Re: [WebDNA] Secure cookies (HttpOnly/Secure)

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110823
interpreted = N
texte = Perfect. Thanks for this. -Dan On Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  2. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  3. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  4. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
Perfect. Thanks for this. -Dan On Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

ConvertChars (2000) Bug alert! (1997) $adminput doesn't allow [include] files (1997) My slower response (1997) Database Not Found Problem (2004) url question (2002) Exchange rates (2000) Browser Reloads and AddlineItem (1997) Banners and sort of random display (1997) newbie Q: [cart] documentation (1999) Credit card processing - UK (1997) url value (2002) [LINEITEMS] (2000) problems with 2 tags shakur (1997) What really killed WebDNA? (2007) Firesite and WebCat (1999) [WebDNA] maybe silly suggestion? [founditems] (2015) [WriteFile] problems (1997) Emailer help....! (1997) webcat plugin issue (2001)