Skip to content
← Back to Community
[Resolved] How to Create A Login System
Profile icon
h
has Hacker Plan
RayhanADev

Okay the title will throw you off but my question is how would I make the part after logging in (where you can roam a website’s pages). So far I have

  • Created A Login Page
  • Sent Information From Input Over To Server
  • Validated Information Against GraphQL
  • Sent a Response With True/False && Userdata/Failure Reason

Now here’s the problem. I don’t know how to make it so a user can freely browse the site without having to log back in for each page. I don’t want the login to be visible, (no req.query) so any thoughts and maybe how to implement?

** I can’t share the whole Repl because of security reasons**

[OOPS, THAT CODE DISAPPEARED]

Any help?

Voters
Profile icon
EpameinondasKar
Profile icon
RayhanADev
Comments
hotnewtop
Profile icon
xxpertHacker

Comes along like an idiot, after the question has already long since been resolved, and blindly suggests JSON Web Tokens over cookies.

https://jwt.io

Profile icon
RayhanADev

@xxpertHacker ah that does look interesting. I’ll file it under future ideas (that will get done) because it is really useful but I have a system right now xD.

Profile icon
xxpertHacker

@RayhanADev Like, sure, cookies taste great (usually), but I presumed that a JS user, such as yourself, would prefer JSON.

If you ever try it, get it working, and like it, tell me how it was.

And this didn't look bad:
Screenshot 2020-11-21 at 6.45.20 PM

Profile icon
RayhanADev

@Coder100 @realTronsi

I DID IT MYSELF, NO THANKS TO YOU >:(
Actually a bit thanks to realTronsi, but mostly myself!
me is mad ;P

Profile icon
realTronsi

@RayhanADev bruh I alrdy explained how it worked you didn't really need help anyways :p

Profile icon
RayhanADev

@realTronsi well danke, anyways try it out here (get on the Repl for admin login).

Profile icon
Coder100
Profile icon
RayhanADev

@Coder100 @realTronsi at least help me with this. How long should I set the cookie before it expires or how can I make this more secure?

Profile icon
Coder100
Profile icon
Coder100

nitrotype does ~2 hours or so, but you should aim for 1 week @RayhanADev

Profile icon
RayhanADev

@Coder100 okay, but I fear that would leave it out in the open and make idek what security vulnerablity.

Profile icon
Coder100

well thats why passwords can't be seen @RayhanADev

Profile icon
Coder100

if you are that paranoid about a password system why not just use repl.it auth @RayhanADev

Profile icon
RayhanADev

@Coder100 ah. Okay thanks! :D

Profile icon
realTronsi

@RayhanADev wdym, just store the username and an authkey/hashed password, that's how most sites do it

Profile icon
RayhanADev

@Coder100 repl auth is stupid repl devs please don’t ban me. Me no like, and also Safari (lets play it safe and say the other half of used browsers) isn’t supported.

Profile icon
RayhanADev

@realTronsi i did :D

Profile icon
Coder100
res.headers['set-cookie'] = 'username=USERNAE;password=PASSWORD'
Profile icon
RayhanADev

@Coder100 @realTronsi okay, but how would I do this from client side? (Get on the Repl to see what I mean.

Profile icon
realTronsi
Profile icon
RayhanADev

@realTronsi So here’s the flow diagram whatever:

  1. Client accesses page /
  2. If req.query loggedin != true then redirects to /login
  3. Client enters Username and Password
  4. A request is sent to a url to verify against GraphQL
  5. Server responds with true/false
  6. On client side if true opens page / with req.query ?loggedin=true, if false alerts reason why
Profile icon
realTronsi

@RayhanADev uh so on the 2nd step, insert a

if not logged in, check for client cookie. If client cookie (which stores an auth key) matches an auth key, then auto login for them

Profile icon
realTronsi

@RayhanADev you can also store username + authkey / hashed password

Profile icon
RayhanADev

@realTronsi whaaaat do you mean. (Please Halp)

Profile icon
RayhanADev

@realTronsi if you can, maybe get on ReplDash and walk me through it?

Profile icon
realTronsi

@RayhanADev can't rn sorry lol

Profile icon
RayhanADev

@realTronsi oke np. Feel free to hop on when you get the chance then :)

Profile icon
RayhanADev

@Coder100 what about you, think you can help (read the thread)?

Profile icon
Coder100
Profile icon
Coder100

ok sure maybe @RayhanADev

Profile icon
Coder100

use cookies

Profile icon
realTronsi

cookies