[quote=191326:@Eric Wilson]I want to implement a light-weight login screen using HandleURL and pass off to a full Web App session if the login is successful. This should be a lot more resistant to DOS attacks for publicly accessible apps.
However, as discussed in the SpecialURL vs HandleURL thread, at this time, a new Web App session is not start-able from the HandleURL event, and the auto browser redirect workaround is now broken by FireFox et al.
I want to keep the entire solution within a standalone Web App without having to resort to Apache/PHP for log-ins.
Are there any other ways to do this within XOJO?[/quote]
I was not aware that Refresh was broken in FireFox. It sadly appears to indeed be the case.
I was going to suggest an approach similar to Php, since after all what does HandleURL is similar, but as HandleURL, unlike PHP or Perl does not have anything like Location: built in, it now looks impossible.
Yet, here is what I would try :
In the HandleURL event, I would identify two Paths :
/Login/ serves a login page, basically an HTML form with the familiar login name and password and a button. Form Action points to /LoginVerify/ where the app checks the validity of the credentials, and if OK, displays a new page.
At that stage, I would place a Refresh in the OK page for most browsers to take the user to the app, and display a link into it for the user to access the app.
I just filed this request :
39553 - Add ShowURL in Xojo Web HandleURL
Until now I have used the HTML redirect with Refresh, but it got broken in FireFox. So now there is no way to send FireFox users to an URL.
Would it be possible to add ShowURL inside HandleURL, analogous to what is provided by Location: in Perl or Php ?
<https://xojo.com/issue/39553>