document.cookie = "sessionToken=3" ;
This will set the sessionToken (session ID) to 3. So in the firmware when the httpd.c requests this file I find this string and replace the buffer with the correct session ID number I want. This then sets the cookie and browser will send this cookie with every request to device.
Then in my call back I parse the HTML header for the session cookie, to see if it matches who is logged in.
In the login what I do is have user type admin password, which I then send a MD5 hash with session ID. If the MD5 hash matches I record IP and session ID for person logged in.
Trampas