Authenticated Sessions on a Desktop Application

I want to implement a login into my C++ desktop application and I’m having a hard time finding information on managing login sessions without cookies or JWT (JSON Web Token) (more on that in a bit). I can send HTTP requests from my C++ app just fine as well as incorporate TCP sockets if needed.

Here’s a typical user workflow:

  1. Register for an account on my website.
  2. Pay for access to a desktop application.
  3. Download and log in to the desktop application.
  4. Desktop application sends data (~1MB) to server API to be processed.
  5. If the user is authenticated and has sufficient funds, processed data is returned.

Some requirements:

  • Session storage so users don’t have to log in every time.
  • Close all other sessions if a log in occurs from a different IP.
  • Ability to log in to the website to view usage stats and edit account info.

Because of those requirements, I shouldn’t use a JWT because I can’t revoke or invalidate tokens without storing sessions server-side anyway. I also can’t use cookies because the log in is not (always) happening in a browser.

Almost every guide or tutorial I’ve found online for MERN (Mongo, Express, React and NodeJS) stack authentication and session handling involves either tokens or cookies. I want to use neither.

How would I begin to implement server-side sessions management and user authentication inside a Node app when the log in can happen from a browser OR a desktop application?

Thanks for your time!

Can i use the default azure domain from an app service with an Azure Application Gateway?

I have an environment setup with multiple azure web apps across multiple Azure service plans.

I’m now retrospectively trying to add an azure WAF between the wider internet and the websites.

I have created a WAF, but am now struggling to understand whether it is currently possible to continue to use the * app addresses and route traffic through the WAF?

UK Visa Refund after cancelling my application

I had a VISA Appointment and I cancelled it day before (I could not reschedule as its within 24 hours ) and claimed for refund. I had to cancel as I have not received invite from from the concerned person as they are on holiday due to Christmas and new year. On many other forum and other question like here About UK visa fee refund I see people have mentioned that a refund letter has to be filled and submitted but I did not see any such information when I cancelled my VISA application

My question is will I get a refund? and is the refund form mandatory, if yes how di I fill it?

Cursor usage in different application elements

I am working on an application that is mostly used by desktop users. So I am trying to perfect the use of the cursor css-rules.

First of all, I have read and try to follow the practice of having pointer-cursor only for external (href) links, but have the default-cursor (arrow) on buttons and internal links (like navigating to another application menu-item).

What I am a bit more uncertain on, is the practice for text. This application contains a lot of editable data. Like forms or editable content inline (in tables and other elements). I have been considering showing the text- cursor only for editable data, to indicate that the user can click to edit, and have the default-cursor for normal text, even if it is selectable. The default browser rules is usually the text-cursor for all normal text. Anyone know if there is any unwritten standards, any widely used styleguides or other sources for information on this part?

Icon Ideas for Logging Out but not Exiting a WinForms Application [closed]

Firstly, I am going to put text with the icons, so the user won’t be completely clueless and as confused as a whale hurtling through the air from a great height.

Our WinForms application’s user requirements has been added to and we now need to give the users the ability to log out of a server and then log back in, not just exit the application.

The icon that we’re currently using on our menu bar to represent exiting the application is a “0/1” image, similar to, but not as stylish as, the image below:

Switch icon

The Crystal icon pack has a circular-type icon that reminds me very much of sleep/dreaming or magic/”poof” – the interjection, NOT the offensive slang word!

"poof" icon

Door icons seem like they might be a good fit, but then again it could represent exiting the application to many users (and I just plain-well don’t like those “door” type of icons 🙂

Door icon

My personal bias aside, what do you recommend? It is possible to change the Exit icon if need be.

My ASP.NET core application executable detected as Trojan

I wanted to copy from a local publish location of my ASP.NET Core project on a production IIS Server, and Windows Defender detected a Trojan in my main executable file. When I scan this folder on my local machine, Defender does not find any threat. enter image description here

I made a deployment package in Visual Studio, on my computer there are no threats, only thing I can refer to is that ASP.NET Core app creates an EXE that opens HTTP ports. Do I have a real problem, or Windows Defender is not right about my application?

Prevent application to make silently install file(s) or making changes

‘Request Install Packages’ let’s say if an app has this permission ex- facebook(Check it in playstore head to facebook then ‘app permissions’ and click ‘see more’. I used to read articles related to security threads to the device and while reading what this permission can bring to the device is look suspicious as it can trigger to install/make change to an existing app silently(without taking any permission from user).

I have then checked many apps that i was going to install but this setting makes me think that it may include security issues. Isn’t it ?

Is there any way to prevent making changes silently ? Can an antivirus prevent these changes to the device’s app ?

Application Permissions

I note that with my Samsung S7 Edge now I have “Permission Monitor” as an option, which is great. Leaving out the whole root option (I don’t want to risk it again, it was a $ 300 fix last time it ‘broke’) I am looking for a methodology to either:

  • Allow me to globally refuse permissions to all applications or;
  • Reset permission settings each time the application is used.

A typical use is I need Facebook (Yes, I know they have the data already…) to have access to photos for example. I enable it, and then never disable it. I want to limit (and this is basically globally) any applications capacity to interact with photos, videos and microphone.

  • Samsung S7 Edge
  • $ 10-30.00 budget for application
  • Preferably not rooting, Android 7.0 (From memory)

Poco HTTPS application failes to respond after a short interval

I have a web application (HTTP only) written in C++ using Poco libraries. When I try to switch to HTTPS, the server works fine for some time serving pages requested. But after say, 30 seconds or so, I get a “Secure Connection Failed” on the browser.

I checked with netstat to see if my application is still listening on that port, it does. I also tried enabling/disabling keep alive with setKeepAlive() on the HTTPServerParams object without much luck.

I do the following in my main:

Poco::File privKeyFile(cfg.getPrivateKeyFile()); if (!privKeyFile.exists()) {     cout << "Private key file does not exist!" << endl;     return -1; } Poco::Net::initializeSSL(); Poco::SharedPtr<KeyConsoleHandler> pconsoleHandler = new KeyConsoleHandler(true); Poco::SharedPtr<AcceptCertificateHandler> pCertHandler = new AcceptCertificateHandler(true); Context::Ptr pContext = new Context(     Context::SERVER_USE,     cfg.getPrivateKeyFile(),     cfg.getCertFile(),     cfg.getCABundleFile(),     Context::VERIFY_RELAXED,     9,     false,     "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" ); SSLManager& mngr = SSLManager::instance(); mngr.initializeServer(pconsoleHandler, pCertHandler, pContext); 

I also changed ServerSocket object to SecureServerSocket before creating the HTTPServer object.

I intend to have HTTPS connection working normally, until the user session expires (10 mins). This is all I really need to setup HTTPS on an existing HTTP application? Have I missed anything in the initialization sequence?