User login and access

I am building the user authentication and access portion of my web application. It is analogous to Netflix (a video subscription website to replace a Joomla one). I am checking around for best practicing for doing this in a web application. Most all the stuff I find have to do with non-compiled applications build on the more ‘standard’ web technologies like php java, etc… However I haven’t been able to find a good resource for doing all this in an Xojo web app. Any recommendations on where I can look?

My skill level is above hobbyst, but not expert. Getting there. :wink:

Thanks Oliver for the quick response. I read this post a little earlier. It sparked a question though. Is SSL only possible in a cgi build? I have been going stand-alone so far.

Yes. There is delay on the implementation of SSL :frowning:

It is possible to use a SSL reverse proxy with Standalone.
It is simple, effective and very fast.
But it is not yet supported by Xojo.


SSL, reverse proxy, and websockets are really expected.

Ah. Well, I will recompile to CGI and set my server up for it. May not be an issue. I guess I’ll see what impact the change has on my application.

Are there any other key differences between cgi and stand-alone?

CGI is slow. The application is less reactive. This is less pleasant to use.

By cons, with CGI, you can use the server (Apache …) to send static files. This is also possible with a reverse proxy (in this case, there are two advantages: powerful server / sending static files, speed and responsiveness of the application).

Another advantage of CGI: when it is no longer active session, the application can automatically leave. This is useful if there are memory leaks. But the next session is slower to load, as it should reload the application.

Note that I’m not a very experienced user. Other advices would be helpful.

I suppose - with the need of SSL for authentication and payment information gathering - I am forced to use cgi. I compiled it thus this morning, and seems to be running fine on my server. I like not having to log into the terminal and kill/run the process as I test. (maybe minor, but nice while developing).

Once the SSL is supporting in stand-alone, I guess I can check it out - if the responsiveness of cgi is an issue.

Thanks again for your responses. I also look forward to any other input from others on the cgi vs stand-alone topic.