Reputation: 550
Delphi: How to create a stateful connection to the RESTful server created using DelphiMVCFramework?
I use DelphiMVCFrameWork 3.2.1 for building the RESTful server for my mobile app.
For getting data I always use the basic auth. and I send the username and password everytime (for example):
procedure TDM.getGroupsFromServer;
var
Http: TIdHTTP;
ReqStr:string;
begin
try
Http := TIdHTTP.Create(nil);
Http.ReadTimeout := 10000;
Http.Request.ContentType := 'application/json';
Http.Request.CharSet := 'utf-8';
HTTP.Request.Accept:= '*/*';
Http.Request.BasicAuthentication:= true;//<---------
Http.Request.Username := DM.username;//<---------
Http.Request.Password := DM.password;//<---------
ReqStr:=Http.Get('http://'+SERVER_IP+':8080/api/groups');
groupsJSON:=ReqStr;
dsGroups.LoadFromJSONArrayString(ReqStr);
dsGroups.First;
finally
Http.Free;
end;
end;
Is there any login method and after that I do my requests and finally I call logout to terminate the connection?
- User login: by sending username & password
- User do CRUD operations (without sending user & pwd every call)
- User logout / connection timeout is occurred
Thanks in advance
Upvotes: 1
Views: 547
Answers (1)
Reputation: 12292
If you don't want to sent usercode/password with each request, which is legitimate, then you must send a cookie. That cookie (time limited) is generated by server code and stored somewhere (database or in memory), would be returned by the first request having usercode/password.
For later requests, the client send the cookie along with request data. The server has to check for the cookie and grant access if cookie is valid.
Of course the cookie must be unique for usercode and probably for the originating IP so that all requests can be associated with a given client on a given computer so that a check is made to verify the client has the required access for that specific request.
Depending on the framework capabilities (DelphiMVCFrameWork in your case), the cookie could be either an actual HTTP cookie, or simply a data field. That is not important as long as the cookie is transported from client to server for validation.
Upvotes: 1
Related Questions
- REST Server without GUI
- Delphi REST Servers and 3rd party Applications
- Delphi: REST Request with BASIC authentication
- Delphi XE2 DataSnap - Access REST connection properties in server methods module
- Post JSON data to RESTful datasnap server from delphi client
- Delphi - REST Request wont work with ClientDataSet on non-Dev boxes
- Delphi REST Request async
- Delphi rest and authentication
- Delphi RESTClient POST request
- REST server in Delphi XE2 pro