Re: [WebDNA] Secure Cookies

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115000
interpreted = N
texte = 2628 --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Tom I suspected that you would set secure=3Dt but it is not documented, have = you tested that the secure switch is working ? Any idea what version of WebDNA it was implemented ? Have you come across any other little gems with cookies ? Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@plsoftware.com.au > On 1 Feb 2020, at 23:26, talk@webdna.us wrote: >=20 > Stuart, >=20 > Hi - just looking again at my code for WebDNA cookies: >=20 > https://www.revolutionaries.ie/testspace/cookie/ = >=20 > Cookie: [getcookie name=3DtestCookie]
> - domain is specified so the cookie should be accessible by = subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookie[!] > [/!]&value=3D[url]testValue[/url][!] > [/!]&domain=3D[thishost][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > =09 >=20 > Cookie: [getcookie name=3DtestCookieHostOnly]
> - domain is NOT specified so HostOnly flag should be set, the cookie = should not be accessible by subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookieHostOnly[!] > = [/!]&value=3D[url]testValueHostOnly[/url][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > I include the 'samesite' value in the hope it will be supported in the = future. >=20 > - Tom >=20 > On Fri, 31 Jan 2020 at 22:18, > = wrote: > Sat here about to face the same; echoing those questions.. >=20 > =20 >=20 > From: talk@webdna.us >=20 > Sent: Friday, January 31, 2020 10:07 PM > To: WebDNA Talk List > > Subject: [WebDNA] Secure Cookies >=20 > =20 >=20 > Reading through the docs re cookies: = http://webdna.us/page.dna?numero=3D180 = > =20 >=20 > The docs note: >=20 > (optional) HttpOnly should be T, just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F. >=20 > =20 >=20 > However there is no mention on how to set a SECURE cookie >=20 > =20 >=20 > Question: How do I ensure that a cookie is SECURELY set ? >=20 > =20 >=20 > What version is required to set SECURE cookies ? >=20 > =20 >=20 > =20 >=20 > Kind regards >=20 > =20 >=20 > Stuart Tremain >=20 > Pharoah Lane Software >=20 > AUSTRALIA >=20 > webdna@plsoftware.com.au > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, = E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Tom

I suspected that = you would set secure=3Dt but it is not documented, have you tested that = the secure switch is working ?

Any idea what version of WebDNA it was = implemented ?

Have you come across any other little gems with cookies = ?

Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA







On 1 Feb 2020, at 23:26, talk@webdna.us wrote:

Stuart,

Hi - just looking again = at my code for WebDNA cookies:


Cookie: [getcookie = name=3DtestCookie]</br />
- domain is = specified so the cookie should be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookie[!]
= [/!]&value=3D[url]testValue[/url][!]
= = [/!]&domain=3D[thishost][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

= 

Cookie: [getcookie name=3DtestCookieHostOnly]</br = />
- domain is NOT specified so HostOnly flag = should be set, the cookie should not be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookieHostOnly[!]
= [/!]&value=3D[url]testValueHostOnly[/url][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

I include the 'samesite' value in the hope it will = be supported in the future.

- Tom

On Fri, 31 = Jan 2020 at 22:18, <talk@webdna.us> wrote:

Sat here about to face the same; = echoing those questions..

 

From:= talk@webdna.us <talk@webdna.us>
Sent: Friday, January 31, 2020 10:07 PM
To: WebDNA Talk List <talk@webdna.us>
Subject: [WebDNA] Secure Cookies

 

Reading through the docs re = cookies: http://webdna.us/page.dna?numero=3D180

 

The docs note:

(optional) HttpOnly should be T, = just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F.

 

However there is no mention on = how to set a SECURE cookie

 

Question:  How do I ensure = that a cookie is SECURELY set ?

 

What version is required to set = SECURE cookies ?

 

 

Kind = regards

 

Stuart = Tremain

Pharoah= Lane Software

AUSTRALIA

webdna@plsoftware.com.au

 

 

 

 

 

 

------------------------------------------------------= --- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55= Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC-- . Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
2628 --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Tom I suspected that you would set secure=3Dt but it is not documented, have = you tested that the secure switch is working ? Any idea what version of WebDNA it was implemented ? Have you come across any other little gems with cookies ? Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@plsoftware.com.au > On 1 Feb 2020, at 23:26, talk@webdna.us wrote: >=20 > Stuart, >=20 > Hi - just looking again at my code for WebDNA cookies: >=20 > https://www.revolutionaries.ie/testspace/cookie/ = >=20 > Cookie: [getcookie name=3DtestCookie]
> - domain is specified so the cookie should be accessible by = subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookie[!] > [/!]&value=3D[url]testValue[/url][!] > [/!]&domain=3D[thishost][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > =09 >=20 > Cookie: [getcookie name=3DtestCookieHostOnly]
> - domain is NOT specified so HostOnly flag should be set, the cookie = should not be accessible by subdomains. >=20 > [setcookie [!] > [/!]name=3DtestCookieHostOnly[!] > = [/!]&value=3D[url]testValueHostOnly[/url][!] > [/!]&httponly=3DT[!] > [/!]&path=3D/[!] > [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!] > [/!]&samesite=3Dstrict[!] > [/!]] >=20 > I include the 'samesite' value in the hope it will be supported in the = future. >=20 > - Tom >=20 > On Fri, 31 Jan 2020 at 22:18, > = wrote: > Sat here about to face the same; echoing those questions.. >=20 > =20 >=20 > From: talk@webdna.us >=20 > Sent: Friday, January 31, 2020 10:07 PM > To: WebDNA Talk List > > Subject: [WebDNA] Secure Cookies >=20 > =20 >=20 > Reading through the docs re cookies: = http://webdna.us/page.dna?numero=3D180 = > =20 >=20 > The docs note: >=20 > (optional) HttpOnly should be T, just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F. >=20 > =20 >=20 > However there is no mention on how to set a SECURE cookie >=20 > =20 >=20 > Question: How do I ensure that a cookie is SECURELY set ? >=20 > =20 >=20 > What version is required to set SECURE cookies ? >=20 > =20 >=20 > =20 >=20 > Kind regards >=20 > =20 >=20 > Stuart Tremain >=20 > Pharoah Lane Software >=20 > AUSTRALIA >=20 > webdna@plsoftware.com.au > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, = E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: = support@webdna.us = ------------------------------------------------= --------- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: = talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 = Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Tom

I suspected that = you would set secure=3Dt but it is not documented, have you tested that = the secure switch is working ?

Any idea what version of WebDNA it was = implemented ?

Have you come across any other little gems with cookies = ?

Kind regards

Stuart Tremain
Pharoah Lane Software
AUSTRALIA







On 1 Feb 2020, at 23:26, talk@webdna.us wrote:

Stuart,

Hi - just looking again = at my code for WebDNA cookies:


Cookie: [getcookie = name=3DtestCookie]</br />
- domain is = specified so the cookie should be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookie[!]
= [/!]&value=3D[url]testValue[/url][!]
= = [/!]&domain=3D[thishost][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

= 

Cookie: [getcookie name=3DtestCookieHostOnly]</br = />
- domain is NOT specified so HostOnly flag = should be set, the cookie should not be accessible by subdomains.

= [setcookie [!]
= [/!]name=3DtestCookieHostOnly[!]
= [/!]&value=3D[url]testValueHostOnly[/url][!]
= [/!]&httponly=3DT[!]
= [/!]&path=3D/[!]
= [/!][showif = [url][thisport][/url]=3D443]&secure=3DT[/showif][!]
= = [/!]&samesite=3Dstrict[!]
= [/!]]

I include the 'samesite' value in the hope it will = be supported in the future.

- Tom

On Fri, 31 = Jan 2020 at 22:18, <talk@webdna.us> wrote:

Sat here about to face the same; = echoing those questions..

 

From:= talk@webdna.us <talk@webdna.us>
Sent: Friday, January 31, 2020 10:07 PM
To: WebDNA Talk List <talk@webdna.us>
Subject: [WebDNA] Secure Cookies

 

Reading through the docs re = cookies: http://webdna.us/page.dna?numero=3D180

 

The docs note:

(optional) HttpOnly should be T, = just like Secure. It adds a HttpOnly = to the cookie, and treats everything else as a F.

 

However there is no mention on = how to set a SECURE cookie

 

Question:  How do I ensure = that a cookie is SECURELY set ?

 

What version is required to set = SECURE cookies ?

 

 

Kind = regards

 

Stuart = Tremain

Pharoah= Lane Software

AUSTRALIA

webdna@plsoftware.com.au

 

 

 

 

 

 

------------------------------------------------------= --- This message is sent to you because you are subscribed to the = mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55= Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_B7046EC7-AD95-465E-AE73-862A7D7BD1EC-- . Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

why won't this work, please tell me??? (2001) Looking for a host (1997) For those of you not on the WebCatalog Beta... (1997) Large Database Options? (1999) DON'T UPGRADE, was 4.0.x find (2000) Formulas.db + Users.db (1997) CloseDatabase (1997) [WebDNA] WebDNA AJAX_Fileuploader (2013) remotely creating and populating a stock inventory db -almost there! (1999) (ot) sitemap generator (1998) Shell Script needed (2003) Search results templates (1996) SQL Changes in 3.0.7? (2000) default value from Lookup (was Grant, please help me) (1997) Serious WebDNA issue (2006) [WebDNA] testing (2014) Just a thought (1998) Serving images from databases (1998) Running _every_ page through WebCat ? (1997) jpeg upload compression (2002)