Hi..
I want to build a webserver where multiple users can login. Each with his own account. I want to know who is when logged in and I want to store the information in a database. The login is exclusive with smartphones. How is it possible to create many user account for a web page and how can I track this on a esp32 webserver? Hope anyone can help me.
Gruß Uli
Esp32 webserver with multiple user authentication
-
- Posts: 1688
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Esp32 webserver with multiple user authentication
One common approach is to use cookies to designate sessions.
Whenever a request for a protected resource comes in, you check if the request contains a valid value for your session cookie.
If no (valid) session cookie is sent, you deny access and potentially redirect to a login page.
If, via the form on the login page, a valid user/password combination is entered, you generate a long random number or string as the "session id", link that random number to the user account on the server side and have the client set the session cookie with the value of that session id.
The user is now logged in, as with each following request the browser will send the session id cookie. Via the session id, you can look up the user which is linked to that session and allow or deny requests according to the user's permissions.
The user is logged out by just invalidating/throwing away the session id on the server side.
It is straight forward to log the timestamp of the successful login and logout for a user name to whatever storage you like.
A less common, more simple but less secure alternative is to use HTTP authentication. Less secure because the browser will send the username+password with every subsequent request, the username (and potentially even the password) may be visible in the URL, there is no way to log out and no unique session id.
Whenever a request for a protected resource comes in, you check if the request contains a valid value for your session cookie.
If no (valid) session cookie is sent, you deny access and potentially redirect to a login page.
If, via the form on the login page, a valid user/password combination is entered, you generate a long random number or string as the "session id", link that random number to the user account on the server side and have the client set the session cookie with the value of that session id.
The user is now logged in, as with each following request the browser will send the session id cookie. Via the session id, you can look up the user which is linked to that session and allow or deny requests according to the user's permissions.
The user is logged out by just invalidating/throwing away the session id on the server side.
It is straight forward to log the timestamp of the successful login and logout for a user name to whatever storage you like.
A less common, more simple but less secure alternative is to use HTTP authentication. Less secure because the browser will send the username+password with every subsequent request, the username (and potentially even the password) may be visible in the URL, there is no way to log out and no unique session id.
Re: Esp32 webserver with multiple user authentication
Thank you very much for this reply. This seems to direct me to the right way. First I have to understand it totally but there are many hints to search for.
Thank you
Thank you
-
- Posts: 2
- Joined: Sun Jun 04, 2023 12:40 am
Re: Esp32 webserver with multiple user authentication
Did you already get your system figured out, or did you need further assistance?
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], ulaoulao and 128 guests