Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db?

This WebDNA talk-list message is from

2016


It keeps the original formatting.
numero = 113078
interpreted = N
texte = 666 --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/plain; charset=UTF-8 Dale, Hi - I use a cookie - set when the user authenticates - and a session.db. Cookies are encrypted and set as HTTP_only and secure if SSL is available. The session cookie should really only be transmitted over SSL. The session.db links the cookie to the user. There is a session-time field in the DB which is updated on each page refresh. If session-time is greater than the idle time setting (usually 30 minutes), then the user is kicked out and has to re-login. I haven't used the new [session] tag. Looks interesting, but unless I'm reading the spec incorrectly it looks like the [session] has to passed around as part of the URL - or in post data. That's not something I really want to do. Maybe the [browserIDmatch] tag could be used as an extra check though - I assume that should be consistent for a specific browser regardless of the actual session value? - Tom --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dale,

Hi - I use a cookie - set when th= e user authenticates - and a session.db.

Cookies a= re encrypted and set as HTTP_only and secure if SSL is available.=C2=A0 The= session cookie should really only be transmitted over SSL.
<= br>
The session.db links the cookie to the user.=C2=A0 There is a= session-time field in the DB which is updated on each page refresh.=C2=A0 = If session-time is greater than the idle time setting (usually 30 minutes),= then the user is kicked out and has to re-login.

= I haven't used the new [session] tag.=C2=A0 Looks interesting, but unle= ss I'm reading the spec incorrectly it looks like the [session] has to = passed around as part of the URL - or in post data.=C2=A0 That's not so= mething I really want to do.

Maybe the=C2=A0[brows= erIDmatch] tag could be used as an extra check though - I assume that shoul= d be consistent for a specific browser regardless of the actual session val= ue?

- Tom


--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --94eb2c0c8ea2f3bf19053f5ca163-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
  2. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
  3. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  4. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  5. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  6. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  7. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  8. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  9. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  10. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  11. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  12. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  13. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  14. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  15. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  16. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  17. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  18. [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
666 --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/plain; charset=UTF-8 Dale, Hi - I use a cookie - set when the user authenticates - and a session.db. Cookies are encrypted and set as HTTP_only and secure if SSL is available. The session cookie should really only be transmitted over SSL. The session.db links the cookie to the user. There is a session-time field in the DB which is updated on each page refresh. If session-time is greater than the idle time setting (usually 30 minutes), then the user is kicked out and has to re-login. I haven't used the new [session] tag. Looks interesting, but unless I'm reading the spec incorrectly it looks like the [session] has to passed around as part of the URL - or in post data. That's not something I really want to do. Maybe the [browserIDmatch] tag could be used as an extra check though - I assume that should be consistent for a specific browser regardless of the actual session value? - Tom --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dale,

Hi - I use a cookie - set when th= e user authenticates - and a session.db.

Cookies a= re encrypted and set as HTTP_only and secure if SSL is available.=C2=A0 The= session cookie should really only be transmitted over SSL.
<= br>
The session.db links the cookie to the user.=C2=A0 There is a= session-time field in the DB which is updated on each page refresh.=C2=A0 = If session-time is greater than the idle time setting (usually 30 minutes),= then the user is kicked out and has to re-login.

= I haven't used the new [session] tag.=C2=A0 Looks interesting, but unle= ss I'm reading the spec incorrectly it looks like the [session] has to = passed around as part of the URL - or in post data.=C2=A0 That's not so= mething I really want to do.

Maybe the=C2=A0[brows= erIDmatch] tag could be used as an extra check though - I assume that shoul= d be consistent for a specific browser regardless of the actual session val= ue?

- Tom


--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --94eb2c0c8ea2f3bf19053f5ca163-- . Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA Book? (2003) Webstar 1.3.1 PPC (1997) Double postings (2000) using listfiles to build a database? more (2000) Summing fields (1997) Templates on Unix & CGI on Mac? (1997) Help with [LineItems] in [OrderFile] on ShoppingCart.tpl (2003) 2.0Beta Command Ref (can't find this instruction) (1997) [append] vs. [appendfile] delta + question? (1997) [WebDNA] Successful, working WebDNA7/CentOS install? (2013) [include] affect on filepaths for links? (1997) [exclusivelock] (was:several people...) (2001) Virtual Postcard almost complete... (1998) can you take a look (2003) Artwork (1997) [listfiles] nested in a [loop] (1998) Searching/sorting dates (1997) Errata: WCS Newbie question (1997) hidden (phantom) file downloads (2000) WCS Newbie question (1997)