Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db?
This WebDNA talk-list message is from
2016
It keeps the original formatting.
numero = 113115
interpreted = N
texte = 703 --001a113dc4ca921837053fccf477 Content-Type: text/plain; charset=UTF-8 Tom and Donovan, Thank you for your suggestions. If I may ask one more thing. I'm trying to figure out what I need to store in the cookie and in the session.db. I have the login which then looks into the users.db and verifies that the information is correct. As soon as the [showif] confirms, I write a coolie with a [cart] value and currently store the username, session ID (the [cart] value) and an expiry value - I want to use the WebDNA epoch time but have looked on the website and can't find the proper way to create this value. What kind of data do you store in your cookies and session.db? With the data I am currently storing in the coookie and session.db, I would still be doing a lookup in the users.db to get the groups the user belongs to in order to display the appropriate menus for the user. In the past when I did a login, I only saved a session cookie as I only needed to carry the user information over a few pages. Thank you for your insight. Dale On Mon, Oct 24, 2016 at 3:37 PM, wrote: > > Question #1: > > > > Does the BrowserID use any other data from the browser, such as > > the ip address for example, or anything else OTHER THAN the data > > in the mime headers? > > no > > > Problem #1: > > > > You said you're using ALL the info returned in the mime headers, > > but this appears to be a mistake, here's why: > > > > One portion of the data returned in mime headers is cookies, so if > > there are any cookie changes from one page to the next, the > > BrowserID won't match any longer. This is a real problem for me > > because I reset the cookie expire date in my admin systems every > > time another page is requested. > > cookies is not used > > > But this does NOT explain why Tom's test concluded that all three > > BrowserIDs were identical when in fact he used three different > > browsers. > > we found that [session] is broken on the server version, because of the > way the fastCGI returns the MIME Headers compared with Server version. This > will be fixed tomorrow and we will recompile. > > > > Question #3: > > > > What happens when a mismatch occurs with the BrowserID values? > > Does WebDNA default to matching something else, such as the ip > > address? If so, this explains why all three of Tom's 'from' > > fields are different but the 'to' fields are the same: > > the first column in the db includes date, time, IP, life (seconds) and the > second column browserID > They are connected together but if IP or browserID do not match anymore, > you are free take decisions using the built-in test tags. > > > > - chris--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --001a113dc4ca921837053fccf477 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Tom and Donovan,
Thank you for your sug= gestions. If I may ask one more thing. I'm trying to figure out what I = need to store in the cookie and in the session.db.=C2=A0
I have the login which then looks into the users.db and verifies tha= t the information is correct. As soon as the =C2=A0[showif] confirms, I wri= te a coolie with a [cart] value and currently store the username, session I= D (the [cart] value) and an expiry value - I want to use the WebDNA epoch t= ime but have looked on the website and can't find the proper way to cre= ate this value.
What kind of data do you store in = your cookies and session.db?
With the data I am cu= rrently storing in the coookie and session.db, I would still be doing a loo= kup in the users.db to get the groups the user belongs to in order to displ= ay the appropriate menus for the user.=C2=A0
In th= e past when I did a login, I only saved a session cookie as I only needed t= o carry the user information over a few pages.
> Question #1: > > Does the BrowserID use any other data from the browser, such as > the ip address for example, or anything else OTHER THAN the data > in the mime headers?
no > Problem #1: > > You said you're using ALL the info returned in the mime headers, > but this appears to be a mistake, here's why: > > One portion of the data returned in mime headers is cookies, so if > there are any cookie changes from one page to the next, the > BrowserID won't match any longer.=C2=A0 This is a real problem for= me > because I reset the cookie expire date in my admin systems every > time another page is requested.
cookies is not used
> But this does NOT explain why Tom's test concluded that all three<= br> > BrowserIDs were identical when in fact he used three = different > browsers.
we found that [session] is broken on the server version, because of = the way the fastCGI returns the MIME Headers compared with Server version. = This will be fixed tomorrow and we will recompile.
> Question #3: > > What happens when a mismatch occurs with the BrowserID values? > Does WebDNA default to matching something else, such as the ip > address?=C2=A0 If so, this explains why all three of Tom's 'fr= om' > fields are different but the 'to' fields are the same:
the first column in the db includes date, time, IP, life (seconds) a= nd the second column browserID They are connected together but if IP or browserID do not match anymore, yo= u are free take decisions using the built-in test tags.
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --001a113dc4ca921837053fccf477-- .
Associated Messages, from the most recent to the oldest:
703 --001a113dc4ca921837053fccf477 Content-Type: text/plain; charset=UTF-8 Tom and Donovan, Thank you for your suggestions. If I may ask one more thing. I'm trying to figure out what I need to store in the cookie and in the session.db. I have the login which then looks into the users.db and verifies that the information is correct. As soon as the [showif] confirms, I write a coolie with a [cart] value and currently store the username, session ID (the [cart] value) and an expiry value - I want to use the WebDNA epoch time but have looked on the website and can't find the proper way to create this value. What kind of data do you store in your cookies and session.db? With the data I am currently storing in the coookie and session.db, I would still be doing a lookup in the users.db to get the groups the user belongs to in order to display the appropriate menus for the user. In the past when I did a login, I only saved a session cookie as I only needed to carry the user information over a few pages. Thank you for your insight. Dale On Mon, Oct 24, 2016 at 3:37 PM, wrote: > > Question #1: > > > > Does the BrowserID use any other data from the browser, such as > > the ip address for example, or anything else OTHER THAN the data > > in the mime headers? > > no > > > Problem #1: > > > > You said you're using ALL the info returned in the mime headers, > > but this appears to be a mistake, here's why: > > > > One portion of the data returned in mime headers is cookies, so if > > there are any cookie changes from one page to the next, the > > BrowserID won't match any longer. This is a real problem for me > > because I reset the cookie expire date in my admin systems every > > time another page is requested. > > cookies is not used > > > But this does NOT explain why Tom's test concluded that all three > > BrowserIDs were identical when in fact he used three different > > browsers. > > we found that [session] is broken on the server version, because of the > way the fastCGI returns the MIME Headers compared with Server version. This > will be fixed tomorrow and we will recompile. > > > > Question #3: > > > > What happens when a mismatch occurs with the BrowserID values? > > Does WebDNA default to matching something else, such as the ip > > address? If so, this explains why all three of Tom's 'from' > > fields are different but the 'to' fields are the same: > > the first column in the db includes date, time, IP, life (seconds) and the > second column browserID > They are connected together but if IP or browserID do not match anymore, > you are free take decisions using the built-in test tags. > > > > - chris--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --001a113dc4ca921837053fccf477 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Tom and Donovan,
Thank you for your sug= gestions. If I may ask one more thing. I'm trying to figure out what I = need to store in the cookie and in the session.db.=C2=A0
I have the login which then looks into the users.db and verifies tha= t the information is correct. As soon as the =C2=A0[showif] confirms, I wri= te a coolie with a [cart] value and currently store the username, session I= D (the [cart] value) and an expiry value - I want to use the WebDNA epoch t= ime but have looked on the website and can't find the proper way to cre= ate this value.
What kind of data do you store in = your cookies and session.db?
With the data I am cu= rrently storing in the coookie and session.db, I would still be doing a loo= kup in the users.db to get the groups the user belongs to in order to displ= ay the appropriate menus for the user.=C2=A0
In th= e past when I did a login, I only saved a session cookie as I only needed t= o carry the user information over a few pages.
> Question #1: > > Does the BrowserID use any other data from the browser, such as > the ip address for example, or anything else OTHER THAN the data > in the mime headers?
no > Problem #1: > > You said you're using ALL the info returned in the mime headers, > but this appears to be a mistake, here's why: > > One portion of the data returned in mime headers is cookies, so if > there are any cookie changes from one page to the next, the > BrowserID won't match any longer.=C2=A0 This is a real problem for= me > because I reset the cookie expire date in my admin systems every > time another page is requested.
cookies is not used
> But this does NOT explain why Tom's test concluded that all three<= br> > BrowserIDs were identical when in fact he used three = different > browsers.
we found that [session] is broken on the server version, because of = the way the fastCGI returns the MIME Headers compared with Server version. = This will be fixed tomorrow and we will recompile.
> Question #3: > > What happens when a mismatch occurs with the BrowserID values? > Does WebDNA default to matching something else, such as the ip > address?=C2=A0 If so, this explains why all three of Tom's 'fr= om' > fields are different but the 'to' fields are the same:
the first column in the db includes date, time, IP, life (seconds) a= nd the second column browserID They are connected together but if IP or browserID do not match anymore, yo= u are free take decisions using the built-in test tags.
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --001a113dc4ca921837053fccf477-- .
dale
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...