Jump to content
  • Advertisement
Sign in to follow this  
Awoken

internet browser related question, and future questions.

This topic is 629 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello everyone.  I'm creating a browser game and have run into a snag.  I am unsure where to post my questions on Gamedev.  I'm going to use this forum until informed otherwise.

The questions I have are more to do with website hosting as opposed to game development, I'm just hoping I can get a few quick pointers as to where else to look for the information.

What I'm wanting to know is if I can create an 'instance' of a url link for a logged in user.  Rather than having a boolean value determine a persons access I was thinking of creating instances of links that are closed down from the server as soon as a client logs off?  I'm sure this is already done in some fashion.  Does anyone know what I'm looking for?

Share this post


Link to post
Share on other sites
Advertisement

It is certainly possible to do something similar to that, but the specifics depend on how much control you have over the hosting software.

Share this post


Link to post
Share on other sites
This is typically known as "session management." Virtually any hosting infrastructure will let you do it.

Share this post


Link to post
Share on other sites
The way you do this is store all the various permission bits (user ID, score, and whatnot) in some semi-persistent back-end storage.
Memcached is often used. Redis, MySQL, Cassandra, or pretty much any other shared persistent storage will work, too.
You will want the storage to expire after some time (30 minutes to 30 days are common session lifetimes.)
Then, key that data by a long, randomly-generated string (known as the "session key" or "session id.")
Set a cookie on the HTTP session that is named "sid" and that has the session key as value.
For each request that comes in, look at the value of the "sid" cookie, and if it matches an existing stored chunk of state, assume that that's the user.

Note that, if you use HTTP instead of HTTPS, and the user is accessing your site from a public WiFi somewhere, someone running Wireshark can steal the session cookie.
This attack was made famous by the "firesheep" tool. Hence, you should use HTTPS for all traffic. That's easy now, that "let's encrypt" makes it free and automated to get certificates.
When the user logs out, terminate the record with the key of the user's session id, and clear the "sid" cookie.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!