Session support #117
Description
There are two problems with the system right now.
- A person should not have to insert their username again and again
- If someone solves a question, they have no way of automatically proving that they solved it (someone else could have submitted on their name)
A simple/bare bones solution for this is to have something called a session:
- ask a person to register/ provide two pieces of information
- public information = username
- private information = password
- then whenever needed, ask them to prove their identity by providing both pieces of info
- on any api which needs to verify / access user details ask for these pairs
Asking for these pairs again and again becomes irritating very quickly. Instead what we do is:
- ask them once
- send them a random number
- later on they can supply this random number instead of their details and we will know that it's them by looking up in some data structure internally.
- this number/token exchange thing is carried out using cookies. Thus, the browser handles everything for us
Implementation
- login/registration/logout api
- login sets a cookie with a random number in the cookie
- everyone uses cookies to verify identity by looking up in some data structure (dict maybe?)
- logout un-sets the cookie