Re: Authenticate Questions

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 49659
interpreted = N
texte = We use a cookie-based login now like you describe... People seem to be having problems with disabling cookies on their browsers (our #1 complaint and tech support call, but they won't follow the directions to enable them unless we are reading it to them over the phone.) which is why I am looking to switch to an authenticate style login.Thank you, though... you did answer my most important question.-- Matthew C. Bohne Web Developer Sandusky Register 314 W. Market St. Sandusky, OH 44870 419-625-5500 ext. 253 matthewbohne@sanduskyregister.com http://www.sanduskyregister.comOn Monday, April 21, 2003 12:26 PM, John Peacock wrote: >Matthew Bohne wrote: >> If I have an [authenticate] tag on secure.mydomain.com, will >keep the [username] and [password] values when I move to >www.mydomain.com? and beyond as long as I am still at >mydomain.com? Does this work if the subdomains are on >different servers? > >The browser will typically cache the authentication for the length of the >session, but it will only present the authentication to the exact same hostname, >in this case secure.mydomain.com. In other words, if they go to >games.mydomain.com, you cannot get the same authentication keys, but if they go >back to secure.mydomain.com, it will silently represent the authentication. >This is a security feature. > >One thing you can do is to set a cookie when they are authenticated, using >domain=.mydomain.com, then you can retrieve that cookie on other related >hostnames of the domain. Don't store their actual username/password in the >cookie, just store a [cart] and check the value against a database (which allows >you to time out the authorization independently of the cookie >expiration). > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Authenticate Questions (Matthew Bohne 2003)
  2. Re: Authenticate Questions (Alex McCombie 2003)
  3. Re: Authenticate Questions (Scott Anderson 2003)
  4. Re: Authenticate Questions (Alain Russell 2003)
  5. Re: Authenticate Questions (Scott Anderson 2003)
  6. Re: Authenticate Questions (Kenneth Grome 2003)
  7. Re: Authenticate Questions (Alain Russell 2003)
  8. Re: Authenticate Questions (Kenneth Grome 2003)
  9. Re: Authenticate Questions (Matthew Bohne 2003)
  10. Re: Authenticate Questions (John Peacock 2003)
  11. Authenticate Questions (Matthew Bohne 2003)
We use a cookie-based login now like you describe... People seem to be having problems with disabling cookies on their browsers (our #1 complaint and tech support call, but they won't follow the directions to enable them unless we are reading it to them over the phone.) which is why I am looking to switch to an authenticate style login.Thank you, though... you did answer my most important question.-- Matthew C. Bohne Web Developer Sandusky Register 314 W. Market St. Sandusky, OH 44870 419-625-5500 ext. 253 matthewbohne@sanduskyregister.com http://www.sanduskyregister.comOn Monday, April 21, 2003 12:26 PM, John Peacock wrote: >Matthew Bohne wrote: >> If I have an [authenticate] tag on secure.mydomain.com, will >keep the [username] and [password] values when I move to >www.mydomain.com? and beyond as long as I am still at >mydomain.com? Does this work if the subdomains are on >different servers? > >The browser will typically cache the authentication for the length of the >session, but it will only present the authentication to the exact same hostname, >in this case secure.mydomain.com. In other words, if they go to >games.mydomain.com, you cannot get the same authentication keys, but if they go >back to secure.mydomain.com, it will silently represent the authentication. >This is a security feature. > >One thing you can do is to set a cookie when they are authenticated, using >domain=.mydomain.com, then you can retrieve that cookie on other related >hostnames of the domain. Don't store their actual username/password in the >cookie, just store a [cart] and check the value against a database (which allows >you to time out the authorization independently of the cookie >expiration). > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Matthew Bohne

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat BeOS (2002) Version 4? (2000) testing webcat 4 (2001) How do I get multiple unique numbers on one template? (2000) NetSplat and WebCat2 (1997) send mail problem? (1997) Search group and ww (2003) Semi-OT SSL IE problem (2005) Where's Cart Created ? (1997) Protect (1997) [BULK] [WebDNA] Ubuntu 16.04 LTS & WebDNA (2017) OT: Google (2002) WebCat2 several catalogs? (1997) java chat (2002) Problems reading files created by WC (1997) Bug or syntax error on my part? (1997) Cart Already Submitted (2003) [math] are you there? (1999) Grepping to remove text & code (2004) Image maps/Webcat (1997)