Oh I forgot: there's another, rather old-fashioned way to do this, called "HTTP Basic Authentication". With this, your application doesn't provide a login form at all: the browser itself prompts the user for their username and password. The browser then sends the username and password with *every single request* in a header, and your application has to validate it, for every single request.
It's not something I'd recommend for new applications, but it's simple to implement. Googling "go http basic authentication" should turn up some useful results. On Tuesday, 12 October 2021 at 10:11:21 UTC+1 Brian Candler wrote: > The problem is that you have a global variable giving "the currently > logged in user": > userDefault = checkUser > > Hence everyone sees the same user. > > The way to deal with this is generally that when a user authenticates, you > set a cookie in their session. For every request, the cookie gives their > identity. Either the cookie is a long, unguessable string that's used as a > key into a sessions table; or the cookie itself contains the identity (but > in that case it needs to be cryptographically signed so that the user > cannot modify the cookie to pretend to be another user). > > Beware that multiple incoming HTTP requests can occur *concurrently*. You > will have race conditions if you try to access any global state during a > web request, unless it's protected against concurrent access: go is not > like python, there are genuine threads and no global interpreter lock, and > concurrent accesses can cause your program to crash. > > A simplistic way is to use sync.Map instead of a regular map, but you'll > probably need to do quite a bit of reading around this topic if it's new to > you. > > On Tuesday, 12 October 2021 at 09:28:00 UTC+1 muhorto...@gmail.com wrote: > >> Hi, I have a question that is difficult for me to describe, but at the >> level of fundamental questions about creating a web service. I have a >> problem that if a user logs into a profile, then another user will also get >> into his profile. Generally speaking, this is the property of any person >> who visits the site. I see a solution to the problem in two ways. I do not >> know if it is possible to somehow track connections and give each IP its >> own routine in which it worked. Or dynamic pages that can only be accessed >> if the request is successful. But again, some data in the structures may >> change due to another user logged into the profile. Maybe there is some >> other solution to this problem. I want to understand how it works on the >> web. >> My project just in case: https://github.com/MukhortovDenis/goproject >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/54442d22-7640-4756-b602-525fa8945170n%40googlegroups.com.
