DataEase Server uses the session framework for authentication as well. As browser session from a user automatically gets a desessionid cookie, this can be used to track logins as well. The status and user of the session is stored in server memory and when a authentication/login command is used and successful, the session gets status logged in. When a command authentication/logout is used, the session now clears and gets status logged out.

Valid commands for authentication

All session commands starts with the url /authentication/ then we add:

login This url is used to log in to the server using the information found in the Users table in the current app. When a valid username and password is sent to the server, the session gets status logged in and the user name and level is registered in the session store.You the display the values using ,  and

To send the username and password you have several methods: using GET you can simply add the username and password to the URL like /authentication/login/username/password/ and if no ?&next=url is sent, you will get the status back as json.

If you want to use a login form, you can send the username and password as json or as form encoded fields.
logout This command clears the user and level form the session and restored the session to not logged in.

LiveText for user

The values for users can be used in a page by the LiveText [{user.varname}]. The var names are:

[{user.isloggedin}] If the user is authenticated, this will have the value yes and if not the value no.
[{user.level}] The security level of the user. If not logged in this will be blank. When a user is logged in, the security level is set the the one set in the User table in DataEase. The values can be Low1-3, Medium1-3 and High.
[{user.numlevel}] The security level as a numeric value. 1 = High, 2=Medium1 3=Medium2, 4=Medium3, 5=Low1, 6=Low2,  7=Low3 and 8 = No security level set
[{user.sessiondata.key}] Returns a session value based on key name.
[{user.sessionid}] A generated session id that follows a browser session until the cookie uses times out. 
[{user.timeout}] The internal time out value when this session will invalidate. This value is not in the form of a date time, but rather a 64bit value. If you want to know how log it is until your session times out, you can get the value [{server.internaltime}] that is the servers timer uses to check for timeout. The difference between the two is in millisecond. The timeout is updated each time the browser fetches a page.
[{user.username}] The name of the users as used for login

The ways a user can login

We have 4 ways to do a login in DataEase server. Two of them is simply by sending all information using a url and two by posting data. All use the URL: /authentication/login/. 

The default using post

If you just opens the page /authentication/login/ in your browser, you will get the default login page unless you have defined your own in the WebServer table. The code for this login page is the simplest possible page and consist of the following code:

<form method="post" action=".">
<p>Username: <input name="username"></p>
<p>Password: <input type="password" name="password"><input type="hidden" name="next" value="[{session.query.next}]"></p>
<p><input type="submit" value="login"/></p>
</form>

It is not pretty, but hold exactly the minimum of what you should put in your own login page when you define it in the WebServer table. You need a imput item named username, a password input field named password and a hidden field for where you want to redirect to after login named next. Then the default used a form with a post action that will post this login form to the same page as you loaded it from with the GET. The minimum can leave out the next, but then you will get a JSON response page telling how the login went instead of a redirect. The next field in the default page gets populated from the query part of the url. That is when a page sees that you do not have sufficient rights to open it, the server will send you to the login page if you not already are logged in. If you already are logged in you will get a access denied instead. The redirect to login is done by taking the url for the denied page and then redirecting using the path /authentication/login/?&next=[{page.url}].

Login using post json

Another way of logging in that can be used from ex. jquery, is to post or put a json with the relevant fields to the server and look at the result that comes back from the server.

function callback(jdata,status,xhr) {
	if (jdata.isloggedin) {
		// do whatever a successful login should do
	} else { 
		// do whatever a none successful login should do
	}
}

var parameters = {
	'username' : 'myusername',
	'password' : 'mysecret'
};
options = {
	'url' : '/authentication/login/,
	'type' : 'POST',
	'data' : JSON.stringify(parameters),
	'dataType' : 'json',
	'contentType' : 'application/json',
	'success' : callback,
};
$.ajax(options);

The code shown here is using jquery ajax to send the user name and password in the variable parameter to the server as json and then respond to the json result returned in the callback function. The json format is the same as for any login where a redirect is not set. You can make the server automatically redirect on success by adding a 'next' : 'redirecturl' to the paramters. An failure the page will then reload the login page.

Login using a simple get

There are two ways to do a direct login by a simple url. You can do a /authentication/login/username/password/ or a /authentication/login?&username=username&password=password. These will return a json with the result if you not add a next=rediriectpage.

This kind of login can be done as a short version of the json based post. You can use a jquery command like this to fetch username and passord from input login fields on the page.

var loginurl = "/authentication/login/";
loginurl += $("#username").val() + "/" +("#password").val();
$().get(loginurl);

The JSON returned by authentication

As all json in the DataEase server, it will return with a result : 'ok' when the command has executed successfully. The command is a success even when you are not able to login. Whether you are logged in or not can be seen in the isloggedin return value.

{"isloggedin":false,"result":"ok"}

Example on failed login

{"isloggedin":true,"result":"ok", "username" : "user", "level" : "High"}  

Example of successful login with a user named user and security level set to high.

Be aware that user name and password are sent in clear text to the server if the server not is set up with https.