httpformserver questions

[rakesh]

You do not need multiple instances of your app. The server will create new instances of the HTTPRequestHandler to handle each (concurrent) request.

[Sqarzz]

You do not need multiple instances of your app. The server will create new instances of the HTTPRequestHandler to handle each (concurrent) request.

That's not the case for my project:
Inside the handler I check a form, and if a requirement is set (username and password correct), i set bools.
These booleans will define what htmlsection is outputted.

When I navigate to the page and I log in on one computer,
if I then navigate to the page from a second computer, the bool is already set the true (as in 'logged in');
This made me think the handler only executes as one instance?

[rakesh]

It all depends upon how you set state. If you store individual request/session state in the main application class, you need to re-engineer your system. You should be using regular HTTP session handling features like cookies, or URL encoding your URL's with sessionId values etc.

[Sqarzz]

It all depends upon how you set state. If you store individual request/session state in the main application class, you need to re-engineer your system.

OKay, so the main application should be re-engeneered.
This is the overal structure of how the application works:

class htmlserver: public Poco::Util::ServerApplication
with in the main:

Code: Select all

unsigned short port = (unsigned short) config().getInt("HTTPFormServer.port", 9980);
ServerSocket svs(port);
HTTPServer srv(new FormRequestHandlerFactory, svs, new HTTPServerParams);
srv.start();
waitForTerminationRequest();
srv.stop();


class FormRequestHandlerFactory
with the creation of a requesthandler:

Code: Select all

if (request.getURI() == "/") {return new HtmlPage;}


class HtmlPage: public HTTPRequestHandler
:

Code: Select all

Application& app = Application::instance();
app.logger().information("Request from " + request.clientAddress().toString());
HTMLForm form(request, request.stream());
response.setChunkedTransferEncoding(true);
response.setContentType("text/html");
std::ostream& ostr = response.send();


I check the form data for login input. If for the namevalue pair, the user and password are correct, a bool is set to true.

Code: Select all

NameValueCollection::ConstIterator it;
NameValueCollection::ConstIterator end;
string username, password;
bool login=false;
if (!form.empty()) //als form niet leeg is: dus als er data is ingevoerd
{         
   it = form.begin(); //zie definitie van it & end;
   end = form.end();
   for (; it != end; ++it) //itereren over alle paren van de form
      {
      temp1=it->first;
      temp2=it->second;
      if (temp1=="user") {username=temp2;}
      if (temp1=="pass") {password=temp2;}
      }
   if (username=="rof" && password=="lol") {login=true;}
}


Based on the bool, the content for the page is set.

Code: Select all

if (login==false)
      {
      ostr <<
      "<html><head>";
      ...
      }
if (login==true)
      {
      ostr <<
      "<html><head>";
      ...
      }


If I understand it wright, then because of my use of booleans, the html page looses his sessionless state.

You should be using regular HTTP session handling features like cookies, or URL encoding your URL's with sessionId values etc.

Say I would implement cookies to keep state of a session, then I would have to set the cookie with the extracted userdata from the form.
Is this assumption correct?

Code: Select all

HTTPCookie cooki(username, password);
cooki.setMaxAge(1200); 
cooki.setPath(“/”);
response.addCookie(cooki);

Where in the code should i check for the cookie data?
This will let me identifier a single session,
but how does different sessions run besides each other?

[rakesh]

Since you return a new instance of HtmlPage for each request, you should have no issues with storing sate in the HtmlPage instance itself, since each instance should be bound to a specific request and not to all requests for the requested URL. It would be instructive to step through a debugger session and see how exactly your HtmlPage instances are being created and when. If you are not doing session management (cookies or otherwise), then a subsequent request from same browser should actually behave exactly like you had not previously logged in. I suspect the issue (somehow) is that new instances of HtmlPage are not being created, and that is what you need to debug.

As relates to retrieving cookies, you can use the HTTPServerRequest::getCookies method to retrieve any cookie information the browser has sent to the server in a request.

[Sqarzz]

Thanks Rakesh,
you always succeed to help me see things more clear.

The problem is the booleans on which the output depends are stored globaly, not local in the each instance.
I could set these variables in an individual instance of htmlserver, but i don't really get how data is passed between the different instances.

For instance:
a htmlserver instance is made: output of the login page.
after the login data is entered in the form, a new instance of htmlserver is called.
In this instance there is formdata form the previous submit.
How is it possible the formdata is passed while this is a new instance?
My guess is this is because the formRequestHandlerFactory passes the request, is this correct?

How would i pass the booleans to the new instance. It is called from the formRequestHandlerFactory, so I assume i would have to pass the booleans from here?

Code: Select all

class FormRequestHandlerFactory: public HTTPRequestHandlerFactory
{
public:
   FormRequestHandlerFactory()   {}

   HTTPRequestHandler* createRequestHandler(const HTTPServerRequest& request)
   {
      
      if (request.getURI() == "/") {return new HtmlServer;}
...


so I would have to make something like:
HTTPRequestHandler* createRequestHandler(const HTTPServerRequest& request, bool login) ?

thanks again!

[rakesh]

You do not (should not) store session state in global scope. That is where cookies come in. You set a cookie (this gets written as part of HTTP response headers), next time browser accesses your server it passes back these same cookie value (once again as HTTP request headers). In your code, just look for the cookie value to determine whether user is logged in or not. Note that you need to invalidate the cookie upon logout, as well set some kind of time to live for the cookie itself depending upon how you wish to handle session timeout.

[Sqarzz]

Code: Select all

HTTPCookie(
    const std::string & name,
    const std::string & value
);

Can one cookie only contain one name and one value variabel?
If i set my state with 5 booleans, could i then store these 5 values in different name:value pairs,
would i have to build a value string with all the needed parameters in it, or are these 5 different cookies?

[rakesh]

A cookie is a name-value pair (http://en.wikipedia.org/wiki/HTTP_cookie). You can encode/pack the value as appropriate, so the number of cookies that you use is up to you.

[Sqarzz]

Okay, so I tried working with the cookies :p
at the beginning of the handler i check if there are cookies

Code: Select all

Poco::Net::NameValueCollection cookies;
request.getCookies(cookies);
NameValueCollection::ConstIterator it;
NameValueCollection::ConstIterator end;
if (!cookies.empty())
{   it = cookies.begin();
   end = cookies.end();
   for (; it != end; ++it)
   {
      first=it->first;
      second=it->second;
      cout<<endl<<first<<":"<<second<<endl; 
   }
}

and where I check the login form I do this:

Code: Select all

if (username=="foo" && password=="bar")
   {
   Poco::Net::HTTPCookie userdata("username", username);
   userdata.setMaxAge(3600);
   response.addCookie(userdata);
}

I know for sure the last code part i being executed, but when It is iterating thrue the cookiedata, no data is outputted.
I have a feeling this isn't how I should be using cookies?
Where am I going wrong?