Re: [WebDNA] Secure cookies (HttpOnly/Secure)

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110822
interpreted = N
texte = --047d7b339e07bb882804e9f10c42 Content-Type: text/plain; charset=UTF-8 Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --047d7b339e07bb882804e9f10c42 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan,

I posted a method that's worki= ng for me earlier in the month. =C2=A0 Secure cookies can be set in WebDNA = (as long as the page is using SSL), HttpOnly cookies require a work-around.= =C2=A0Re-post below.

- Tom






On the 'login template' where th= e users username/password are checked:


[!]


---------------= --------------------
### =C2=A0Set session cookie and redirect to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt se= ed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[gr= ep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the= 'dasboard template':

[!]


------------------------------------
### =C2=A0Reset session cookie with Htt= pOnly option =C2=A0###

[/!][showif [v]=3Dlogon][!]
[/!][setmimeheader name=3DSet-Cookie&value= =3Dsession-cookie=3D[url][url][getcookie name=3Dsession-cookie][/url][/url]= ; path=3D/; domain=3D[grep search=3Dwww&replace=3D][getmimeheader name= =3Dhost][/grep];=C2=A0secure; HttpOnly][!]
[/!][/showif]



On the= 'logout template':

[!]


------------------------------------
### =C2=A0Clear session cookie =C2=A0##= #

[/!][setcookie name=3Dsession-cookie&value=3D&path= =3D/&domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dh= ost][/grep]&expires=3DThu, 01 Jan 1970 00:00:00 GMT]




I can't get the [setmimeheader] working on the 'logon template'= . =C2=A0 It seems the full page has to load, maybe that's the way it= 9;s meant to be?







=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Digital Rev= olutionaries
1st Floor, Castleriver House
14-15 Parliament Street
= Temple Bar,Dublin 2
Ireland
----------------------------------------------
[t]: + 353 1 4= 403907
[e]: <mailto:tom@revolutionaries.ie>
[w]: <http://www.revolutionaries.ie/= >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


On 29 October 2013 22:40, WebDNA <webd= na@idfk.com.au> wrote:
Dan

There was discussion about this recently.

Secure cookies is flagged for an update version of WebDNA.

Regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA
webdna@idfk.com.au




On 30 Oct 2013, at 9:37 am, Dan Strong <dan@danstrong.com> wrote:

> Anybody done this with WebDNA? If so, care to share?
>
> -Dan Strong
> http://www.DanS= trong.com
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us<= /a>>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us<= /a>

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us&g= t;.
To unsubscribe, E-mail to: <talk= -leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--047d7b339e07bb882804e9f10c42-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  2. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  3. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  4. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
--047d7b339e07bb882804e9f10c42 Content-Type: text/plain; charset=UTF-8 Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --047d7b339e07bb882804e9f10c42 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan,

I posted a method that's worki= ng for me earlier in the month. =C2=A0 Secure cookies can be set in WebDNA = (as long as the page is using SSL), HttpOnly cookies require a work-around.= =C2=A0Re-post below.

- Tom






On the 'login template' where th= e users username/password are checked:




---------------= --------------------
### =C2=A0Set session cookie and redirect to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt se= ed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[gr= ep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the= 'dasboard template':



------------------------------------
### =C2=A0Reset session cookie with Htt= pOnly option =C2=A0###

[/!][showif [v]=3Dlogon][!]
[/!][setmimeheader name=3DSet-Cookie&value= =3Dsession-cookie=3D[url][url][getcookie name=3Dsession-cookie][/url][/url]= ; path=3D/; domain=3D[grep search=3Dwww&replace=3D][getmimeheader name= =3Dhost][/grep];=C2=A0secure; HttpOnly][!]
[/!][/showif]



On the= 'logout template':



------------------------------------
### =C2=A0Clear session cookie =C2=A0##= #

[/!][setcookie name=3Dsession-cookie&value=3D&path= =3D/&domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dh= ost][/grep]&expires=3DThu, 01 Jan 1970 00:00:00 GMT]




I can't get the [setmimeheader] working on the 'logon template'= . =C2=A0 It seems the full page has to load, maybe that's the way it= 9;s meant to be?







=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Digital Rev= olutionaries
1st Floor, Castleriver House
14-15 Parliament Street
= Temple Bar,Dublin 2
Ireland
----------------------------------------------
[t]: + 353 1 4= 403907
[e]: <mailto:tom@revolutionaries.ie>
[w]: <http://www.revolutionaries.ie/= >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


On 29 October 2013 22:40, WebDNA <webd= na@idfk.com.au> wrote:
Dan

There was discussion about this recently.

Secure cookies is flagged for an update version of WebDNA.

Regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA
webdna@idfk.com.au




On 30 Oct 2013, at 9:37 am, Dan Strong <dan@danstrong.com> wrote:

> Anybody done this with WebDNA? If so, care to share?
>
> -Dan Strong
> http://www.DanS= trong.com
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us<= /a>>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us<= /a>

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us&g= t;.
To unsubscribe, E-mail to: <talk= -leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--047d7b339e07bb882804e9f10c42-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[returnraw] and form variables (1998) SSL and reg web* (1997) Suggestions for Topics to be covered in an Advanced WebDNACourse... (1998) Nested Loops and SHOWIFs (1997) sorting question... (2001) Deleting Multiple Database Records based on Checkbox (1998) Limiting user access to .tmpl files (1997) Windows nt service pack 3 upgrade (1997) my price won't move (1997) WebCatalog can't find database (1997) Web DNA rates (2000) $Append for Users outside the ADMIN group (1997) fresh eyes needed. Append won't work. (2000) Can a database get stomped by simultaneous access? (1997) [append] vs. [appendfile] delta + question? (1997) Refresh Database (2002) [WebDNA] anyone get MaxMind geolite city working? (2012) Searchable WebCat (etc.) Docs ? (1997) WebCat2 several catalogs? (1997) SendTo more emails (1998)