Authentication with cookies to log who has pressed a certain button

hi guys,
I am trying to implement a new feature in my application.
I would need to understand, among a list of users, which user has pressed a certain button within the dashboard and log it.
I don't need the feature to be highly cyber secure.
I was thinking of disabling the nav. tab and change page only if authentication is successful.

To do this I was thinking of using two possible options:
1 Socket ID
2 Cookies

1 Socket ID
Save the socketID when a user "log in" and use it to understand who press the button.
Then take the socketId property of each message and figure out who it is associated with
image
But it is really too easy for a user to change their socketId via URL even by mistake.
image

Moreover, I don't know if there could be other complications, such as socket id changing by reloading the page or for other reasons. Also, I don't know if there could be other complications, such as socket id changing by reloading the page or for other reasons.
Also, I don't know if there could be other complications, such as socket id changing by reloading the page or for other reasons.
I wait for illuminations from a more experienced person

2 Cookies
More professional but also more complicated.
At the moment I am trying to use this flow found on the net (Cookie based Auth ) but I have some errors like this

Do you have any suggestions? are there any tips and tricks to develop it better?
I'm sure the community has many ideas and implementations on this.

node red version 1.3.5
node.js 12.18.3

that changes if a user reloads the page or the browser temporarily looses connection (eg device goes into power saving).

That version is no longer supported.

is quite specific and i'm not sure how well it adapts.

Possibly the easiest approach (though certainly not at all "secure") would be to get your authentication to send a client id to the client and get the the Dashboard to save it to persistent storage and then include it when you send something back to node-red. However, this would mean that you couldn't use any of the Dashboard nodes. In that case, you would be better off using uibuilder which already has a persistent client id baked in (is destroyed when the whole browser closes).

Looks like you need to require the crypto module in the function node.

Thanks for the reply.
Isn't there a way to do this while still using the node-red-dashboard?

Possibly someone else may know but I'm afraid I don't as I don't use Dashboard except for quick experiments.

1 Like