ESP8266 Community Forum

- Wed Feb 27, 2019 1:17 pm #80835 Hello, I have a question, in a small server with 2 pages, the first being the login one.
How can a client be authenticated and when he disconnects he has to re-enter the password.

And if you put the route in the browser on page 2 do not access it if you have not gone through the access page.

Actually the login works correctly for me, but if I put the full path of page 2, it also serves me without any password.


For example:

Code: Select allwebServer.on ("/ loginconfig.php", [] ()
{
if (webServer.args ()> 0 && webServer.arg (0) == "password")
{
webServer.send (200, "text / html", PASSOK);
}
else
{
webServer.send (200, "text / html", ERRORPASS);
}


I have searched but I do not see anything clear or simple to implement.

Greetings and thank you

- Wed Feb 27, 2019 8:31 pm #80838 I searched for authentication cookies and ESP8266. I found this https://www.youtube.com/watch?v=pPXTYRf6nWo

- Thu Feb 28, 2019 4:39 am #80847 Thank you, for your help that I already saw, I'm looking for something easier.

- Thu Feb 28, 2019 9:02 am #80851 I am not that familiar with web security, but if I were to try something simple I would try this. Get the connection MAC address of the client on each request. After authentication provide the content. If the client is not authorized then supply a different content for whatever page it connects to. Or a redirect to the login screen.

A timer can also be used to keep track of the continued access. If the client does not access the server in a set time, then require them to log in again. (optional)