Re: Authenticate Questions
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 49659
interpreted = N
texte = We use a cookie-based login now like you describe... People seem to be having problems with disabling cookies on their browsers (our #1 complaint and tech support call, but they won't follow the directions to enable them unless we are reading it to them over the phone.) which is why I am looking to switch to an authenticate style login.Thank you, though... you did answer my most important question.-- Matthew C. BohneWeb DeveloperSandusky Register314 W. Market St.Sandusky, OH 44870419-625-5500 ext. 253matthewbohne@sanduskyregister.comhttp://www.sanduskyregister.comOn Monday, April 21, 2003 12:26 PM, John Peacock
wrote:>Matthew Bohne wrote:>> If I have an [authenticate] tag on secure.mydomain.com, will>keep the [username] and [password] values when I move to>www.mydomain.com? and beyond as long as I am still at>mydomain.com? Does this work if the subdomains are on>different servers?>>The browser will typically cache the authentication for the length of the >session, but it will only present the authentication to the exact same hostname, >in this case secure.mydomain.com. In other words, if they go to >games.mydomain.com, you cannot get the same authentication keys, but if they go >back to secure.mydomain.com, it will silently represent the authentication. >This is a security feature.>>One thing you can do is to set a cookie when they are authenticated, using >domain=.mydomain.com, then you can retrieve that cookie on other related >hostnames of the domain. Don't store their actual username/password in the >cookie, just store a [cart] and check the value against a database (which allows >you to time out the authorization independently of the cookie>expiration).>>John>>-- >John Peacock>Director of Information Research and Technology>Rowman & Littlefield Publishing Group>4501 Forbes Boulevard>Suite H>Lanham, MD 20706>301-459-3366 x.5010>fax 301-429-5748>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
We use a cookie-based login now like you describe... People seem to be having problems with disabling cookies on their browsers (our #1 complaint and tech support call, but they won't follow the directions to enable them unless we are reading it to them over the phone.) which is why I am looking to switch to an authenticate style login.Thank you, though... you did answer my most important question.-- Matthew C. BohneWeb DeveloperSandusky Register314 W. Market St.Sandusky, OH 44870419-625-5500 ext. 253matthewbohne@sanduskyregister.comhttp://www.sanduskyregister.comOn Monday, April 21, 2003 12:26 PM, John Peacock wrote:>Matthew Bohne wrote:>> If I have an [authenticate] tag on secure.mydomain.com, will>keep the [username] and [password] values when I move to>www.mydomain.com? and beyond as long as I am still at>mydomain.com? Does this work if the subdomains are on>different servers?>>The browser will typically cache the authentication for the length of the >session, but it will only present the authentication to the exact same hostname, >in this case secure.mydomain.com. In other words, if they go to >games.mydomain.com, you cannot get the same authentication keys, but if they go >back to secure.mydomain.com, it will silently represent the authentication. >This is a security feature.>>One thing you can do is to set a cookie when they are authenticated, using >domain=.mydomain.com, then you can retrieve that cookie on other related >hostnames of the domain. Don't store their actual username/password in the >cookie, just store a [cart] and check the value against a database (which allows >you to time out the authorization independently of the cookie>expiration).>>John>>-- >John Peacock>Director of Information Research and Technology>Rowman & Littlefield Publishing Group>4501 Forbes Boulevard>Suite H>Lanham, MD 20706>301-459-3366 x.5010>fax 301-429-5748>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Matthew Bohne
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat BeOS (2002)
Version 4? (2000)
testing webcat 4 (2001)
How do I get multiple unique numbers on one template? (2000)
NetSplat and WebCat2 (1997)
send mail problem? (1997)
Search group and ww (2003)
Semi-OT SSL IE problem (2005)
Where's Cart Created ? (1997)
Protect (1997)
[BULK] [WebDNA] Ubuntu 16.04 LTS & WebDNA (2017)
OT: Google (2002)
WebCat2 several catalogs? (1997)
java chat (2002)
Problems reading files created by WC (1997)
Bug or syntax error on my part? (1997)
Cart Already Submitted (2003)
[math] are you there? (1999)
Grepping to remove text & code (2004)
Image maps/Webcat (1997)