Help with session based authentication flow #200
-
|
Greetings SQLPagers! I'm reading through the documentation, and I'm having trouble wrapping my head around the session based authentication flow. I've gotten as far as setting up:
✅ Working
❌ Not working
Here are my files so far: sqlpage/migrations/0001_initial_setup.sql-- SQLite3
-- users
CREATE TABLE IF NOT EXISTS "users" (
"id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
"email" TEXT NOT NULL UNIQUE check (email LIKE '%@%'),
"username" TEXT NOT NULL UNIQUE check (length("username") <= 50),
"password_hash" TEXT NOT NULL,
"created_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
);
-- user sessions
CREATE TABLE IF NOT EXISTS "sessions" (
"id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
"user" INTEGER NOT NULL REFERENCES "users" ("id"),
"token" TEXT NOT NULL UNIQUE,
"created_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
);index.sqlLet's say I want to protect this page. Here, I'm just trying to show the session token so I know I have access to it (and can check the authentication). select 'card' as component,
'Hello, ' || sqlpage.cookie('session_token') || '!' as title;login.sqlSELECT 'form' AS component,
'Login' AS title,
'ui/procedures/process-login.sql' AS action;
SELECT 'text' AS type,
'username' AS name,
'Username' AS label;
SELECT 'password' AS type,
'password' AS name,
'Password' AS label;ui/procedures/process-login.sqlSELECT 'authentication' AS component,
'login.sql' AS link,
(SELECT password_hash FROM users WHERE username = :username) AS password_hash,
:password AS password;
-- The code after this point is only executed if the user has sent the correct password
-- Generate a random session token
INSERT INTO sessions (token, user)
VALUES (sqlpage.random_string(32), (select id from users where username = :username))
RETURNING
'cookie' AS component,
'session_token' AS name,
token AS value;
-- redirect
SELECT 'redirect' AS component,
'/' AS link;Am I missing someting in this flow? I'm not getting a result from the sqlpage.cookie() function. Thank you! 🙏 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Hello ! Your example looks fine to me and works on my machine.
SQLPage-Authentication-Example.zip How are you testing it ? Depending on your configuration, you may want to add
https://replit.com/@pimaj62145/SQLPage-Authentication-Example |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the points about local dev nuances Ophir! But actually, I think it had to do with the -- Generate a random session token
INSERT INTO sessions (token, user)
VALUES (sqlpage.random_string(32), (select id from users where username = :username))
RETURNING
'cookie' AS component,
'session_token' AS name,
token AS value,
'/' AS path;I maybe misunderstood the I was using a file structure like: It turns out Glad to have it resolved, and thank you for your help! 🙏 |
Beta Was this translation helpful? Give feedback.
-
|
I just realised that the documentation said that the default for |
Beta Was this translation helpful? Give feedback.
Thank you for the points about local dev nuances Ophir! But actually, I think it had to do with the
pathparameter in my case. I manually setpathto '/' in thecookiecomponent like so:I maybe misunderstood the
cookiecomponent documentation. It says the path parameter defaults to all paths when left blank, but that seems to be the case for top-level files only.I was using a file structure like: