Re: login via cookies

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67081
interpreted = N
texte = Are you storing a set predefined cookie value for each user in the database thats always the same (but unique) and then accessing that for the cookie value when a user logins corectly? I do check logins via an existing db already... --- Frank Nordberg wrote: > Lester wrote: > > > After I search the db and they have in fact > entered > > the correct user/pass I do: > > > > [SETCOOKIE > > name=siteblogger&value=[cart]&domain=site.com] > > Blogger Admin > > > > Am I then incorporating the cookie just set within > > MemberChecker on all other protected pages to see > if > > it exists and if so they continue onward??? > > Yes, that sounds about right. Just keep in mind that > subdomain names may > count, so a cookie with domain=site.com may not work > on a page at > www.site.com and vice versa. > > > ....or another way > > > > Is using [cart] as a cookie a good idea? > > That depends. Remember the user can access and read > the value the cookie > is set to. If that's OK, there shouldn't be any > problem. > > The only important thing is that the cookie is set > to a value that's > easily identifiable/retievable throughtout the time > the cookie lasts. > In low-security setups you can simply use a constant > string, such as > "OK" (without the quotes of course) as the cookie > value. > > I use the username and password for each member as > the cookie's value. > That way I can be sure the it doesn't give away any > info the user > doesn't already know. I actually have the > name/password value stored in > a separate field in the members database, although > that's not necessary > of course. Just a result of fuzzy thinking when I > wrote the script in > the first place - and no urgent need to change > anything afterwards. > > For maximum security you can assign a random correct > cookie value for > each member of course - and even set up some > algorithm to create a new > correct value each time a member logs on (your > [CART] solution seems to > do exactly that). Just remember that the cookie > value must always be > retrievable, that is the server has to know what > value is the right one > each and every time it encounters a [GETCOOKIE] tag! > > > Anyone have some simple example code with cookies > for > > login??? > > Once you've set the cookie it should be fairly easy > going. > > Just retrieve the cookie value using the [GETCOOKIE] > tag and > [HIDEIF]/[SHOWIF] contexts to display and/or hide > page content depending > on whether the cookie is correctly set. > > Something like: > > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE > {cookiename}] > > The code I actually use is slightly more > complicated: > > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]] > > My members database includes (among others) two > fields named CCODE and > STATUS > > CCODE is the field with the individual cookie value > for each member tat > I mentioned earlier. > STATUS is - well the status of that particular > member. If the value > there is "OK" the membership is still valid, if not > it's expired. > > > Frank Nordberg > http://www.musicaviva.com > > > > > ------------------------------------------------------------- > This message is sent to you because you are > subscribed to > the mailing list > . > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: > http://webdna.smithmicro.com/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: login via cookies ( Frank Nordberg 2006)
  2. Re: login via cookies ( "Dan Strong" 2006)
  3. Re: login via cookies ( Bob Minor 2006)
  4. Re: login via cookies ( "Dan Strong" 2006)
  5. Re: login via cookies ( Lester 2006)
  6. Re: login via cookies ( Frank Nordberg 2006)
  7. Re: login via cookies ( Gary Krockover 2006)
  8. login via cookies ( Lester 2006)
Are you storing a set predefined cookie value for each user in the database thats always the same (but unique) and then accessing that for the cookie value when a user logins corectly? I do check logins via an existing db already... --- Frank Nordberg wrote: > Lester wrote: > > > After I search the db and they have in fact > entered > > the correct user/pass I do: > > > > [SETCOOKIE > > name=siteblogger&value=[cart]&domain=site.com] > > Blogger Admin > > > > Am I then incorporating the cookie just set within > > MemberChecker on all other protected pages to see > if > > it exists and if so they continue onward??? > > Yes, that sounds about right. Just keep in mind that > subdomain names may > count, so a cookie with domain=site.com may not work > on a page at > www.site.com and vice versa. > > > ....or another way > > > > Is using [cart] as a cookie a good idea? > > That depends. Remember the user can access and read > the value the cookie > is set to. If that's OK, there shouldn't be any > problem. > > The only important thing is that the cookie is set > to a value that's > easily identifiable/retievable throughtout the time > the cookie lasts. > In low-security setups you can simply use a constant > string, such as > "OK" (without the quotes of course) as the cookie > value. > > I use the username and password for each member as > the cookie's value. > That way I can be sure the it doesn't give away any > info the user > doesn't already know. I actually have the > name/password value stored in > a separate field in the members database, although > that's not necessary > of course. Just a result of fuzzy thinking when I > wrote the script in > the first place - and no urgent need to change > anything afterwards. > > For maximum security you can assign a random correct > cookie value for > each member of course - and even set up some > algorithm to create a new > correct value each time a member logs on (your > [cart] solution seems to > do exactly that). Just remember that the cookie > value must always be > retrievable, that is the server has to know what > value is the right one > each and every time it encounters a [GETCOOKIE] tag! > > > Anyone have some simple example code with cookies > for > > login??? > > Once you've set the cookie it should be fairly easy > going. > > Just retrieve the cookie value using the [GETCOOKIE] > tag and > [hideif]/[showif] contexts to display and/or hide > page content depending > on whether the cookie is correctly set. > > Something like: > > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE > {cookiename}] > > The code I actually use is slightly more > complicated: > > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]] > > My members database includes (among others) two > fields named CCODE and > STATUS > > CCODE is the field with the individual cookie value > for each member tat > I mentioned earlier. > STATUS is - well the status of that particular > member. If the value > there is "OK" the membership is still valid, if not > it's expired. > > > Frank Nordberg > http://www.musicaviva.com > > > > > ------------------------------------------------------------- > This message is sent to you because you are > subscribed to > the mailing list > . > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: > http://webdna.smithmicro.com/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Lester

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Permission denied? (2004) [WebDNA] reverse rank=off (2008) Error handling for accountNum (1997) Problem with CC problem ? (1997) WCS Newbie question (1997) can you use [middle] in a search? (2001) Digest for 4/18/97 (1997) [OT] Mac Utility Required (2000) select multiple (1997) Hummm .... (2002) Help! WebCat2 bug (1997) WebCat2b15MacPlugin - [protect] (1997) [WebDNA] 4.51 upgrade to vers. 6 (2008) Parameter Passing Value (2002) RE: Multiple Stores and WebCatalog Prefs (1997) Another bug to squash (WebCat2b13 Mac .acgi) (1997) OT: SMSI stock (2003) Secure Server (1997) Running 2 two WebCatalog.acgi's (1996) Two submit buttons ? (1997)