Re: [WebDNA] Secure & HttpOnly Session Cookies
This WebDNA talk-list message is from 2013
It keeps the original formatting.
numero = 110794
interpreted = N
texte = Why don't you just use SETCOOKIE rather than forcing it into the mime =header ?RegardsStuart TremainIDFK Web DevelopmentsAUSTRALIAwebdna@idfk.com.auOn 04/10/2013, at 11:18 AM, Tom Duke
wrote:> Dan / Stuart,>=20> As we're on a security thing at the moment, I was trying to work out =how best to set session cookies. Here's what's working for me (WebDNA =6.2 on CentOS).>=20> - Tom>=20>=20>=20>=20> On the 'login template' where the users username/password are checked:>=20>=20> [!]>=20>=20> -----------------------------------> ### Set session cookie and redirect to dashboard ###>=20> [/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt =seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]> [/!][redirect /dashboard.tmpl?v=3Dlogon]>=20>=20>=20> On the 'dasboard template':>=20> [!]>=20>=20> ------------------------------------> ### Reset session cookie with HttpOnly option ###>=20> [/!][showif [v]=3Dlogon][!]> [/!][setmimeheader =name=3DSet-Cookie&value=3Dsession-cookie=3D[url][url][getcookie =name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure; =HttpOnly][!]> [/!][/showif]>=20>=20>=20> On the 'logout template':>=20> [!]>=20>=20> ------------------------------------> ### Clear session cookie ###>=20> [/!][setcookie name=3Dsession-cookie&value=3D&path=3D/&domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, =01 Jan 1970 00:00:00 GMT]>=20>=20>=20>=20> I can't get the [setmimeheader] working on the 'logon template'. It =seems the full page has to load, maybe that's the way it's meant to be?> --------------------------------------------------------- This message =is sent to you because you are subscribed to the mailing list . To =unsubscribe, E-mail to: archives: =http://mail.webdna.us/list/talk@webdna.us Bug Reporting: =support@webdna.us
Associated Messages, from the most recent to the oldest:
Why don't you just use SETCOOKIE rather than forcing it into the mime =header ?RegardsStuart TremainIDFK Web DevelopmentsAUSTRALIAwebdna@idfk.com.auOn 04/10/2013, at 11:18 AM, Tom Duke wrote:> Dan / Stuart,>=20> As we're on a security thing at the moment, I was trying to work out =how best to set session cookies. Here's what's working for me (WebDNA =6.2 on CentOS).>=20> - Tom>=20>=20>=20>=20> On the 'login template' where the users username/password are checked:>=20>=20> [!]>=20>=20> -----------------------------------> ### Set session cookie and redirect to dashboard ###>=20> [/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt =seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]> [/!][redirect /dashboard.tmpl?v=3Dlogon]>=20>=20>=20> On the 'dasboard template':>=20> [!]>=20>=20> ------------------------------------> ### Reset session cookie with HttpOnly option ###>=20> [/!][showif [v]=3Dlogon][!]> [/!][setmimeheader =name=3DSet-Cookie&value=3Dsession-cookie=3D[url][url][getcookie =name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure; =HttpOnly][!]> [/!][/showif]>=20>=20>=20> On the 'logout template':>=20> [!]>=20>=20> ------------------------------------> ### Clear session cookie ###>=20> [/!][setcookie name=3Dsession-cookie&value=3D&path=3D/&domain=3D[grep =search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, =01 Jan 1970 00:00:00 GMT]>=20>=20>=20>=20> I can't get the [setmimeheader] working on the 'logon template'. It =seems the full page has to load, maybe that's the way it's meant to be?> --------------------------------------------------------- This message =is sent to you because you are subscribed to the mailing list . To =unsubscribe, E-mail to: archives: =http://mail.webdna.us/list/talk@webdna.us Bug Reporting: =support@webdna.us
WebDNA
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
unitshipcost vs shipcosts (1997)
select multiple (1997)
Missing custom convert.db (1998)
How to verify email address (1997)
LookUp Tag (1997)
Sorta OT: Printing From Browser Window (2001)
Showing unopened cart (1997)
Accentuated and non-English letters (2002)
Trunk-gator (1997)
[WriteFile] problems (1997)
Questions To Answer (1997)
Extended [ConvertChars] (1997)
Paramater Passing Value (2002)
Starting WebCatalog on Linux (2000)
Moment of Thanks (1997)
WebCat2b12plugin - [search] is broken ... not! (1997)
Feature Request: DB Field manipulation (1998)
[BoldWords] WebCat.acgib15Mac (1997)
Restart of DBserver (1997)
bcc and sendmail (2001)