I am trying to link Kirby with an external process managing non HTTP(S) protocols (i.e. websockets). For that I need some awareness inside the Kirby system (hence this question).
I set up a communication bridge between Kirby and the external process (which only allows ‘string-encodable’ values in their communication). One of the things I need though is a verification/validation of a certain Session (as some data is attached to that session).
So the way I can detect a session within the external process is via the HTTP-headers which are send during the handshake protocol. I can use the cookie-header to detect which incomming connection matches the session.
My first approuch was trying to use the session-token as identifier. Turns out that it gets modified upon each request (to update its expiration timer amongst other things). So that is not really reliable, unless I deconstruct the session ID, since a portion is used as identifier instead of timer-values.
So I tried using a second approuch which is using the
Cookie class. Turns out Kirby decides to prepend an HMac value to cookies? So that method is also not reliable.
So here is the question; How would I add means of session-validation for an external process, preferably using Kirby means so that it can be used within Kirby as well as outside Kirby? (I can set cookies manually, but I am pretty sure Kirby than wouldn’t know about its existance)
The alternative would be setting it both manually and with Kirby, but better neat and clean (DRY) if it is possible.