[WebDNA] Secure & HttpOnly Session Cookies

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110793
interpreted = N
texte = --047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  23. Re: [WebDNA] Secure & HttpOnly Session Cookies (WebDNA 2013)
  24. [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  27. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  28. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  29. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  30. Re: [WebDNA] Secure Cookies (Govinda 2009)
  31. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  32. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  33. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  34. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  35. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  36. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  37. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  38. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  39. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  40. [WebDNA] Secure Cookies (Stuart Tremain 2009)
--047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

PCS Customer submissions ? (1997) WebTen and WebCat (1997) AppleShare IP 6.1 (1998) RE: Formulas.db + Users.db (1997) Fedora Core 3 and WebDNA (2005) Multiple Replaces? (1997) RE: WebDNA-Talk searchable? (1997) Mozilla/4. and Browser Info.txt (1997) Passwords, Subscription, DBs, oh my! (2000) Mac Lockup Problems (1998) Virtual hosting and webcatNT (1997) WC2.0 Memory Requirements (1997) encryption madness (2004) Database Path (1998) WebCat2 - many [carts] on one template page? (1997) Reading through the Order File (1999) Help!!!! (1997) forms processing (2000) Using [Showif] tag. Mac (1997) New Code Red (2001)