Re: Secure Cookies
This WebDNA talk-list message is from 2008
It keeps the original formatting.
numero = 70152
interpreted = N
texte = It's all in the RFC:
Basically you should just have to add "&secure=3D" to your SETCOOKIE =20tag, but WebDNA doesn't seem to add the attribute, so you have to use =20=a simple hack instead: add the text "; to your value parameter, like[SETCOOKIE name=3DmySecureCookie2&value=3DHello!; =secure&domain=3Dwww.mydomain.com=20]Best,Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se15 apr 2008 kl. 01.00 skrev Stuart Tremain:> Any ideas on the cookies ????>>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote:>> I have had a hacker safe report about a site that returns a =20>> vulnerability:>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie">>>> Is there a secure switch in the WebDNA [SetCookie] ?>>>> Or would I just put :443 on the end of the domain ?>>>> Regards>>>> Stuart Tremain>> IDFK Web Developments>> AUSTRALIA>> webdna@idfk.com.au>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to => >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = >> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
It's all in the RFC:Basically you should just have to add "&secure=3D" to your SETCOOKIE =20tag, but WebDNA doesn't seem to add the attribute, so you have to use =20=a simple hack instead: add the text "; to your value parameter, like[SETCOOKIE name=3DmySecureCookie2&value=3DHello!; =secure&domain=3Dwww.mydomain.com=20]Best,Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se15 apr 2008 kl. 01.00 skrev Stuart Tremain:> Any ideas on the cookies ????>>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote:>> I have had a hacker safe report about a site that returns a =20>> vulnerability:>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie">>>> Is there a secure switch in the WebDNA [SetCookie] ?>>>> Or would I just put :443 on the end of the domain ?>>>> Regards>>>> Stuart Tremain>> IDFK Web Developments>> AUSTRALIA>> webdna@idfk.com.au>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to => >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = >> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Christer Olsson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Nesting format tags (1997)
Search Folder? (1998)
[searchString] (1997)
Server slowing down. (1997)
Can't get appendfile to work (1997)
WCS Newbie question (1997)
military time (2002)
More Applescript (1997)
changing banners on a page without refresh? (2000)
Problems when user hit back (2000)
Resume Catalog ? (1997)
watch out for format_to_days on NT (1997)
problem: mail changed (1997)
Great product and great job ! (1997)
Did you hear about this? (1997)
2.0 Info (1997)
[platform] tag? (1998)
anyone using Webcat 4.x in production? (2000)
Changes to the List (1997)
BW in a search (2007)