[WebDNA] Secure & HttpOnly Session Cookies

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110793
interpreted = N
texte = --047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  23. Re: [WebDNA] Secure & HttpOnly Session Cookies (WebDNA 2013)
  24. [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  27. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  28. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  29. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  30. Re: [WebDNA] Secure Cookies (Govinda 2009)
  31. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  32. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  33. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  34. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  35. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  36. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  37. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  38. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  39. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  40. [WebDNA] Secure Cookies (Stuart Tremain 2009)
--047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Bug in the docs ... (2002) ShowNext context limited to 500 hits? (2000) Mac OS X Server, Apache etc etc (1999) Plugin or CGI or both (1997) Re1000001: Setting up shop (1997) [WebDNA] Is [math] on a number with too many digits the only (2011) Frames (1997) webcat- multiple selection in input field (1997) Safari browser and WebDNA set-cookies (2003) SiteEdit NewFile.html ? (1997) Possible Macv2.1b2 Merge Bug (1997) RequiredFields template (1997) Suggestions for link manager (2000) WebCat editing, SiteGuard & SiteEdit (1997) code to phantom spacing (2001) upgrading (1997) Need help with emailer- 2 issues (1997) Email within tmpl ? (1997) Different Tax levels (1998) Search/sort in URL Was: GuestBook example (1997)