Re: [WebDNA] Secure cookies (HttpOnly/Secure)
This WebDNA talk-list message is from 2013
It keeps the original formatting.
numero = 110823
interpreted = N
texte = Perfect. Thanks for this.-DanOn Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke
wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan>> There was discussion about this recently.>> Secure cookies is flagged for an update version of WebDNA.>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 30 Oct 2013, at 9:37 am, Dan Strong wrote:>> > Anybody done this with WebDNA? If so, care to share?> >> > -Dan Strong> > http://www.DanStrong.com> > ---------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us> > Bug Reporting: support@webdna.us>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us>
Associated Messages, from the most recent to the oldest:
Perfect. Thanks for this.-DanOn Wed, 30 Oct 2013 08:23:16 +0000 Tom Duke wrote: Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan>> There was discussion about this recently.>> Secure cookies is flagged for an update version of WebDNA.>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 30 Oct 2013, at 9:37 am, Dan Strong wrote:>> > Anybody done this with WebDNA? If so, care to share?> >> > -Dan Strong> > http://www.DanStrong.com> > ---------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us> > Bug Reporting: support@webdna.us>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us>
"Dan Strong"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Not reading code (1997)
[WebDNA] listfiles weirdness? (2018)
can WC render sites out? (1997)
WebCat2b13MacPlugIn - syntax to convert date (1997)
available times? (2003)
WebMerchant when CC network is down (1998)
Showif date range comparison (1999)
RE: OK, here goes... (1997)
Date search - yes or no (1997)
Help ! Frustrating Problem (1999)
[WebDNA] Function "libraries" (2009)
Shell Script needed (2003)
WebCat2 - Getting to the browser's username/password data (1997)
Can't ping (problem with [shell]) (2006)
whole word matching (2004)
Emailer setup (1997)
(2004)
WebCat b15 Mac plug-in (1997)
Search Question (2003)
Searching for all records (1998)