Re: [WebDNA] Secure cookies (HttpOnly/Secure)

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110823
interpreted = N
texte = Perfect. Thanks for this. -Dan On Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  2. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  3. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  4. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
Perfect. Thanks for this. -Dan On Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Not reading code (1997) [WebDNA] listfiles weirdness? (2018) can WC render sites out? (1997) WebCat2b13MacPlugIn - syntax to convert date (1997) available times? (2003) WebMerchant when CC network is down (1998) Showif date range comparison (1999) RE: OK, here goes... (1997) Date search - yes or no (1997) Help ! Frustrating Problem (1999) [WebDNA] Function "libraries" (2009) Shell Script needed (2003) WebCat2 - Getting to the browser's username/password data (1997) Can't ping (problem with [shell]) (2006) whole word matching (2004) Emailer setup (1997) (2004) WebCat b15 Mac plug-in (1997) Search Question (2003) Searching for all records (1998)