A question on authentication


(egold2005) #1

I have the following implementation of Login and Logout methods on server side. Are these correct?

For some reason i am receiving session not found exception when i do Logout.

function TIdlsAuthService.Login(const AUsername: string; const APassword: string; const AUserParams: string; out AUserInfo: DataAbstract4_intf.UserInfo): Boolean;
   var vConnection: IDAConnection;
       vDataSet: IDADataSet;
       vSL: TStringList;
begin
   vSL := TStringList.create;
   try
      vSL.CommaText := AUserParams;

      vConnection := Schema.ConnectionManager.NewConnection('idls', TRUE);
      vDataSet := Schema.NewDataSet(vConnection, 'LOGIN');
      vDataSet.ParamByName('user_id').AsString := AUsername;
      vDataSet.ParamByName('passname').AsString := APassword;
      vDataSet.open;
      result := (vDataSet.RecordCount > 0) and (not LookupSession(vSL));
      if result then begin

         CreateSession;
         
         aUserInfo := UserInfo.Create;
         aUserInfo.SessionID := Utf8Encode(GuidToString(ClientID));
         AUserInfo.UserID := vDataset.Fields[0].AsString;
         
         Session.Values['UserID'] := vDataset.Fields[0].AsInteger;
         Session.Values['IPAddress'] := vSL[0];
         end
      else
         DestroySession;

   finally
      vSL.free
   end;
end;

procedure TIdlsAuthService.Logout(const AUserID: Integer);
   var vIdx: integer;
       vSL: TStringList;
       vSession: TROSession;
       vSessionID: string;
begin
   vSL := TStringList.create;

   try
      SessionManager.GetAllSessions(vSL);
      for vIdx := 0 to vSL.count - 1 do begin
         vSessionID := vSL[vIdx];
         vSession := SessionManager.FindSession(StringToGUID(vSessionID));
         if Assigned(vSession) then
            if vSession.Values['UserID'] = AUserID then begin
               SessionManager.DeleteSession(StringToGUID(vSessionID), FALSE);
               DestroySession;
               break
            end
      end;
   finally
      vSL.free;
   end;
end;

function TIdlsAuthService.LookupSession(const AUserParams: TStringList): boolean;
   var vIdx: integer;
       vSL: TStringList;
       vSession: TROSession;
       vSessionID: string;
begin
   result := FALSE;
   vSL := TStringList.create;

   try
      SessionManager.GetAllSessions(vSL);
      for vIdx := 0 to vSL.count - 1 do begin
         vSessionID := vSL[vIdx];
         vSession := SessionManager.FindSession(StringToGUID(vSessionID));
         if Assigned(vSession) then
            if vSession.Values['IPAddress'] = AUserParams[0] then begin
               result := TRUE;
               break
            end
      end;
   finally
      vSL.free;
   end;
end;

(EvgenyK) #2

this code is enough:

procedure TIdlsAuthService.Logout(const AUserID: Integer);
begin
    DestroySession;
end;