Hello – this is my first post here ?
I have been at this for days now and I’m stumped as to how to build my own webserver with session control and username and password authentication with good security. The user must login to have access to the website app I’m trying to build. I have source to the web server as well which is not your normal Apache or other server but there are various reasons I need to use that one instead and I have the source to the server and I’m very proficient in the language.
First, I’m thinking that once the user successfully signs on the server would send a random and unique session ID. Now, I need a way for every to validate that they have a session unique ID and the server sees that it is a valid one.
I’m wondering what is the best way to set up decent security (I’m not bank or anything but good security is always nice). So here are my questions:
1.
Am I better off with hidden fields or java script cookies? Advantages of each?
Do most computers at internet cafe’s etc, have javascript cookies enabled?
If I use hidden fields, I’m stumped if there are only labels with href on the HTML page and no submit button, how do those pages get the values from the hidden fields?
If I use JavaScript cookies then I can easily assign a random session ID from my webserver to a JavaScript cookie, and again if a user clicks on a label to go from say the homepage.htm to details.htm then how does details.htm send the cookie to the server for verification?
I’m just having a lot of trouble figuring out a way for the server to check verification on each web page that they have signed on.
Thanks,
Mike