I am new to Blazor and I am creating a prototype website for a project. I am aware of the Blazor Authentication/Authorisation function but I don't want to use this. Is there an easier way to store the logged in users id such as the way you can store this with PHP start/end sessions for logged in users?
You can use browser local storage or session storage to store user id. ProtectedBrowserStorage library may help you
Related
The only way users can log into my site is by using facebook login (I use php sdk). I store their email, id, content their create in my db.
I am using CodeIgniter and let them have access to pages based on their facebook user id which is stored in a session variable. I am wondering if that's secure enough. If it's not, what would be most secure way to do it?
Don't ever store personal data in SESSION or COOKIE.
I recommend that, only store your members' member ID, not Facebook ID. Then pull other data from database by using it.
I am trying to create user accounts for my website(To store preferences and data) and I am wondering if anyone could help me with two things.
First, I have looked around a lot, but cannot seem to find any good resources on creating user accounts for a website(all of the web results seem to be about user accounts on a computer or server), so if anyone could suggest a good resource to learn about creating user accounts, that would be great.
Second, what is the best way to remember if a user is logged in? Right now, I have a database that stores users with their emails, passwords and other data. I am wondering how I can check on each page to see who the user is(after they have logged in). Would I use a cookie for this?
If so, how would that work? Would the cookie store their username and password? That does not seem very secure but it is the only way I can think of at the moment.
I bet you could find some resources for developing a user membership system.
Basically you can use sessions and cookies.
You're right that cookies are not very secure for storing usernames and passwords, but you can store only one cookie with the user ID.
Resources
User membership with PHP | Nettuts+
MySQL & PHP User accounts | Pete's web design blog
A google search of PHP User Management Scripts brings out these following results:
Free PHP User Management Script: LOG.ME.IN
Repox/Simple Users
Many at PHP.ResourseIndex.com
Although you may need to customize each and every one according to your requirements.
For sure you need to see $_SESSION and $_COOKIE.
I am using the stock SDK for php/javascript. Now the app I am building many parts of it, if a user approves the use and accepts the permissions acts as a layer on top of facebook. Where it is planned to have my App pretty much interact with it as if the user was logged on at the time.
Previously I was playing with the offline_access but I recently read that that permission is coming out of the api completely and soon enough any tokens already in existence will just convert to 60 day tokens. I know from what I read that I can renew the tokens on a daily basis if need be when a user logs into my app. But my two biggest questions that I can't figure out one way or another is.
How do I ensure I get the "long-lived" tokens, and with these tokens do I store them on my end and pass them through the api to FB or is facebook storing these and through the use of the api the way it is and I don't need to store them somewhere. I know currently when I login it generates a token and stores it in a php session but the session is usually only good for the duration of the user being on my app. Note this is also a desktop app, not an app within facebooks canvas.
If I have to store the tokens to use them, and the php sdk bases itself off of whats stored in a session do I recreate the session with the stored access token for the user or I dunno, Im confusing myself as I type this out, hopefully someone can shed some light on the subject for me.
Here you can find some help on how to handle the expired tokens,
https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
And here more info on how to use the new method,
Facebook offline access step-by-step
All this matter always makes me doubt as well, but I have noticed that facebook usually keeps the token somewhere on the user end, probably a cookie, so that it will automatically connect. So I don't think that the token only lasts a session and I'd rather say you won't have too many problems with the depreciation of offline_access, though this might just be my personal opinion.
I'm building a custom .net web app with a wordpress frontpage and CMS.
I'm using session variables to check if the user is logged in to the web app.
What I'd like to be able to do is display on wordpress whether or not the user is logged in to the webapp.
Is this possible and if so does anybody know how I would go about doing it?
Thanks,
Andrew
Use a cookie and a database. The cookie contains some unique ID for that session, which you store in the database. Nothing specific to asp.net or php about cookies. Either app can obtain the key from the cookie, and look up the session info in the database.
I am writing an application in CodeIgniter and I have concluded that it's best to write two applications. One for back office and one for client use.
I would like to have just one login screen. It will be in the back office application but if a client user logs in then I want to redirect to the client app and create a session there. The database user table stores the user type i.e. client or admin.
I have come up with the following solution. As I want to this the correct way I said i'd run it by you guys to see what ye think.
User logs into admin CI app.
Admin CI app verifies user and determines type. If admin then go ahead and create session etc.
If the user is a client then MD5(user_ip+timestamp OR make a secure token some other way) and store in a token field (user_table) in DB.
redirect the user to the client admin via a login page. The paramters would be the token and username. The login function would then go to that user in the database and verify the token.
On successful authorization of token the CI client app would start a session and let the user in.
This seems like a very long winded method. Ideally there would be a way to start a session for one CI app from another?
Any ideas?
Thanks.
Once you've verified admin or client, I would use the CodeIgniter session class with the ci_sessions table in your database.
http://codeigniter.com/user_guide/libraries/sessions.html
Then to distinguish users from client or employee add a variable to the session.
$this->session->set_userdata('user_type', 'client');
Then just use that if ever you need it.
I would go about making 2 applications under HMVC (Hierarchical-Model-View-Controller) framework.
HMVC CodeIgniter Tutorial
Then you can go about using same sessions under multiple applications, as well as use the same models for user management, etc..
HMVC helps you modularize your applications, thus if you want to add more applications in the future, you can easily do that, passing over same sessions and such.
I answered your question in a bigger scope, one central login with 2 apps, best should be done with HMVC.
:)
Might wanna check out BackEndPro for CodeIgniter, could save you a lot of time.
Includes:
User Authentication with registration & account activation
User Permissions by using ACL (Access Control Lists)
Admin GUI backend for editing Site-wide Preferences
Built on Matchbox (for Modular development)
Asset Library (optimize, cache, and load JS & CSS)
ReCAPTCHA
Status messages (info/success/warning/error messages for the user)