12-20-2023, 01:40 AM
Can't you use the OnBeforeNewSession event?
You probably need to change your CheckTS method to inspect the aRequest.Params object (a TStringList that contains all request parameters), because the seesion hasn't been created yet.
If you set vCanCreate to false within this event IW will skip the session creation code completely and respond with a 404 status, which is exactly what we want for any kind of unauthorized access attempt...
Code:
procedure TIWServerController.IWServerControllerBaseBeforeNewSession(
const aUrlPath: string; aRequest: THttpRequest; out vCanCreate: Boolean);
begin
vCanCreate := checkTS(aRequest);
end;You probably need to change your CheckTS method to inspect the aRequest.Params object (a TStringList that contains all request parameters), because the seesion hasn't been created yet.
If you set vCanCreate to false within this event IW will skip the session creation code completely and respond with a 404 status, which is exactly what we want for any kind of unauthorized access attempt...