#1 2017-08-30 11:03:18

ImproSnake
Member
Registered: 2017-06-20
Posts: 30

Check if SesionID still authenticated ?

Hello all,

is there a opportunity to check if a SessionID is still logged in ?

Background :

i implemented a Typescript Client to work with Angular 4.
Now i want to check if the sessionsId of an authenticated user is still valid (logged in). I want to do this so i can implement propper RouteGuards in Angular 4.
Is there a Way to implement this with a service so i can check it like http(s)://Server/ROOT/checkSessionId?SessionId=Session_Id&Session_signature=session_signature  ?

Any help would be much appreciated.

Offline

#2 2017-08-30 12:56:04

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: Check if SesionID still authenticated ?

IMHO you do not need to check session is valid, instead send request as usual, but in case of 401 response repeat authentication handshake (re-route to login page)

Last edited by mpv (2017-08-30 12:56:24)

Offline

#3 2017-08-31 07:04:25

ImproSnake
Member
Registered: 2017-06-20
Posts: 30

Re: Check if SesionID still authenticated ?

@mpv I am aware of this solution but this lack's the opportunit to react before the SessionId is no longer authenticated. For example : Dont load the Route in the Web Application because the SessionID is no longer Authenticated. This is just for enhanced User Eperienced. I think it is unsufficient just redirect the User to the login page out of nowhere.

I came with this solution :

Implement a interface Based Service on the Server Side with a Function like :

function TServiceSession.checkSession(SessionId: Cardinal): boolean;
begin
  if (restServer.SessionGetUser(SessionId) <> nil) then
  begin
    result := True;
  end
  else
  begin
    result := False;
  end;
end;

Now we can call the Service out of the Webapp like htpp://Server/Root/Session.checkSession?SessionId=SessionId&SessionSignature=SessionSignature .

An with this we can implement A RouteGuard so only Authenticated User can Activate specific Routes. This way i dont have to track the Session timeout nor i have to track a variable for the Authentication State.

Maybe this Help someone else out.

Last edited by ImproSnake (2017-08-31 07:05:12)

Offline

Board footer

Powered by FluxBB