobal('localStorage.setItem', ['A0', 'custom text'] ); Hope this helps 1 Quote Link to comment Share on other sites More sharing options...
Pep Posted November 13, 2021 Share Posted November 13, 2021 19 hours ago, andyhill said: Werner, you can achieve what you want from many different ways. MainModule has a BeforeLogin Event, LoginForm has a BeforeShow Event etc. Here is the Local Storage code (off memory) where the data is stored as key A0 (edtUserName is a TUniEdit):- Fetch key A0 data into edtUserName.Text edtUserName.JSInterface.JSCall('setValue', [jsstatement('localStorage.getItem("A0")')]); // Must Use Double Quotes Save custom text using edtUserName's interface edtUserName.JSInterface.JSCallGlobal('localStorage.setItem', ['A0', 'custom text'] ); Hope this helps andyhill, thank you for your response, but I don't know, how to use localStorage in MainModule using BeforeLogin Event, because Mainmodule has not visual elements so I cant' use "edtUserName" (TuniEdit) to load a value from localStorage. Maybe there is a way to do it but I don't know... Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 13, 2021 Share Posted November 13, 2021 You can use BeforeShow on LoginForm, fetch local storage data, make a decision, continue with user interaction -or- go straight to MainForm etc. etc. etc. 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted November 15, 2021 Share Posted November 15, 2021 On 11/13/2021 at 4:52 PM, Pep said: andyhill, thank you for your response, but I don't know, how to use localStorage in MainModule using BeforeLogin Event, because Mainmodule has not visual elements so I cant' use "edtUserName" (TuniEdit) to load a value from localStorage. Maybe there is a way to do it but I don't know... Hello, http://forums.unigui.com/index.php?/topic/12306-how-can-i-access-local-storage/&do=findComment&comment=65734 1. Let's say you have an elementary application (app0) with just a mainform and loginform. This mainform contains 2 labels : app1 and app2. 2. Store a local storage key (login) on the first time when a user open a session on this welcome mainform (app0). 3. When the same user click on app1, retreive this key on loginform.beforeShow event (app1). If the key is OK then app1.loginform.modalReslt:=MrOK 4. Keep in mind to destroy this key on all sessionOut (app0, app1, app2). _______________ NB : This work without parameters on URL lblapp1 : www.localhost:8077 lblapp2 : www.localhost:8078 Obeviously, for security, each app1 and app2 has its loginform. For more training you can see how to bypass loginform here (old sample) http://forums.unigui.com/index.php?/topic/9564-soautoplatformswitch-demo/&do=findComment&comment=74590 1 Quote Link to comment Share on other sites More sharing options...
Pep Posted November 15, 2021 Share Posted November 15, 2021 @andyhill and @Abaksoft, thank you very much! Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 15, 2021 Share Posted November 15, 2021 Just keep in mind SSL, I have found some Browsers refuse to do https over any other port other than 443. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.