I'm building a component, and have some questions. This non-visual component is a Session Manager (I'm naming it TJDSessions) and it wraps all necessary functionality for keeping track of client sessions on a server. Assume you have a socket system (server/client) and your server needs to keep track somehow of the client connections. On the other hand, you also have a database with all user info and session listing. This component acts as a mediator or layer between the connection to be managed and the database behind it.
Every session is represented by an object called a TJDSession. When your server socket (or whatever it is that needs to be managed) gets a new client connected, you call a function in this session manager "NewSession". The component handles all the login validation AND cookie validation. For new sessions, it generates a new unique cookie string. You can call "NewSession" and provide either the username/password or the cookie string to log in. You also pass along one of your own custom objects in this function through a pointer. The function then returns the new instance of this session. There are two overloads of this function:
When calling this function, a series of validation is performed. The beauty of this component is the events that are called. Upon the new connection, it triggers an event "OnSessionStart" where it passes along the new TJDSession instance and a variable you can set to False to deny the connection. If the connection is accepted, then it will trigger another event "OnLoginRequest" providing the username/password OR "OnCookieRequest" providing the cookie, and will also have a variable you can set to True or False to allow or deny the user or cookie login.
It is presumed that all the methods and properties of this component relate to the multiple client connections, and the events of this component are related to interacting with the database. Other events include "OnSetTimeout" or "OnSessionTimeout" or "OnLoginFailed".
The component also does some other automated stuff, like keeping a record of each session's client ID (your database's ID of the user connected), limiting number of connections (and trigger OnMaxConnectExceeded event), and handling pings from client to server (for telling the server connection is still active).
Pinging is as easy as calling...
And when a session hasn't received a ping in a specified timeout period, it automatically calls an event "OnSessionTimeout" where you would presumably destroy the connection.
And for my questions:
1 - The original version of this was interacting directly with a SQL database, and expects a specific data structure. Later I aborted this idea and went to calling events when you need to do something with the database. What's your opinion on whether or not building-in the database interaction? (such as saving session records, reading usernames, etc.)
2 - I'm still a little fuzzy on the concept of cookies. I understand it's an alternative to logging in, you can send a cookie rather than username/password - correct? How should cookies be implemented? Should I make this component handle them at all? (There's a property "CookieSize: Integer" where you can specify how many characters cookies are)
3 - Do you think I should build in encryption? This would be for inputting username/password and such. If so, how would I go about it?
4 - The goal is to make this universal for any type of connection, not just WinSock connections (which is what I will be most commonly using this for). Can you think of anything else this is missing, or that it can automate?
5 - If you were building a server service which allowed numerous incoming socket connections and managed their sessions and user accounts in a SQL database, would this be a good tool for you to use? (Is it something you would prefer to use to automate session management?)
JD Solutions
Every session is represented by an object called a TJDSession. When your server socket (or whatever it is that needs to be managed) gets a new client connected, you call a function in this session manager "NewSession". The component handles all the login validation AND cookie validation. For new sessions, it generates a new unique cookie string. You can call "NewSession" and provide either the username/password or the cookie string to log in. You also pass along one of your own custom objects in this function through a pointer. The function then returns the new instance of this session. There are two overloads of this function:
Code:
function TJDSessions.NewSession(const Username, Password: String; var Data: Pointer): TJDSession; overload;
function TJDSessions.NewSession(const Cookie: String; var Data: Pointer): TJDSession; overload;When calling this function, a series of validation is performed. The beauty of this component is the events that are called. Upon the new connection, it triggers an event "OnSessionStart" where it passes along the new TJDSession instance and a variable you can set to False to deny the connection. If the connection is accepted, then it will trigger another event "OnLoginRequest" providing the username/password OR "OnCookieRequest" providing the cookie, and will also have a variable you can set to True or False to allow or deny the user or cookie login.
It is presumed that all the methods and properties of this component relate to the multiple client connections, and the events of this component are related to interacting with the database. Other events include "OnSetTimeout" or "OnSessionTimeout" or "OnLoginFailed".
The component also does some other automated stuff, like keeping a record of each session's client ID (your database's ID of the user connected), limiting number of connections (and trigger OnMaxConnectExceeded event), and handling pings from client to server (for telling the server connection is still active).
Pinging is as easy as calling...
Code:
procedure TJDSession.InsertPing(const DT: TDateTime);And when a session hasn't received a ping in a specified timeout period, it automatically calls an event "OnSessionTimeout" where you would presumably destroy the connection.
And for my questions:
1 - The original version of this was interacting directly with a SQL database, and expects a specific data structure. Later I aborted this idea and went to calling events when you need to do something with the database. What's your opinion on whether or not building-in the database interaction? (such as saving session records, reading usernames, etc.)
2 - I'm still a little fuzzy on the concept of cookies. I understand it's an alternative to logging in, you can send a cookie rather than username/password - correct? How should cookies be implemented? Should I make this component handle them at all? (There's a property "CookieSize: Integer" where you can specify how many characters cookies are)
3 - Do you think I should build in encryption? This would be for inputting username/password and such. If so, how would I go about it?
4 - The goal is to make this universal for any type of connection, not just WinSock connections (which is what I will be most commonly using this for). Can you think of anything else this is missing, or that it can automate?
5 - If you were building a server service which allowed numerous incoming socket connections and managed their sessions and user accounts in a SQL database, would this be a good tool for you to use? (Is it something you would prefer to use to automate session management?)
JD Solutions