Sign in to follow this  
Awoken

internet browser related question, and future questions.

Recommended Posts

Hello everyone.  I'm creating a browser game and have run into a snag.  I am unsure where to post my questions on Gamedev.  I'm going to use this forum until informed otherwise.

The questions I have are more to do with website hosting as opposed to game development, I'm just hoping I can get a few quick pointers as to where else to look for the information.

What I'm wanting to know is if I can create an 'instance' of a url link for a logged in user.  Rather than having a boolean value determine a persons access I was thinking of creating instances of links that are closed down from the server as soon as a client logs off?  I'm sure this is already done in some fashion.  Does anyone know what I'm looking for?

Share this post


Link to post
Share on other sites
The way you do this is store all the various permission bits (user ID, score, and whatnot) in some semi-persistent back-end storage.
Memcached is often used. Redis, MySQL, Cassandra, or pretty much any other shared persistent storage will work, too.
You will want the storage to expire after some time (30 minutes to 30 days are common session lifetimes.)
Then, key that data by a long, randomly-generated string (known as the "session key" or "session id.")
Set a cookie on the HTTP session that is named "sid" and that has the session key as value.
For each request that comes in, look at the value of the "sid" cookie, and if it matches an existing stored chunk of state, assume that that's the user.

Note that, if you use HTTP instead of HTTPS, and the user is accessing your site from a public WiFi somewhere, someone running Wireshark can steal the session cookie.
This attack was made famous by the "firesheep" tool. Hence, you should use HTTPS for all traffic. That's easy now, that "let's encrypt" makes it free and automated to get certificates.
When the user logs out, terminate the record with the key of the user's session id, and clear the "sid" cookie.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this