I am currently using JSON Web Token to authenticate every page of my website except homepage. The idea is to generate token on login/registration with the user's MongoDB id and save that into cookies. Then whenever user tries to open any page, first token will be decoded and then id will be matched with the database records to verify that the correct user is trying to access page.
I haven't launched the website yet. My question is, is it a good practice to access database before every page loads for user or will it slow down my website once more users start coming on website?
Related
I am currently building a Chrome extension that lets users auto-register for courses on a particular website once registration opens. The registration process is just a simple fetch POST request with an authentication header.
Now, this already works using the chrome.alarms API while the browser is open, but for obvious reasons I would want this to also work once the user closes the browser. Do you have any ideas how to do this? I really want to avoid to externally save user data..
If this is impossible, my idea would be to send the registration fetch to an external server (maybe even one hosted on a Raspberry Pi? Other ideas?) and then execute it once the registration opens.
I read this in Wiki:
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.
Now I want to know who creates cookies. Is it the browser or can every site create a cookie on its own? Who controls what information has to be saved in cookie and how can all the form field data be saved in cookie?
I think "Setting a cookie" section will help you a lot.
http://en.wikipedia.org/wiki/HTTP_cookie
The website creates the cookie, whether front end (Javascript cookie) or back end (PHP cookie)
The website developer controls what is stored in the cookie.
The website developer gets the information from a form, processes it, then stores it in the cookie.
COOKIES are created by site owner. cookies are actually client side sessions.
Now I want to know who creates cookies. Is it the browser or can every site create a cookie on its own? Who controls what information has to be saved in cookie and how can all the form field data be saved in cookie?
Cookies are created on the client machine by the web server. cookies are initiated using php sessions the browser on the client side stores this cookie as phpsession id which identify s the user the php on the server can then recognize the user by the cookie which is sent from the client to the server. (via the browser).
The creator of the website will control what data is contained in the cookie, for example
`<? php
session_start();
if($_SESSION['logged_in'] == "")
{
header("Location: login.php");
}
?>`
for example the above code would check if the user had the value 'logged_in' if they had not logged in they were redirected to the login page. else they could continue to view the page.
" THanks you , could please let me know can one site access cookies of other site and read information from it and make sense out of it – Vinayjava 1 hour ago"
Yes one website is able to grab information from another website this is known as Cross site request forgeryand is most often performed via XSS injection etc, it can be used to steal user cookies..
any other questions about cookies message me i should be able to help
I am trying to retrieve the data from a website after the script successfully logs in. I am able to fetch the data from the website but it seems it just giving me the information from the website prior to the website of the login. Any help would be really appreciated
If you are trying to create a software to fetch data of a site after login, you might have to handle sessions and cookies as that's how a site knows a user if logged in or not.
I would like to recover the non-public information to a facebook page for an application "desktop" in C # and I do not know how. Do I have to go through a Facebook application that the user allow or do I get the Facebook user to have a access_token and display the page based on this one? FYI I use graph (and a JSON) that I get, I picked up this version as the "public" group:
https://graph.facebook.com/283774678311430
Do I have to go through a Facebook application that the user allow
Yes, you need an application to let the user give access to view the page or have the page owner give access
do I get the Facebook user to have a access_token and display the page based on this one?
Same answer, use the page owner as the user call /me/accounts and grab the page access token.
I am trying to implement a simple login system with facebook, but I need users to pick a username. What I was thinking was to get all the information I need from facebook, request permissions, then add the information to the database, redirect to a form asking for a username and then add that to the database, to the same entry.
I think a transaction is needed so I don't end up with any half completed database entries. But I've only ever used them on the same page, so I'm wondering if this is safe? If it fails then there is no point where I would be telling the database to roll back the changes and it would be with a transaction open.
Is this right or will it be ok?
I think you made it more complicated than it should be :)
No need to enter facebook id into database before username as you can always grab it later.
Forward user to login screen (or better just open login popup using javascript FB API)
Once user is logged in forward them to username picking page (or better do javascript popup without page redirect)
When user is entered username request the current user id from facebook on server side (by either using graph api or fql) and then if everything is ok enter this record to database.