Re: M$loth messes with our sites (again) 2004/02/03

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 56448
interpreted = N
texte = On 2/28/04 3:47 PM, "Kalin Mintchev" wrote: > On Sat, 28 Feb 2004, Clint Davis wrote: > >> I had to move to a cookie-based system. >> >> 1. Visitors log in using a form. >> 2. I check their info against Users.db. >> 3a. If it's correct, I set a cookie that must be present to access any other >> page on the site. >> 3b. If it's incorrect, I send them back to the form with an error. > > hi Clint... > > thanks... thought about it too. and this is probably the solution.... > but here is the thing... the old method didn't work properly for > explorers on windows anyway. after putting the correct combination the > user windows/explorer user was getting the the pop up anyway. however after > putting the correct combination again they usually were saving the > user/pass combination for 'this site' in the browser so they wont have to > do that ever again. just go to their book-marked product page and > order. people on any other browser on any decent OS have to enter their > user/pass combination every time but those were a very small percentage so > the client was cool with that - they belong to that group - all on macs > (they weren't seeing the popup so they were happy). I didn't have any problems with IE/Win caching the user/pass combo, so I'm not sure what happened on your site(s). > with the cookie code the user's browser wont remember the user/pass > combination and the client will get a lot more emails or phone calls from > people who don't remember their password which in turn they'll turn to us. > a bit rather cumbersome process... You can add a checkbox to the log in form that says "Remember me each time I visit the site." If they check the box, set the cookie for 5 years or something - if they don't check the box, make it a session cookie. > the whole reminder/editing of passwords stuff was scraped by this client > 5-6 years ago when the site was originally build - financial reasons. now > i have to explain them that because of ms's own low brain power they have > to pay a lot more and i have to sit and write the cookies code instead of > coding something more interesting... > i bet at the end they'll choose to just use the 'annoying' pop up they so > much didn't wanted... and the whole this big deal will die with me going > through a lot of talk and explanation and at the and no real profit or > satisfaction at all - just an unhappy client. and all because of ms... I added some cookie-checking code at the top of each page in place of the [PROTECT] tag. The new code verifies that the visitor has my cookie. If they don't, they are sent to the log in page. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  2. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  3. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  4. Re: M$loth messes with our sites (again) 2004/02/03 ( Glenn Busbin 2004)
  5. Re: M$loth messes with our sites (again) 2004/02/03 ( Clint Davis 2004)
  6. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
  7. Re: M$loth messes with our sites (again) 2004/02/03 ( "Sal D'Anna" 2004)
  8. Re: M$loth messes with our sites (again) 2004/02/03 ( Kalin Mintchev 2004)
On 2/28/04 3:47 PM, "Kalin Mintchev" wrote: > On Sat, 28 Feb 2004, Clint Davis wrote: > >> I had to move to a cookie-based system. >> >> 1. Visitors log in using a form. >> 2. I check their info against Users.db. >> 3a. If it's correct, I set a cookie that must be present to access any other >> page on the site. >> 3b. If it's incorrect, I send them back to the form with an error. > > hi Clint... > > thanks... thought about it too. and this is probably the solution.... > but here is the thing... the old method didn't work properly for > explorers on windows anyway. after putting the correct combination the > user windows/explorer user was getting the the pop up anyway. however after > putting the correct combination again they usually were saving the > user/pass combination for 'this site' in the browser so they wont have to > do that ever again. just go to their book-marked product page and > order. people on any other browser on any decent OS have to enter their > user/pass combination every time but those were a very small percentage so > the client was cool with that - they belong to that group - all on macs > (they weren't seeing the popup so they were happy). I didn't have any problems with IE/Win caching the user/pass combo, so I'm not sure what happened on your site(s). > with the cookie code the user's browser wont remember the user/pass > combination and the client will get a lot more emails or phone calls from > people who don't remember their password which in turn they'll turn to us. > a bit rather cumbersome process... You can add a checkbox to the log in form that says "Remember me each time I visit the site." If they check the box, set the cookie for 5 years or something - if they don't check the box, make it a session cookie. > the whole reminder/editing of passwords stuff was scraped by this client > 5-6 years ago when the site was originally build - financial reasons. now > i have to explain them that because of ms's own low brain power they have > to pay a lot more and i have to sit and write the cookies code instead of > coding something more interesting... > i bet at the end they'll choose to just use the 'annoying' pop up they so > much didn't wanted... and the whole this big deal will die with me going > through a lot of talk and explanation and at the and no real profit or > satisfaction at all - just an unhappy client. and all because of ms... I added some cookie-checking code at the top of each page in place of the [protect] tag. The new code verifies that the visitor has my cookie. If they don't, they are sent to the log in page. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Search bug. Help (2002) [OT] What System Software? (2003) search form problem.. (1997) reversing the effects of [url] (1997) Help!!!! (1997) Triggers and today's leap day? (2000) the dreaded unitShipCost (2003) Re:Formulas.db / Quantity Discount problem (1998) please unsubscribe me! (2000) Round up prices (2000) Smart caching problems with 2.1b3? (1997) [format 40s]text[/format] doesn't work (1997) Server Freeze (1998) ups quickcost [repost] (1999) For those of you not on the WebCatalog Beta... (1997) The List is Changing (1997) OT: Need some DVD advice (2006) WebCommerce: Folder organization ? (1997) Re:Listfiles (1998) Append probs, please help (2001)