Because I don't exactly know how any auth method works I want to write my own. So, what I want to do is the following. A client sends over HTTPs username+password(or SHA1(username+password)) the server gets the username+password and generates a big random number and stores it in a table called TOKENS(in some database) along with his IP, then it give the client that exact number. From now on, all the requests made by the client are accompanied by that TOKEN and if the TOKEN is not in the table TOKENS then any such request will fail. If the user hasn't made any requests in 2 hours the TOKEN will expire. If the user wants to log out he makes a request '/logout' to the server and the server deletes from the table TOKENS the entry containing his token but ONLY if the request to '/logout' originates from his IP.
Maybe I am reinventing the wheel... this wouldn't be very good so my question is if there is some auth system that already works like this , what is it's name , does it have any OSS C++ libraries or Python libraries available ?
I am not sure if finding such an auth system and configuring it would take longer than writing it myself, on the other hand I know security is a delicate problem so I am approaching this with some doubt that I am capable of writing something secure enough.
Also, is there a good OSS C++ HTTP library ? I'm planning to write a RESTful Desktop client for a web app. Depending on the available libraries I will choose if I'll write it in C++ or Python.