Re: [lwip-users] Basic Authentication

[Trampas Stern]

document.cookie = "sessionToken=3"                        ;

This will set the sessionToken (session ID) to 3.  So in the firmware when the httpd.c requests this file I find this string and replace the buffer with the correct session ID number I want.  This then sets the cookie and browser will send this cookie with every request to device. 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies 

Then in my call back I parse the HTML header for the session cookie, to see if it matches who is logged in. 

In the login what I do is have user type admin password, which I then send a MD5 hash with session ID.  If the MD5 hash matches I record IP and session ID for person logged in. 

Trampas 

On Thu, Apr 23, 2020 at 11:09 AM Trampas Stern <address@hidden> wrote:

The browser sends the cookie automatically. 

What I do is in the login.html is add the following:

On Thu, Apr 23, 2020 at 10:26 AM Marco Lazzaroni <address@hidden> wrote:

Il giorno gio 23 apr 2020 alle ore 14:12 Trampas Stern <address@hidden> ha scritto:

So what I did is added support for cookies.  Basically in the http_parse_request() I created a callback that I call which passes header to the call back.  In the function I get the cookie for a session ID, and return a redirect if the current user is not logged in. 

When the user connects the callback checks the session ID cookie and the remote IP port for match, if they do not match current logged in person I redirect them to login page.  The login page assigns them a new random session id and lets them enter password.  If password matches then I store their session id and IP address as being logged in.  

What needs to be done on the html side? I mean, in some way the browser has to know that it has to send the cookie in the header, am I correct? But how?

_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users