#1 2017-12-03 10:41:53

esmondb
Member
From: London
Registered: 2010-07-20
Posts: 299

SessionGroup and authentication

I want to create a method based service which works for both logged in and anonymous users. Is it safe to do something like this?:

procedure TMySQLRestServer.search(cTxt: TSQLRestServerURIContext);
begin
  if cTxt.SessionGroup = 0 then
    //return results for anonymous users
  else
    //return results for logged in users
end;

I only ask as the code comments

/// the corresponding TAuthSession.User.GroupRights.ID value
  // - is undefined if Session is 0 or 1 (no authentication running)
  SessionGroup: integer;

but it seems that I can rely on SessionGroup being 0 rather than undefined if no authentication is running.

Offline

#2 2017-12-03 11:56:39

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,183
Website

Re: SessionGroup and authentication

Why is not cTxt.SessionGroup = 0 (CONST_AUTHENTICATION_SESSION_NOT_STARTED) good enough?

Offline

#3 2017-12-03 19:01:33

esmondb
Member
From: London
Registered: 2010-07-20
Posts: 299

Re: SessionGroup and authentication

Sorry, I misread undefined in the comments as uninitialised.

Offline

Board footer

Powered by FluxBB