Answer the question
In order to leave comments, you need to log in
V
V
vasIvas2015-10-03 22:00:04
vasIvas, 2015-10-03 22:00:04
What should happen when a user visits the site?
If you think that the topic has an inappropriate tag, you can remove it.
I'm trying to make my first website and the biggest problem is "not understanding the process".
Let's say a registered but not authorized user has entered my site on the root domain. What actions should take place on the server? I seem to have a standard server architecture. Each route has its own controller, which has a link to the model (which works with the database) and also has a link to the view, that is, it renders ...
And now they come to my site in the root route ... What do I need to do ?
UPD:
Well, I went to the site, the site should find out if I am authorized now. How will he know?
And it turns out that when I go to the site, "some" controller is triggered, which
creates a user model. Then, when I moved to some section
, another controller is already triggered in which everything starts all over again. That is, again I have
to somehow find out if the user is authorized or not, then create the user model again ..
And is it necessary every time or is it not necessary at all?
3 answer(s)
@vasIvas
@2ord
There are resources that are available only to registered users. To use these resources, the user must first be identified in the system using an authentication form (name/password). Depending on the needs, the program can check whether the user is authorized to perform certain actions (authorization check).
When authenticating, the user sends a POST request (use HTTPS for data security!) via a form with a username/password combination. The program on the server creates a hash of the password and compares it with the one stored in the database for the given user. If it matches, then a cookie with a session hash is sent to the user, according to which the server will determine whether the user is authenticated.
Role Based Access Control
Authentication and Authorization
R
riente, 2015-10-03 @vasIvas
Well, if you explain on your fingers, then approximately the algorithm is as follows:
a person enters, the system checks his session: if the user’s data and the fact that he is authorized are stored in it, then okay, we show him some information; if not, then for example we throw it on the login page. After entering the data, if they are correct, the system saves in the session, say, the user id. Subsequently, when getting to any page where authorization is required, the system sees that the user is authorized, and by his id from the database receives the model and then uses it for its intended purpose.
R
Roman Mirilaczvili, 2015-10-03 @2ord
Authentication is a verification of the conformity of the subject and who he is trying to impersonate, using some unique information (fingerprints, iris color, voice, etc.), in the simplest case, using a login and password.
Authorization is the verification and determination of the authority to perform certain actions (for example, read the /var/mail/eltsin file) in accordance with the previously performed authentication.
There are resources that are available only to registered users. To use these resources, the user must first be identified in the system using an authentication form (name/password). Depending on the needs, the program can check whether the user is authorized to perform certain actions (authorization check).
When authenticating, the user sends a POST request (use HTTPS for data security!) via a form with a username/password combination. The program on the server creates a hash of the password and compares it with the one stored in the database for the given user. If it matches, then a cookie with a session hash is sent to the user, according to which the server will determine whether the user is authenticated.
Role Based Access Control
Authentication and Authorization
Similar questions
D
V
A
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question