Re: [WebDNA] Setting secure cookie

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102485
interpreted = N
texte = Stuart Tremain wrote: > "It is best business practice that any cookies that are sent > (set-cookie) over an SSL connection to explicitly state secure on them." > > Can this be done in WebDNA [setcookie] ? No., but you could do it using [returnraw] I suppose. The 'secure' param is suggestion that user agents (browsers) only serve cookies with this param set if the connection is with SSL. You could easily force the issue anyway.. perhaps by doing a redirect if the connection is not https. There are a number of ways to secure sessions which don't require the 'secure' param to be set on a cookie. However, I will put that on the list of features to add, as I think it is a good one. Meanwhile, here is an RFC if you want to roll your own: http://www.ietf.org/rfc/rfc2965.txt Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Setting secure cookie (Donovan Brooke 2009)
  2. Re: [WebDNA] Setting secure cookie (Stuart Tremain 2009)
  3. Re: [WebDNA] Setting secure cookie (Donovan Brooke 2009)
  4. [WebDNA] Setting secure cookie (Stuart Tremain 2009)
Stuart Tremain wrote: > "It is best business practice that any cookies that are sent > (set-cookie) over an SSL connection to explicitly state secure on them." > > Can this be done in WebDNA [setcookie] ? No., but you could do it using [returnraw] I suppose. The 'secure' param is suggestion that user agents (browsers) only serve cookies with this param set if the connection is with SSL. You could easily force the issue anyway.. perhaps by doing a redirect if the connection is not https. There are a number of ways to secure sessions which don't require the 'secure' param to be set on a cookie. However, I will put that on the list of features to add, as I think it is a good one. Meanwhile, here is an RFC if you want to roll your own: http://www.ietf.org/rfc/rfc2965.txt Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Is there a way......... (2000) Server IP address? (1998) Shopping cart not being assigned (1999) RE: E-mailer error codes (1997) covertchars db to keep CR's, but not new ones (2002) Emailer errors & disappearing messages (1998) [searchString] (1997) Card clearance, problems - solutions? (1997) Re(2): [WebDNA] mac os for wc 6.0 (2008) RE: Cookie Question (1999) [ShowIf] and empty fields (1997) RE: [WebDNA] Looking for Govinda (2011) Help Encrypt/Decrypt eMail (2003) really wierd date stuff on NT (1997) $append (1998) Search returns all, not 20 (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) HELP..Changing Price after adding to cart. (1999) [shell} (2005) Re:quit command on NT (1997)