Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!
Hello everyone. I'm creating a browser game and have run into a snag. I am unsure where to post my questions on Gamedev. I'm going to use this forum until informed otherwise.
The questions I have are more to do with website hosting as opposed to game development, I'm just hoping I can get a few quick pointers as to where else to look for the information.
What I'm wanting to know is if I can create an 'instance' of a url link for a logged in user. Rather than having a boolean value determine a persons access I was thinking of creating instances of links that are closed down from the server as soon as a client logs off? I'm sure this is already done in some fashion. Does anyone know what I'm looking for?
The way you do this is store all the various permission bits (user ID, score, and whatnot) in some semi-persistent back-end storage. Memcached is often used. Redis, MySQL, Cassandra, or pretty much any other shared persistent storage will work, too. You will want the storage to expire after some time (30 minutes to 30 days are common session lifetimes.) Then, key that data by a long, randomly-generated string (known as the "session key" or "session id.") Set a cookie on the HTTP session that is named "sid" and that has the session key as value. For each request that comes in, look at the value of the "sid" cookie, and if it matches an existing stored chunk of state, assume that that's the user.
Note that, if you use HTTP instead of HTTPS, and the user is accessing your site from a public WiFi somewhere, someone running Wireshark can steal the session cookie. This attack was made famous by the "firesheep" tool. Hence, you should use HTTPS for all traffic. That's easy now, that "let's encrypt" makes it free and automated to get certificates. When the user logs out, terminate the record with the key of the user's session id, and clear the "sid" cookie.
