Re: [WebDNA] Secure & HttpOnly Session Cookies

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110794
interpreted = N
texte = Why don't you just use SETCOOKIE rather than forcing it into the mime = header ? Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 04/10/2013, at 11:18 AM, Tom Duke wrote: > Dan / Stuart, >=20 > As we're on a security thing at the moment, I was trying to work out = how best to set session cookies. Here's what's working for me (WebDNA = 6.2 on CentOS). >=20 > - Tom >=20 >=20 >=20 >=20 > On the 'login template' where the users username/password are checked: >=20 >=20 > [!] >=20 >=20 > ----------------------------------- > ### Set session cookie and redirect to dashboard ### >=20 > [/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt = seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!] > [/!][redirect /dashboard.tmpl?v=3Dlogon] >=20 >=20 >=20 > On the 'dasboard template': >=20 > [!] >=20 >=20 > ------------------------------------ > ### Reset session cookie with HttpOnly option ### >=20 > [/!][showif [v]=3Dlogon][!] > [/!][setmimeheader = name=3DSet-Cookie&value=3Dsession-cookie=3D[url][url][getcookie = name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure; = HttpOnly][!] > [/!][/showif] >=20 >=20 >=20 > On the 'logout template': >=20 > [!] >=20 >=20 > ------------------------------------ > ### Clear session cookie ### >=20 > [/!][setcookie name=3Dsession-cookie&value=3D&path=3D/&domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, = 01 Jan 1970 00:00:00 GMT] >=20 >=20 >=20 >=20 > I can't get the [setmimeheader] working on the 'logon template'. It = seems the full page has to load, maybe that's the way it's meant to be? > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  23. Re: [WebDNA] Secure & HttpOnly Session Cookies (WebDNA 2013)
  24. [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  27. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  28. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  29. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  30. Re: [WebDNA] Secure Cookies (Govinda 2009)
  31. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  32. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  33. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  34. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  35. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  36. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  37. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  38. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  39. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  40. [WebDNA] Secure Cookies (Stuart Tremain 2009)
Why don't you just use SETCOOKIE rather than forcing it into the mime = header ? Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 04/10/2013, at 11:18 AM, Tom Duke wrote: > Dan / Stuart, >=20 > As we're on a security thing at the moment, I was trying to work out = how best to set session cookies. Here's what's working for me (WebDNA = 6.2 on CentOS). >=20 > - Tom >=20 >=20 >=20 >=20 > On the 'login template' where the users username/password are checked: >=20 >=20 > [!] >=20 >=20 > ----------------------------------- > ### Set session cookie and redirect to dashboard ### >=20 > [/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt = seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!] > [/!][redirect /dashboard.tmpl?v=3Dlogon] >=20 >=20 >=20 > On the 'dasboard template': >=20 > [!] >=20 >=20 > ------------------------------------ > ### Reset session cookie with HttpOnly option ### >=20 > [/!][showif [v]=3Dlogon][!] > [/!][setmimeheader = name=3DSet-Cookie&value=3Dsession-cookie=3D[url][url][getcookie = name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure; = HttpOnly][!] > [/!][/showif] >=20 >=20 >=20 > On the 'logout template': >=20 > [!] >=20 >=20 > ------------------------------------ > ### Clear session cookie ### >=20 > [/!][setcookie name=3Dsession-cookie&value=3D&path=3D/&domain=3D[grep = search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, = 01 Jan 1970 00:00:00 GMT] >=20 >=20 >=20 >=20 > I can't get the [setmimeheader] working on the 'logon template'. It = seems the full page has to load, maybe that's the way it's meant to be? > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us WebDNA

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

unitshipcost vs shipcosts (1997) select multiple (1997) Missing custom convert.db (1998) How to verify email address (1997) LookUp Tag (1997) Sorta OT: Printing From Browser Window (2001) Showing unopened cart (1997) Accentuated and non-English letters (2002) Trunk-gator (1997) [WriteFile] problems (1997) Questions To Answer (1997) Extended [ConvertChars] (1997) Paramater Passing Value (2002) Starting WebCatalog on Linux (2000) Moment of Thanks (1997) WebCat2b12plugin - [search] is broken ... not! (1997) Feature Request: DB Field manipulation (1998) [BoldWords] WebCat.acgib15Mac (1997) Restart of DBserver (1997) bcc and sendmail (2001)