Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db?

This WebDNA talk-list message is from

2016


It keeps the original formatting.
numero = 113078
interpreted = N
texte = 666 --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/plain; charset=UTF-8 Dale, Hi - I use a cookie - set when the user authenticates - and a session.db. Cookies are encrypted and set as HTTP_only and secure if SSL is available. The session cookie should really only be transmitted over SSL. The session.db links the cookie to the user. There is a session-time field in the DB which is updated on each page refresh. If session-time is greater than the idle time setting (usually 30 minutes), then the user is kicked out and has to re-login. I haven't used the new [session] tag. Looks interesting, but unless I'm reading the spec incorrectly it looks like the [session] has to passed around as part of the URL - or in post data. That's not something I really want to do. Maybe the [browserIDmatch] tag could be used as an extra check though - I assume that should be consistent for a specific browser regardless of the actual session value? - Tom --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dale,

Hi - I use a cookie - set when th= e user authenticates - and a session.db.

Cookies a= re encrypted and set as HTTP_only and secure if SSL is available.=C2=A0 The= session cookie should really only be transmitted over SSL.
<= br>
The session.db links the cookie to the user.=C2=A0 There is a= session-time field in the DB which is updated on each page refresh.=C2=A0 = If session-time is greater than the idle time setting (usually 30 minutes),= then the user is kicked out and has to re-login.

= I haven't used the new [session] tag.=C2=A0 Looks interesting, but unle= ss I'm reading the spec incorrectly it looks like the [session] has to = passed around as part of the URL - or in post data.=C2=A0 That's not so= mething I really want to do.

Maybe the=C2=A0[brows= erIDmatch] tag could be used as an extra check though - I assume that shoul= d be consistent for a specific browser regardless of the actual session val= ue?

- Tom


--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --94eb2c0c8ea2f3bf19053f5ca163-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
  2. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
  3. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  4. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  5. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  6. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  7. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  8. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  9. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  10. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  11. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  12. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  13. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  14. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  15. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Donovan Brooke 2016)
  16. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (Tom Duke 2016)
  17. Re: [WebDNA] User sessions - cookies only or cookies and a sessions.db? (christophe.billiottet@webdna.us 2016)
  18. [WebDNA] User sessions - cookies only or cookies and a sessions.db? (dale 2016)
666 --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/plain; charset=UTF-8 Dale, Hi - I use a cookie - set when the user authenticates - and a session.db. Cookies are encrypted and set as HTTP_only and secure if SSL is available. The session cookie should really only be transmitted over SSL. The session.db links the cookie to the user. There is a session-time field in the DB which is updated on each page refresh. If session-time is greater than the idle time setting (usually 30 minutes), then the user is kicked out and has to re-login. I haven't used the new [session] tag. Looks interesting, but unless I'm reading the spec incorrectly it looks like the [session] has to passed around as part of the URL - or in post data. That's not something I really want to do. Maybe the [browserIDmatch] tag could be used as an extra check though - I assume that should be consistent for a specific browser regardless of the actual session value? - Tom --94eb2c0c8ea2f3bf19053f5ca163 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dale,

Hi - I use a cookie - set when th= e user authenticates - and a session.db.

Cookies a= re encrypted and set as HTTP_only and secure if SSL is available.=C2=A0 The= session cookie should really only be transmitted over SSL.
<= br>
The session.db links the cookie to the user.=C2=A0 There is a= session-time field in the DB which is updated on each page refresh.=C2=A0 = If session-time is greater than the idle time setting (usually 30 minutes),= then the user is kicked out and has to re-login.

= I haven't used the new [session] tag.=C2=A0 Looks interesting, but unle= ss I'm reading the spec incorrectly it looks like the [session] has to = passed around as part of the URL - or in post data.=C2=A0 That's not so= mething I really want to do.

Maybe the=C2=A0[brows= erIDmatch] tag could be used as an extra check though - I assume that shoul= d be consistent for a specific browser regardless of the actual session val= ue?

- Tom


--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --94eb2c0c8ea2f3bf19053f5ca163-- . Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Semi-OT: PanIP patent infringement case (2001) Re:FYI: Error message (1996) Nested Loops and SHOWIFs (1997) DataBaseHelper Flawed (1997) using showpage and showcart commands (1996) ListFiles then delete by ModDate (2002) Re:Emailer and encryption (1997) [WebDNA] CICADA (2009) Is there a way to just get to the last record in the database? (1997) Security Issues and WebCommerce Solution (1997) [WebDNA] Resolve IP to Domain (2018) Searching multiple fields from one form field (1997) still having shipCost.db Problem (1997) WC2b15 File Corruption (1997) Announcing general availabilty of WebDNA 4.5 release (2002) [Listfiles] vs Netfinder (1997) WebCat2 beta 11 - new prefs ... (1997) bug in [SendMail] (1997) Changes to the List (1997) changing banners on a page without refresh? (2000)