473,324 Members | 2,581 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Users and session ids

C G
Dear All,

I wonder if anyone can advise me with this problem.

1. A user logs into the database (through web, webservice, some other piece
of software) - connect(user="joe",passwd="blogs")
2. We generate a random session key which will expire in 1 hour. Put this in
table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key.
5. How do we use this session key to log the user into the database, i.e.
how do we get the username and passwd to enable:
connect(user="joe",passwd="blogs").

Many thanks

Colin

__________________________________________________ _______________
Tired of 56k? Get a FREE BT Broadband connection
http://www.msn.co.uk/specials/btbroadband
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Nov 12 '05 #1
3 2106
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You've got to have some kind of "middleware". Apache, custom, whatever.
Basically this piece of middleware gets the session key.
Have the middleware (using a common login) retrieve the ser (and password)
drom the database table and authenticate the user.
On Wednesday 10 December 2003 01:55 am, C G wrote:
Dear All,

I wonder if anyone can advise me with this problem.

1. A user logs into the database (through web, webservice, some other piece
of software) - connect(user="joe",passwd="blogs")
2. We generate a random session key which will expire in 1 hour. Put this
in table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key.
5. How do we use this session key to log the user into the database, i.e.
how do we get the username and passwd to enable:
connect(user="joe",passwd="blogs").

Many thanks

Colin

__________________________________________________ _______________
Tired of 56k? Get a FREE BT Broadband connection
http://www.msn.co.uk/specials/btbroadband
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org


- --
UC

- --
Open Source Solutions 4U, LLC 2570 Fleetwood Drive
Phone: +1 650 872 2425 San Bruno, CA 94066
Cell: +1 650 302 2405 United States
Fax: +1 650 872 2417
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/1vZ3jqGXBvRToM4RAv+pAJ0bzCNwhsHxoCk36lXbppy8oQ7C6Q CcD4H5
GKM2nyxIaOgp98liPyjKk8w=
=qF5p
-----END PGP SIGNATURE-----
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postgresql.org so that your
message can get through to the mailing list cleanly

Nov 12 '05 #2
Quoting C G <cs******@hotmail.com>:
Dear All,

I wonder if anyone can advise me with this problem.

1. A user logs into the database (through web, webservice, some other piece
of software) - connect(user="joe",passwd="blogs")
2. We generate a random session key which will expire in 1 hour. Put this in

table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key.
5. How do we use this session key to log the user into the database, i.e.
how do we get the username and passwd to enable:
connect(user="joe",passwd="blogs").

Many thanks

Colin


Colin,

For the web, if you are running apache and mod_perl, take a look at the
PosgreSQL authentication modules on CPAN.org. In particular, anything that
deals with "cookie tracking" or authentication with cookies would be a start.

Of coures there are similar modules/methods for the other PG supported languages
as well.
--
Keith C. Perry, MS E.E.
Director of Networks & Applications
VCSN, Inc.
http://vcsn.com

____________________________________
This email account is being host by:
VCSN, Inc : http://vcsn.com

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 12 '05 #3
C G wrote:
Dear All,

I wonder if anyone can advise me with this problem.

1. A user logs into the database (through web, webservice, some other
piece of software) - connect(user="joe",passwd="blogs")
2. We generate a random session key which will expire in 1 hour. Put
this in table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key.
5. How do we use this session key to log the user into the database,
i.e. how do we get the username and passwd to enable:
connect(user="joe",passwd="blogs").


It is involved at multiple steps.

1. Use a connection pool, all connecting as superuser
2. Authenticate user with opening a new connection
3. Store a map of user session key v/s username/userid in application.
4. Use set session authorization after verifying the key.

It could have been good if postgresql could authenticate over an existing
connection or make set session authorisation accept username/password. But
anyways.. that is not such a big hassle except for the fact that each
authorisation costs starting/killing one connection

HTH

Shridhar

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 12 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
by: Dave Smithz | last post by:
Hi there, Users of my PHP DB application have complained that it seems to log them out every now and then. I actually assume this is when it has been idle for sometime as I use session variables...
1
by: Scott Wickham | last post by:
I'm having a problem saving session information on one form and retrieving it on a subsequent form...for only one out of a number of users. Actually, I'm not absolutely certain it's a session...
8
by: gil | last post by:
I'm trying to track how many users are visiting a site and how may are logged in, using application sessions like so: Sub Session_OnStart Session.Timeout = 20 Session("Start") = Now...
6
by: mark | last post by:
I have an asp.net ecommerce web application on a remote web server. I'm using an Access database on the back end. I've notice a few strange things. When I mimic an multiple user environment by...
5
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the...
7
by: jsale | last post by:
I have made an ASP.NET web application that connects to SQL Server, reading and writing data using classes. I was recommended to use session objects to store the data per user, because each user...
5
by: Oleg Ogurok | last post by:
Hi all, Is there a way to read other people's session variables? I understand it makes sense that session state is on per-user basis, but still... Is there a way to get a collection of all...
9
by: viktor9990 | last post by:
I wonder if it is possible from a button click or a link to logg off (some unwanted logged on users or all users) in an asp.net application with session.timeout or another way?Thankfull for any...
2
by: Don Hobson | last post by:
I am building a website and I want to allow users to do certain things without logging in. I would like to allow them to keep track of certain items, by adding them to a list. Like if they are...
7
by: Gary | last post by:
Hello guys! Bear with me, I am a newbie. She is the Data Warehouse manager. She has about 50 users to use the Oracle database from M$ Access via ODBC connection. All those users have only...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.