Re: Secure Cookies
This WebDNA talk-list message is from 2008
It keeps the original formatting.
numero = 70152
interpreted = N
texte = It's all in the RFC:
Basically you should just have to add "&secure=3D" to your SETCOOKIE =20tag, but WebDNA doesn't seem to add the attribute, so you have to use =20=a simple hack instead: add the text "; to your value parameter, like[SETCOOKIE name=3DmySecureCookie2&value=3DHello!; =secure&domain=3Dwww.mydomain.com=20]Best,Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se15 apr 2008 kl. 01.00 skrev Stuart Tremain:> Any ideas on the cookies ????>>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote:>> I have had a hacker safe report about a site that returns a =20>> vulnerability:>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie">>>> Is there a secure switch in the WebDNA [SetCookie] ?>>>> Or would I just put :443 on the end of the domain ?>>>> Regards>>>> Stuart Tremain>> IDFK Web Developments>> AUSTRALIA>> webdna@idfk.com.au>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to => >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = >> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
It's all in the RFC:Basically you should just have to add "&secure=3D" to your SETCOOKIE =20tag, but WebDNA doesn't seem to add the attribute, so you have to use =20=a simple hack instead: add the text "; to your value parameter, like[SETCOOKIE name=3DmySecureCookie2&value=3DHello!; =secure&domain=3Dwww.mydomain.com=20]Best,Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se15 apr 2008 kl. 01.00 skrev Stuart Tremain:> Any ideas on the cookies ????>>> Regards>> Stuart Tremain> IDFK Web Developments> AUSTRALIA> webdna@idfk.com.au>>>>> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote:>> I have had a hacker safe report about a site that returns a =20>> vulnerability:>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie">>>> Is there a secure switch in the WebDNA [SetCookie] ?>>>> Or would I just put :443 on the end of the domain ?>>>> Regards>>>> Stuart Tremain>> IDFK Web Developments>> AUSTRALIA>> webdna@idfk.com.au>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to => >>> Web Archive of this list is at: http://webdna.smithmicro.com/>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = >> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Christer Olsson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
More on the email templates (1997)
Help need to figure this out today!!! Advanced Question. (2004)
Redirect frame targets (1998)
WebCatalog [FoundItems] Problem - LONG - (1997)
date sorting and 'template (1997)
How To question on setting up downloads (1997)
Replace Statement (1997)
WebCat2 - [format thousands] (1997)
[WebDNA] Still having problems (2008)
Undeliverable Mail (1997)
File upload (2002)
First postarg not taking in $Commands (1997)
Separate SSL Server (1997)
Email notification to one of multiple vendors ? (1997)
Another question (1997)
Bad URL reference? (1997)
Information on Vieworders.tpl (1998)
[OT] Getting a domain listening on port 443 and port80? (2003)
WebDNA wholesale ... (2002)
Stopping bad HTML propagation ? (1997)