Recent

Author Topic: Indy Http (TidHttp) and logout with Lighttpd  (Read 733 times)

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Indy Http (TidHttp) and logout with Lighttpd
« on: November 12, 2022, 09:13:50 pm »
Hello.
Given Lighttpd webserver with php installed and configured as cgi. the Lighty is also configured with simple authentification (user:password).

Since Http protocol is state less, I wonder if I send a request with Indy IdHttp using login & password in request, once the send operation is done, is the server requests authentification from client for second send ??
 
Why I ask this, I have to developpe  an application in lazarus using Indy and communicating with lighttpd where there is php scripts. using IdHttp to send data and receive response as json from server.

thank you.
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

PierceNg

  • Sr. Member
  • ****
  • Posts: 285
    • SamadhiWeb
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #1 on: November 13, 2022, 04:18:17 am »
Hello.
Given Lighttpd webserver with php installed and configured as cgi. the Lighty is also configured with simple authentification (user:password).

Since Http protocol is state less, I wonder if I send a request with Indy IdHttp using login & password in request, once the send operation is done, is the server requests authentification from client for second send ??

If Lighty is configured using HTTP Basic Authentication, then what happens is:

- First time your web browser connects, the browser pops up a dialog box prompting username and password.
- Browser remembers what you entered.
- Browser sends your credentials on every request.

Here's MDN reference material on basic authentication.

However, there exist many many ways of doing web authentication. The ways that don't use Basic Authentication will typically have a login form on a web page. So it really depends on how exactly your Lighty server and/or PHP application are doing it.

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #2 on: November 14, 2022, 10:13:07 am »
@PierceNg
Thank you for your enlightements.
I have some scripts on server written in php, and the folder is protected with basic-authentification schema.
So I think that it is good way for me to add SSL/TLS for lighty and stay with basic_auth after knowing this
Quote
- Browser remembers what you entered.
- Browser sends your credentials on every request.
This mean, I must Always send credential in every request using Indy Http.


Thank you.
« Last Edit: November 14, 2022, 10:14:47 am by BSaidus »
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1168
    • Lebeau Software
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #3 on: November 14, 2022, 11:40:09 pm »
Since Http protocol is state less, I wonder if I send a request with Indy IdHttp using login & password in request, once the send operation is done, is the server requests authentification from client for second send ??

It might, yes.  Or, it might send you a cookie representing the login session, expecting you to send that cookie back to the server on subsequent requests (TIdHTTP will handle that for you if its AllowCookies property is True, which it is by default).  It depends on how the server is setup to operate.

You can optionally set credentials on a request before sending it.  Or, you can wait for the server to ask for credentials.  TIdHTTP will fire its On(Select)Authorization events whenever the server asks for new credentials during a request.
« Last Edit: November 14, 2022, 11:44:25 pm by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #4 on: November 16, 2022, 08:55:55 pm »
Since Http protocol is state less, I wonder if I send a request with Indy IdHttp using login & password in request, once the send operation is done, is the server requests authentification from client for second send ??

It might, yes.  Or, it might send you a cookie representing the login session, expecting you to send that cookie back to the server on subsequent requests (TIdHTTP will handle that for you if its AllowCookies property is True, which it is by default).  It depends on how the server is setup to operate.

You can optionally set credentials on a request before sending it.  Or, you can wait for the server to ask for credentials.  TIdHTTP will fire its On(Select)Authorization events whenever the server asks for new credentials during a request.


Thank you for this, I'll try it, I use php scripts in the server side. With php I can manage cookies.

lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #5 on: November 16, 2022, 08:56:20 pm »
Thank you all guys, for your responses.
« Last Edit: November 16, 2022, 08:59:31 pm by BSaidus »
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #6 on: November 21, 2022, 01:35:32 pm »
Hi @Remy Lebeau
Could you please if, you have an example using "IdHttp" and "IdCookieManager", or pointing me to an example in the internet.

Thank you.
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

paweld

  • Hero Member
  • *****
  • Posts: 543
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #7 on: November 21, 2022, 02:10:51 pm »
Code: Pascal  [Select][+][-]
  1. uses
  2.   IdHTTP, IdCookieManager, IdSSLOpenSSL, IdGlobal, IdURI;
  3.  
  4. var
  5.   ih: TIdHTTP;
  6.   ihssl: TIdSSLIOHandlerSocketOpenSSL;
  7.   icm: TIdCookieManager;
  8.  
  9. procedure TForm1.FormCreate(Sender: TObject);
  10. var
  11.   i: Integer;
  12. begin
  13.   ih := TIdHTTP.Create;
  14.   ih.HandleRedirects := True;
  15.   ihssl := TIdSSLIOHandlerSocketOpenSSL.Create;
  16.   ihssl.SSLOptions.Method := sslvSSLv23;
  17.   ihssl.SSLOptions.SSLVersions := [sslvSSLv23];  
  18.   ih.AllowCookies := True;
  19.   icm := TIdCookieManager.Create;
  20.   ih.IOHandler := ihssl;
  21.   ih.CookieManager := icm;
  22.   ih.Get('https://lazarus.freepascal.org');
  23.   for i := 0 to icm.CookieCollection.Count - 1 do
  24.     Memo1.Lines.Add(icm.CookieCollection.Cookies[i].CookieText);
  25. end;
Best regards / Pozdrawiam
paweld

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #8 on: November 21, 2022, 04:10:42 pm »
Code: Pascal  [Select][+][-]
  1. uses
  2.   IdHTTP, IdCookieManager, IdSSLOpenSSL, IdGlobal, IdURI;
  3.  
  4. var
  5.   ih: TIdHTTP;
  6.   ihssl: TIdSSLIOHandlerSocketOpenSSL;
  7.   icm: TIdCookieManager;
  8.  
  9. procedure TForm1.FormCreate(Sender: TObject);
  10. var
  11.   i: Integer;
  12. begin
  13.   ih := TIdHTTP.Create;
  14.   ih.HandleRedirects := True;
  15.   ihssl := TIdSSLIOHandlerSocketOpenSSL.Create;
  16.   ihssl.SSLOptions.Method := sslvSSLv23;
  17.   ihssl.SSLOptions.SSLVersions := [sslvSSLv23];  
  18.   ih.AllowCookies := True;
  19.   icm := TIdCookieManager.Create;
  20.   ih.IOHandler := ihssl;
  21.   ih.CookieManager := icm;
  22.   ih.Get('https://lazarus.freepascal.org');
  23.   for i := 0 to icm.CookieCollection.Count - 1 do
  24.     Memo1.Lines.Add(icm.CookieCollection.Cookies[i].CookieText);
  25. end;

Thank you.
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1168
    • Lebeau Software
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #9 on: November 23, 2022, 04:30:38 am »
Code: Pascal  [Select][+][-]
  1. var
  2.   ...
  3.   icm: TIdCookieManager;

You don't really need to create a TIdCookieManager manually in most situations, unless you want to share a single TIdCookieManager amongst multiple TIdHTTPs.  Otherwise, TIdHTTP will create a TIdCookieManager internally for itself as long as its AllowCookies property is true.

Code: Pascal  [Select][+][-]
  1. ihssl.SSLOptions.Method := sslvSSLv23;
  2. ihssl.SSLOptions.SSLVersions := [sslvSSLv23];

Don't do this. The Method and SSLVersions properties are mutually exclusive, setting one updates the other.  But Method is deprecated, use only SSLVersions.  But don't set SSLVersions to sslvSSLv23, as that will enable every SSL/TLS version supported, from SSL v2.0 up to TLS v1.2.  Never enable the SSL's, as they are no longer secure and nobody uses them anymore.  Only enable the TLS's.

Code: Pascal  [Select][+][-]
  1. ihssl.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];

Code: Pascal  [Select][+][-]
  1. Memo1.Lines.Add(icm.CookieCollection.Cookies[i].CookieText);

The TIdCookie.CookieText property is deprecated, use the TIdCookie.ServerCookie property instead.
« Last Edit: November 23, 2022, 04:33:05 am by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

paweld

  • Hero Member
  • *****
  • Posts: 543
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #10 on: November 23, 2022, 07:06:47 am »
@Remy Lebeau: Thank you very much for useful information.
Best regards / Pozdrawiam
paweld

BSaidus

  • Sr. Member
  • ****
  • Posts: 434
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: Indy Http (TidHttp) and logout with Lighttpd
« Reply #11 on: November 23, 2022, 12:25:22 pm »
@Remy Lebeau.
Thank you, you are the best !
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

 

TinyPortal © 2005-2018