Esp32 webserver with multiple user authentication

Ruesti
Posts: 2
Joined: Thu May 25, 2023 7:17 pm

Esp32 webserver with multiple user authentication

Postby Ruesti » Thu May 25, 2023 7:25 pm

Hi..

I want to build a webserver where multiple users can login. Each with his own account. I want to know who is when logged in and I want to store the information in a database. The login is exclusive with smartphones. How is it possible to create many user account for a web page and how can I track this on a esp32 webserver? Hope anyone can help me.

Gruß Uli

MicroController
Posts: 1733
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: Esp32 webserver with multiple user authentication

Postby MicroController » Sun May 28, 2023 6:07 pm

One common approach is to use cookies to designate sessions.
Whenever a request for a protected resource comes in, you check if the request contains a valid value for your session cookie.
If no (valid) session cookie is sent, you deny access and potentially redirect to a login page.
If, via the form on the login page, a valid user/password combination is entered, you generate a long random number or string as the "session id", link that random number to the user account on the server side and have the client set the session cookie with the value of that session id.
The user is now logged in, as with each following request the browser will send the session id cookie. Via the session id, you can look up the user which is linked to that session and allow or deny requests according to the user's permissions.
The user is logged out by just invalidating/throwing away the session id on the server side.

It is straight forward to log the timestamp of the successful login and logout for a user name to whatever storage you like.

A less common, more simple but less secure alternative is to use HTTP authentication. Less secure because the browser will send the username+password with every subsequent request, the username (and potentially even the password) may be visible in the URL, there is no way to log out and no unique session id.

Ruesti
Posts: 2
Joined: Thu May 25, 2023 7:17 pm

Re: Esp32 webserver with multiple user authentication

Postby Ruesti » Sun May 28, 2023 6:23 pm

Thank you very much for this reply. This seems to direct me to the right way. First I have to understand it totally but there are many hints to search for.

Thank you

Announcement
Posts: 2
Joined: Sun Jun 04, 2023 12:40 am

Re: Esp32 webserver with multiple user authentication

Postby Announcement » Sun Jun 04, 2023 12:42 am

Did you already get your system figured out, or did you need further assistance?

Who is online

Users browsing this forum: No registered users and 98 guests