After putting my below queries on this forum, I searched a lot on net to find answers.
I observed that OSESSIONID cookie is returned by server after successful first login and if I do not sent username:password combination in subsequent REST calls, I am still able to access DB, assuming browser is sending back OSESSIONID cookie back to server in subsequent request headers. When I looked the subsequent REST calls, I could not find OSESSIONID sent to server in request headers (chrome debugger) but the access to server is still working. Why so ? Is it that OSESSIONID cookie is sent but not shown in chrome debugger, if yes, why so ? Another point noted from below blog http://www.troyhunt.com/2013/03/c-is-for-cookie-h-is-for-hacker.html As per this blog, HttpOnly cookies can be set as secure so that they are not sent on non-HTTPS protocol even by mistake. Assuming the app is hosted on HTTPS, can we set secure flag for OSESSIONID in OrientDB somehow ? If yes how ? Is there any setting for it in OrientDB or some code need to be changed ? Regards, Gaurav On Thursday, March 13, 2014 1:43:54 PM UTC+5:30, Gaurav Dhiman wrote: > > Can someone answer below queries on urgent basis. These are imp to know to > go ahead in my app with OrientDB > > On app start / load, I want to do actions in below sequence: > 1. Check if user is already logged-in in server. Is there any REST call to > do that ? This need to be done even before connecting to server. > 2. If user is not logged-in, connect to server using REST call connect/db > 3.If user login is successful, get user details or at least RID on client > 4. Initialize the app with required data from server. > > Queries: > - Even before connecting to DB using connect/db REST call, check if any > user is already logged-in. I am transitioning from Wakanda, it has a > function > currentUser()<http://doc.wakanda.org/Directory/Directory-Class/currentUser.301-814704.en.html>which > performs this check. Do we have something similar in OrientDB ? > - Once user login with connect/db REST call, client will receive > SessionID. How to use it in subsequent call for authentication in place of > sending username:password in every REST call. > Regards, > Gaurav > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
