Re: [WebDNA] Secure Cookies

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115000
interpreted = N
texte = 2628 --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Tom I suspected that you would set secure=3Dt but it is not documented, have = you tested that the secure switch is working ? Any idea what version of WebDNA it was implemented ? Have you come across any other little gems with cookies ? Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@plsoftware.com.au > On 1 Feb 2020, at 23:26, talk@webdna.us wrote: >=20 > Stuart, >=20 > Hi - just looking again at my code for WebDNA cookies: >=20 > https://www.revolutionaries.ie/testspace/cookie/ = >=20 > Cookie: [getcookie name=3DtestCookie]
> - domain is specified so the cookie should be accessible by = subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookie[!] > [/!]&value=3D[url]testValue[/url][!] > [/!]&domain=3D[thishost][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > =09 >=20 > Cookie: [getcookie name=3DtestCookieHostOnly]
> - domain is NOT specified so HostOnly flag should be set, the cookie = should not be accessible by subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookieHostOnly[!] > = [/!]&value=3D[url]testValueHostOnly[/url][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > I include the 'samesite' value in the hope it will be supported in the = future. >=20 > - Tom >=20 > On Fri, 31 Jan 2020 at 22:18, > = wrote: > Sat here about to face the same; echoing those questions.. >=20 > =20 >=20 > From: talk@webdna.us >=20 > Sent: Friday, January 31, 2020 10:07 PM > To: WebDNA Talk List > > Subject: [WebDNA] Secure Cookies >=20 > =20 >=20 > Reading through the docs re cookies: = http://webdna.us/page.dna?numero=3D180 = > =20 >=20 > The docs note: >=20 > (optional) HttpOnly should be T, just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F. >=20 > =20 >=20 > However there is no mention on how to set a SECURE cookie >=20 > =20 >=20 > Question: How do I ensure that a cookie is SECURELY set ? >=20 > =20 >=20 > What version is required to set SECURE cookies ? >=20 > =20 >=20 > =20 >=20 > Kind regards >=20 > =20 >=20 > Stuart Tremain >=20 > Pharoah Lane Software >=20 > AUSTRALIA >=20 > webdna@plsoftware.com.au > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, = E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Tom

I suspected that = you would set secure=3Dt but it is not documented, have you tested that = the secure switch is working ?

Any idea what version of WebDNA it was = implemented ?

Have you come across any other little gems with cookies = ?

Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA







On 1 Feb 2020, at 23:26, talk@webdna.us wrote:

Stuart,

Hi - just looking again = at my code for WebDNA cookies:


Cookie: [getcookie = name=3DtestCookie]</br />
- domain is = specified so the cookie should be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookie[!]
= [/!]&value=3D[url]testValue[/url][!]
= = [/!]&domain=3D[thishost][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

= 

Cookie: [getcookie name=3DtestCookieHostOnly]</br = />
- domain is NOT specified so HostOnly flag = should be set, the cookie should not be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookieHostOnly[!]
= [/!]&value=3D[url]testValueHostOnly[/url][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

I include the 'samesite' value in the hope it will = be supported in the future.

- Tom

On Fri, 31 = Jan 2020 at 22:18, <talk@webdna.us> wrote:

Sat here about to face the same; = echoing those questions..

 

From:= talk@webdna.us <talk@webdna.us>
Sent: Friday, January 31, 2020 10:07 PM
To: WebDNA Talk List <talk@webdna.us>
Subject: [WebDNA] Secure Cookies

 

Reading through the docs re = cookies: http://webdna.us/page.dna?numero=3D180

 

The docs note:

(optional) HttpOnly should be T, = just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F.

 

However there is no mention on = how to set a SECURE cookie

 

Question:  How do I ensure = that a cookie is SECURELY set ?

 

What version is required to set = SECURE cookies ?

 

 

Kind = regards

 

Stuart = Tremain

Pharoah= Lane Software

AUSTRALIA

webdna@plsoftware.com.au

 

 

 

 

 

 

------------------------------------------------------= --- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55= Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC-- . Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
2628 --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Tom I suspected that you would set secure=3Dt but it is not documented, have = you tested that the secure switch is working ? Any idea what version of WebDNA it was implemented ? Have you come across any other little gems with cookies ? Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@plsoftware.com.au > On 1 Feb 2020, at 23:26, talk@webdna.us wrote: >=20 > Stuart, >=20 > Hi - just looking again at my code for WebDNA cookies: >=20 > https://www.revolutionaries.ie/testspace/cookie/ = >=20 > Cookie: [getcookie name=3DtestCookie]
> - domain is specified so the cookie should be accessible by = subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookie[!] > [/!]&value=3D[url]testValue[/url][!] > [/!]&domain=3D[thishost][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > =09 >=20 > Cookie: [getcookie name=3DtestCookieHostOnly]
> - domain is NOT specified so HostOnly flag should be set, the cookie = should not be accessible by subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookieHostOnly[!] > = [/!]&value=3D[url]testValueHostOnly[/url][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > I include the 'samesite' value in the hope it will be supported in the = future. >=20 > - Tom >=20 > On Fri, 31 Jan 2020 at 22:18, > = wrote: > Sat here about to face the same; echoing those questions.. >=20 > =20 >=20 > From: talk@webdna.us >=20 > Sent: Friday, January 31, 2020 10:07 PM > To: WebDNA Talk List > > Subject: [WebDNA] Secure Cookies >=20 > =20 >=20 > Reading through the docs re cookies: = http://webdna.us/page.dna?numero=3D180 = > =20 >=20 > The docs note: >=20 > (optional) HttpOnly should be T, just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F. >=20 > =20 >=20 > However there is no mention on how to set a SECURE cookie >=20 > =20 >=20 > Question: How do I ensure that a cookie is SECURELY set ? >=20 > =20 >=20 > What version is required to set SECURE cookies ? >=20 > =20 >=20 > =20 >=20 > Kind regards >=20 > =20 >=20 > Stuart Tremain >=20 > Pharoah Lane Software >=20 > AUSTRALIA >=20 > webdna@plsoftware.com.au > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, = E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Tom

I suspected that = you would set secure=3Dt but it is not documented, have you tested that = the secure switch is working ?

Any idea what version of WebDNA it was = implemented ?

Have you come across any other little gems with cookies = ?

Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA







On 1 Feb 2020, at 23:26, talk@webdna.us wrote:

Stuart,

Hi - just looking again = at my code for WebDNA cookies:


Cookie: [getcookie = name=3DtestCookie]</br />
- domain is = specified so the cookie should be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookie[!]
= [/!]&value=3D[url]testValue[/url][!]
= = [/!]&domain=3D[thishost][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

= 

Cookie: [getcookie name=3DtestCookieHostOnly]</br = />
- domain is NOT specified so HostOnly flag = should be set, the cookie should not be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookieHostOnly[!]
= [/!]&value=3D[url]testValueHostOnly[/url][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

I include the 'samesite' value in the hope it will = be supported in the future.

- Tom

On Fri, 31 = Jan 2020 at 22:18, <talk@webdna.us> wrote:

Sat here about to face the same; = echoing those questions..

 

From:= talk@webdna.us <talk@webdna.us>
Sent: Friday, January 31, 2020 10:07 PM
To: WebDNA Talk List <talk@webdna.us>
Subject: [WebDNA] Secure Cookies

 

Reading through the docs re = cookies: http://webdna.us/page.dna?numero=3D180

 

The docs note:

(optional) HttpOnly should be T, = just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F.

 

However there is no mention on = how to set a SECURE cookie

 

Question:  How do I ensure = that a cookie is SECURELY set ?

 

What version is required to set = SECURE cookies ?

 

 

Kind = regards

 

Stuart = Tremain

Pharoah= Lane Software

AUSTRALIA

webdna@plsoftware.com.au

 

 

 

 

 

 

------------------------------------------------------= --- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55= Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC-- . Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Grepping a hostname (2003) How to get shownext to just shownext once (1997) WebMerchant 1.6 and SHTML (1997) [format 40s]text[/format] doesn't work (1997) sorting and grouping (1998) [WebDNA] How to get a screen size (2009) What am I missing (1997) Converting order file to database (1998) Suffix Mapping (1997) Opinion: [input] should be called [output] ... (1997) New Plug-in and Type 11 errors (1997) Uh...can someone help me out with the b10? (1997) WC2b15 File Corruption (1997) Country & Ship-to address & other fields ? (1997) Rhapsody? (1997) WebCatalog NT beta 18 now available (1997) Bug in 4.5 - Needs to be fixed ASAP. (2002) WebCatalog on Windows 98 (2000) [isfile] ? (1997) another problem (1997)