Re: [WebDNA] Secure cookies (HttpOnly/Secure)

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110822
interpreted = N
texte = --047d7b339e07bb882804e9f10c42 Content-Type: text/plain; charset=UTF-8 Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --047d7b339e07bb882804e9f10c42 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan,

I posted a method that's worki= ng for me earlier in the month. =C2=A0 Secure cookies can be set in WebDNA = (as long as the page is using SSL), HttpOnly cookies require a work-around.= =C2=A0Re-post below.

- Tom






On the 'login template' where th= e users username/password are checked:


[!]


---------------= --------------------
### =C2=A0Set session cookie and redirect to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt se= ed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[gr= ep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the= 'dasboard template':

[!]


------------------------------------
### =C2=A0Reset session cookie with Htt= pOnly option =C2=A0###

[/!][showif [v]=3Dlogon][!]
[/!][setmimeheader name=3DSet-Cookie&value= =3Dsession-cookie=3D[url][url][getcookie name=3Dsession-cookie][/url][/url]= ; path=3D/; domain=3D[grep search=3Dwww&replace=3D][getmimeheader name= =3Dhost][/grep];=C2=A0secure; HttpOnly][!]
[/!][/showif]



On the= 'logout template':

[!]


------------------------------------
### =C2=A0Clear session cookie =C2=A0##= #

[/!][setcookie name=3Dsession-cookie&value=3D&path= =3D/&domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dh= ost][/grep]&expires=3DThu, 01 Jan 1970 00:00:00 GMT]




I can't get the [setmimeheader] working on the 'logon template'= . =C2=A0 It seems the full page has to load, maybe that's the way it= 9;s meant to be?







=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Digital Rev= olutionaries
1st Floor, Castleriver House
14-15 Parliament Street
= Temple Bar,Dublin 2
Ireland
----------------------------------------------
[t]: + 353 1 4= 403907
[e]: <mailto:tom@revolutionaries.ie>
[w]: <http://www.revolutionaries.ie/= >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


On 29 October 2013 22:40, WebDNA <webd= na@idfk.com.au> wrote:
Dan

There was discussion about this recently.

Secure cookies is flagged for an update version of WebDNA.

Regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA
webdna@idfk.com.au




On 30 Oct 2013, at 9:37 am, Dan Strong <dan@danstrong.com> wrote:

> Anybody done this with WebDNA? If so, care to share?
>
> -Dan Strong
> http://www.DanS= trong.com
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us<= /a>>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us<= /a>

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us&g= t;.
To unsubscribe, E-mail to: <talk= -leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--047d7b339e07bb882804e9f10c42-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  2. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  3. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  4. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
--047d7b339e07bb882804e9f10c42 Content-Type: text/plain; charset=UTF-8 Dan, I posted a method that's working for me earlier in the month. Secure cookies can be set in WebDNA (as long as the page is using SSL), HttpOnly cookies require a work-around. Re-post below. - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? ============================================== Digital Revolutionaries 1st Floor, Castleriver House 14-15 Parliament Street Temple Bar,Dublin 2 Ireland ---------------------------------------------- [t]: + 353 1 4403907 [e]: [w]: ============================================== On 29 October 2013 22:40, WebDNA wrote: > Dan > > There was discussion about this recently. > > Secure cookies is flagged for an update version of WebDNA. > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 30 Oct 2013, at 9:37 am, Dan Strong wrote: > > > Anybody done this with WebDNA? If so, care to share? > > > > -Dan Strong > > http://www.DanStrong.com > > --------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > archives: http://mail.webdna.us/list/talk@webdna.us > > Bug Reporting: support@webdna.us > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --047d7b339e07bb882804e9f10c42 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan,

I posted a method that's worki= ng for me earlier in the month. =C2=A0 Secure cookies can be set in WebDNA = (as long as the page is using SSL), HttpOnly cookies require a work-around.= =C2=A0Re-post below.

- Tom






On the 'login template' where th= e users username/password are checked:




---------------= --------------------
### =C2=A0Set session cookie and redirect to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][url][encrypt se= ed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&domain=3D[gr= ep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the= 'dasboard template':



------------------------------------
### =C2=A0Reset session cookie with Htt= pOnly option =C2=A0###

[/!][showif [v]=3Dlogon][!]
[/!][setmimeheader name=3DSet-Cookie&value= =3Dsession-cookie=3D[url][url][getcookie name=3Dsession-cookie][/url][/url]= ; path=3D/; domain=3D[grep search=3Dwww&replace=3D][getmimeheader name= =3Dhost][/grep];=C2=A0secure; HttpOnly][!]
[/!][/showif]



On the= 'logout template':



------------------------------------
### =C2=A0Clear session cookie =C2=A0##= #

[/!][setcookie name=3Dsession-cookie&value=3D&path= =3D/&domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dh= ost][/grep]&expires=3DThu, 01 Jan 1970 00:00:00 GMT]




I can't get the [setmimeheader] working on the 'logon template'= . =C2=A0 It seems the full page has to load, maybe that's the way it= 9;s meant to be?







=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Digital Rev= olutionaries
1st Floor, Castleriver House
14-15 Parliament Street
= Temple Bar,Dublin 2
Ireland
----------------------------------------------
[t]: + 353 1 4= 403907
[e]: <mailto:tom@revolutionaries.ie>
[w]: <http://www.revolutionaries.ie/= >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


On 29 October 2013 22:40, WebDNA <webd= na@idfk.com.au> wrote:
Dan

There was discussion about this recently.

Secure cookies is flagged for an update version of WebDNA.

Regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA
webdna@idfk.com.au




On 30 Oct 2013, at 9:37 am, Dan Strong <dan@danstrong.com> wrote:

> Anybody done this with WebDNA? If so, care to share?
>
> -Dan Strong
> http://www.DanS= trong.com
> ---------------------------------------------------------
> This message is sent to you because you are subscribed to
> the mailing list <talk@webdna.us<= /a>>.
> To unsubscribe, E-mail to: <talk-leave@webdna.us>
> archives: http://mail.webdna.us/list/talk@webdna.us
> Bug Reporting: support@webdna.us<= /a>

---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <talk@webdna.us&g= t;.
To unsubscribe, E-mail to: <talk= -leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: support@webdna.us

--047d7b339e07bb882804e9f10c42-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

case number with spaces. (2000) month or year in date field in lineitems continued... (1998) Who is doing sign-ups (1998) OR-searching (2000) 301 redirect (2008) WebCat editing, SiteGuard & SiteEdit (1997) SAVECART (1997) The word TYPE in search contexts and fields (1998) searching with groups (1997) Running 2 two WebCatalog.acgi's (1996) Renaming TextA (1998) Modulo function? (2000) updating checkbox in a db (1998) 2.1 Stuff (1998) WebCat2b13MacPlugin - nested [xxx] contexts (1997) SmithMicro Help! -- Can't access WebCatalog Admin! (2001) tiny Linux issue (1999) Weird bug, or is there something amiss? (1997) credit card authorization question (1997) convert characters (2003)