Demonstrates custom user validation and the use of a cookie to identify a previously validated user. Also shows simple use of the CryptoAPI.
Use a browser to view ProtectedResource.srf. Each time you try this, you will be redirected to LoginPage.srf until you have successfully logged in. You will be allowed to log in if the user name and password are identical. Once logged in, you will be redirected to ProtectedResource.srf, and future navigations to that page will succeed until the browser is closed.
When the server receives a request for ProtectedResource.srf, the request handler for that page looks for a special cookie. If the cookie is not present or its contents are invalid, the server redirects the user to the login page.
When submitted, the login page returns the user's name and password to the server along with the URL that the user originally requested (the URL is hidden from the user in a hidden form field).
If the login attempt is successful, the user is supplied with the special cookie, then redirected back to the original resource. This time the server allows access to the resource, and will continue to allow access for as long as the user retains the cookie.
AtlHexEncode | AtlHexEncodeGetRequiredLength | CCookie::GetValue | CCryptHash | CCryptHash::AddData | CCryptHash::Attach | CCryptHash::GetSize | CCryptHash::GetValue | CCryptProv::GenRandom | CCryptProv::GetHandle | CCryptProv::Initialize | CHttpRequest::Cookies | CHttpRequest::GetCookies | CHttpResponse::AppendCookie | CHttpResponse::Redirect | CHttpResponse::SetStatusCode | IHttpServerContext::GetTotalBytes | IHttpServerContext::GetTotalBytes | IRequestHandlerImpl::m_spServerContext