Re: login via cookies
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67081
interpreted = N
texte = Are you storing a set predefined cookie value for eachuser in the database thats always the same (butunique) and then accessing that for the cookie valuewhen a user logins corectly?I do check logins via an existing db already...--- Frank Nordberg
wrote:> Lester wrote:> > > After I search the db and they have in fact> entered> > the correct user/pass I do:> > > > [SETCOOKIE> > name=siteblogger&value=[cart]&domain=site.com]> > Blogger Admin> > > > Am I then incorporating the cookie just set within> > MemberChecker on all other protected pages to see> if> > it exists and if so they continue onward???> > Yes, that sounds about right. Just keep in mind that> subdomain names may > count, so a cookie with domain=site.com may not work> on a page at > www.site.com and vice versa.> > > ....or another way> > > > Is using [cart] as a cookie a good idea?> > That depends. Remember the user can access and read> the value the cookie > is set to. If that's OK, there shouldn't be any> problem.> > The only important thing is that the cookie is set> to a value that's > easily identifiable/retievable throughtout the time> the cookie lasts.> In low-security setups you can simply use a constant> string, such as > "OK" (without the quotes of course) as the cookie> value.> > I use the username and password for each member as> the cookie's value. > That way I can be sure the it doesn't give away any> info the user > doesn't already know. I actually have the> name/password value stored in > a separate field in the members database, although> that's not necessary > of course. Just a result of fuzzy thinking when I> wrote the script in > the first place - and no urgent need to change> anything afterwards.> > For maximum security you can assign a random correct> cookie value for > each member of course - and even set up some> algorithm to create a new > correct value each time a member logs on (your> [CART] solution seems to > do exactly that). Just remember that the cookie> value must always be > retrievable, that is the server has to know what> value is the right one > each and every time it encounters a [GETCOOKIE] tag!> > > Anyone have some simple example code with cookies> for> > login???> > Once you've set the cookie it should be fairly easy> going.> > Just retrieve the cookie value using the [GETCOOKIE]> tag and > [HIDEIF]/[SHOWIF] contexts to display and/or hide> page content depending > on whether the cookie is correctly set.> > Something like:> > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE> {cookiename}]> > The code I actually use is slightly more> complicated:> > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]]> > My members database includes (among others) two> fields named CCODE and > STATUS> > CCODE is the field with the individual cookie value> for each member tat > I mentioned earlier.> STATUS is - well the status of that particular> member. If the value > there is "OK" the membership is still valid, if not> it's expired.> > > Frank Nordberg> http://www.musicaviva.com> > > > >-------------------------------------------------------------> This message is sent to you because you are> subscribed to> the mailing list> .> To unsubscribe, E-mail to:> > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at:> http://webdna.smithmicro.com/> __________________________________________________Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Are you storing a set predefined cookie value for eachuser in the database thats always the same (butunique) and then accessing that for the cookie valuewhen a user logins corectly?I do check logins via an existing db already...--- Frank Nordberg wrote:> Lester wrote:> > > After I search the db and they have in fact> entered> > the correct user/pass I do:> > > > [SETCOOKIE> > name=siteblogger&value=[cart]&domain=site.com]> > Blogger Admin> > > > Am I then incorporating the cookie just set within> > MemberChecker on all other protected pages to see> if> > it exists and if so they continue onward???> > Yes, that sounds about right. Just keep in mind that> subdomain names may > count, so a cookie with domain=site.com may not work> on a page at > www.site.com and vice versa.> > > ....or another way> > > > Is using [cart] as a cookie a good idea?> > That depends. Remember the user can access and read> the value the cookie > is set to. If that's OK, there shouldn't be any> problem.> > The only important thing is that the cookie is set> to a value that's > easily identifiable/retievable throughtout the time> the cookie lasts.> In low-security setups you can simply use a constant> string, such as > "OK" (without the quotes of course) as the cookie> value.> > I use the username and password for each member as> the cookie's value. > That way I can be sure the it doesn't give away any> info the user > doesn't already know. I actually have the> name/password value stored in > a separate field in the members database, although> that's not necessary > of course. Just a result of fuzzy thinking when I> wrote the script in > the first place - and no urgent need to change> anything afterwards.> > For maximum security you can assign a random correct> cookie value for > each member of course - and even set up some> algorithm to create a new > correct value each time a member logs on (your> [cart] solution seems to > do exactly that). Just remember that the cookie> value must always be > retrievable, that is the server has to know what> value is the right one > each and every time it encounters a [GETCOOKIE] tag!> > > Anyone have some simple example code with cookies> for> > login???> > Once you've set the cookie it should be fairly easy> going.> > Just retrieve the cookie value using the [GETCOOKIE]> tag and > [hideif]/[showif] contexts to display and/or hide> page content depending > on whether the cookie is correctly set.> > Something like:> > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE> {cookiename}]> > The code I actually use is slightly more> complicated:> > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]]> > My members database includes (among others) two> fields named CCODE and > STATUS> > CCODE is the field with the individual cookie value> for each member tat > I mentioned earlier.> STATUS is - well the status of that particular> member. If the value > there is "OK" the membership is still valid, if not> it's expired.> > > Frank Nordberg> http://www.musicaviva.com> > > > >-------------------------------------------------------------> This message is sent to you because you are> subscribed to> the mailing list> .> To unsubscribe, E-mail to:> > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at:> http://webdna.smithmicro.com/> __________________________________________________Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Lester
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
multiple databases (1997)
Shopping Cart Questions (1998)
Showif dates... (2002)
How To question on setting up downloads (1997)
OT: Backup Strategies (2007)
TCPConnect to Telnet (2003)
Undeliverable Mail (1997)
Smart caching problems with 2.1b3? (1997)
Summing fields (1997)
wrong input values? (1997)
Using Plug-In while running 1.6.1 (1997)
Counting LineItems (2000)
search double negative comparison (2001)
emailer error 103 part ii (1997)
[TaxableTotal] - not working with AOL and IE (1997)
[LOOKUP] (1997)
Sorry WebDNA server not running ????? (2002)
Fedora Core 3 and WebDNA (2005)
WebCatalog for Postcards ? (1997)
Users.db [encrypt seed=????] (1998)