Login/Authentication Question

Hey gang,

I’m adding an optional login page to one of my apps. I have everything working so far but one question is dogging me that I can’t figure out.

When the user connects to the app, the first page that loads is the login page. If the administrator has set up authentication as an option, the login page appears with a username and password field. If the site admin does not have authentication set up, then the username and password fields are hidden and the main page of the app is loaded.

If authentication is required, I check the username with that stored in the database and I hash the password and check that against the stored hash in the database. I also have a session boolean property called “Authenticated” that gets set to true when the user has authenticated. If I am authenticated, then I load the main page for the app.

Every time the main page is loaded, I check to see if the session is authenticated. If not, it kicks the user back to the login screen.

Now what I am seeing happen is that when I first enter the user name and password, the browser does not ask if I want to save them. It is only when the session closes that the browser asks this. Obviously that’s not what I want.

So how am I supposed to do this so that the username and password get prompted to be stored? Do you create a new session once you have authenticated? How would you best do that? It seems easier to simply authenticate the session and if the session is not authenticated then you have to log in. I’m not even sure how I would properly force a new session to be created and then force the browser to use that session.

So if any of you could give some guidance, it would be appreciated.



The browsers tend not to ask the question unless the page is about to be unloaded and another loaded. The trick is that our web apps don’t do that. There’s a single “page” into which we dynamically load all of the “WebPages” without page refreshes. We haven’t found a solution that works for all of our supported browsers yet.

OK. Great. I forget that “closing” a page in Xojo is not really the same as a normal page closing.

So it sounds like I’m not doing anything wrong with my approach.