You are not logged in.
- Topics: Active | Unanswered
#1 2025-08-24 07:29:50
- testgary
- Member
- Registered: 2025-02-06
- Posts: 29
session
Description:
A. When a user opens the website (any page), I generate a unique identifier and save it to the database, then send the identifier to the front-end Cookie, as it is needed for tracking user operations.
TCookieData = packed record
ID: TID;
Unique: RawUtf8;
Captcha: RawUtf8;
Rec1: RawUtf8;
...
RecN: RawUtf8;
Status: boolean;
end;
procedure TBlogMvcApplication.GetViewInfo(MethodIndex: integer; out info: variant);
var
CookieData: TCookieData;
begin
inherited GetViewInfo(MethodIndex, info);
if (CurrentSession.CheckAndRetrieve(@CookieData, TypeInfo(TCookieData)) = 0) or (CookieData.Unique = '') then
begin
CookieData.Unique := GenerateUnique;
CurrentSession.Initialize(@CookieData, TypeInfo(TCookieData), 0);
end;
end; Through the OnSessionCreate event, I save the "unique identifier to the database."
B. When the user opens the login page, I generate a captcha and send it to the front-end Cookie.
C. After successful login, I assign a value to ID.
D. I also wrote a separate parameter called Status for login success detection, which is used in the front-end template.
Problems:
1. When I open the login page for the first time, it might result in the captcha being sent as empty, because the login page and the GetViewInfo method execute CurrentSession.Initialize(@CookieData, TypeInfo(TCookieData), 0) simultaneously.
2. Moreover, every time the CurrentSession.Initialize method is executed, the OnSessionCreate event is also triggered at the same time, which is inefficient. Additionally, I have to check if the Unique field exists in the database.
3. If the TCookieData type contains many parameters, and I assign values to them in different methods, it will execute the CurrentSession.Initialize method multiple times, which is inefficient and error-prone.
Final Question:
Is my writing and thinking correct? Is there a better solution?
Offline
#3 2025-08-25 06:00:17
- testgary
- Member
- Registered: 2025-02-06
- Posts: 29
Re: session
GetViewInfo() is called for every view, so it is clearly not the right place to check the cookie and always initialize it.
Have a more refined cookie usage, as we did for the "blog" sample.
I understand. Does this mean that in every method with a page, I need to handle the cookie? Because I want to create a session for the user whenever they open any of my pages (if there is no session), as I need to track and process their operations.
Offline
#5 2025-08-25 13:28:11
- testgary
- Member
- Registered: 2025-02-06
- Posts: 29
Re: session
I suspect "create a session for the user whenever they open any of my pages" is clearly an anti-pattern.
Just imagine the damage any HTTP fuzzing could do on this server.
Because I have seen many websites, especially the larger ones, when you open any page, there will be cookies on the front end. I think using this to track and handle user behavior is more convenient.
For instance, if you are promoting an AI website or a comic website, when user A finishes using the default points on the website, they need to share the corresponding link with user B. Once user B clicks on the link, the points used by user A will increase.
How can such a function be implemented? Thank you! Of course, there is also a bug related to deleting cookies here.
Offline