I'm new to the topic, and want to integrate cookies in my custom socket components. Please correct me if I'm wrong about anything or if you have any suggestions...
Many people have a different definition of cookies, but it all boils down to a general topic. The overall goal of cookies is to save a unique code on the client's computer to speed up the login process. When a user logs in to the server with a username/password, the server sends back a cookie. This is a large unique string which is unique to this particular session. Later on, when the client connects to the server, rather than sending the username/password for validation, it can instead send just the cookie string.
At least this is what I understand with how cookies are used in systems such as Yahoo. Websites, on the other hand, use cookies differently. A website can literally store more or less a database on your computer by using cookies. This is considered abuse, but they do it anyway. The concept of cookies in websites is NOT what I'm aiming for - I want to just use a unique string specific to a particular session.
So, the process goes...
1 - Client logs in to server with username and password.
2 - After server authenticates username and password, a session is created for this user.
3 - Server sends a unique cookie (one of a kind string) back to the client which is specific to this session.
4 - Client stores this cookie on the computer somewhere - just as the server stores the cookie in the database (for this session).
5 - Client logs out.
6 - Client connects to server again, only since a cookie exists, sends the cookie rather than the username/password
7 - Server authenticates cookie by looking in the sessions, rather than the users.
8 - Server continues this session each time the client connects with this cookie.
9 - At some point in time (as specified in the creation of the session), the session is to expire. After that time, the cookie is no longer valid and needs to re-authenticate the username/password.
10 - If client attempts to connect with an expired cookie, server shall send message to client to provide username/password again.
JD Solutions
Many people have a different definition of cookies, but it all boils down to a general topic. The overall goal of cookies is to save a unique code on the client's computer to speed up the login process. When a user logs in to the server with a username/password, the server sends back a cookie. This is a large unique string which is unique to this particular session. Later on, when the client connects to the server, rather than sending the username/password for validation, it can instead send just the cookie string.
At least this is what I understand with how cookies are used in systems such as Yahoo. Websites, on the other hand, use cookies differently. A website can literally store more or less a database on your computer by using cookies. This is considered abuse, but they do it anyway. The concept of cookies in websites is NOT what I'm aiming for - I want to just use a unique string specific to a particular session.
So, the process goes...
1 - Client logs in to server with username and password.
2 - After server authenticates username and password, a session is created for this user.
3 - Server sends a unique cookie (one of a kind string) back to the client which is specific to this session.
4 - Client stores this cookie on the computer somewhere - just as the server stores the cookie in the database (for this session).
5 - Client logs out.
6 - Client connects to server again, only since a cookie exists, sends the cookie rather than the username/password
7 - Server authenticates cookie by looking in the sessions, rather than the users.
8 - Server continues this session each time the client connects with this cookie.
9 - At some point in time (as specified in the creation of the session), the session is to expire. After that time, the cookie is no longer valid and needs to re-authenticate the username/password.
10 - If client attempts to connect with an expired cookie, server shall send message to client to provide username/password again.
JD Solutions
