When an unauthenticated user accesses a protected resource of my API server, I want to immediately redirect them to the login page.  Research has indicated that the server should send the client an HTTP 302 page with the url.  Experimentation has shown that you can successfully set cookies. The cookie can be used to hold the url to re-redirect the user back to the original request after authenticating. Nice.

Here’s the header to send from the server:

    const string cstr_HTML_302_HEADER1 = "HTTP/1.1 302 Moved Temporarily\r\nLocation: ";
    const string cstr_HTML_HEADER2 = "\r\n\r\n";
    // ....
        string cookie_header = "\r\n";
        cookie_header += "Set-Cookie: .... ";
        *response << cstr_HTML_302_HEADER1 << "/v1/login.html" << cookie_header << cstr_HTML_HEADER2;

The publicly available version of quick-http on github needs a refresh, hopefully I'll have some time soon to move a large set of new code there that uses Simple Web Server, HTTP 302 redirects, user authentication, etc.

Leave a Reply