Re: login via cookies

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67081
interpreted = N
texte = Are you storing a set predefined cookie value for each user in the database thats always the same (but unique) and then accessing that for the cookie value when a user logins corectly? I do check logins via an existing db already... --- Frank Nordberg wrote: > Lester wrote: > > > After I search the db and they have in fact > entered > > the correct user/pass I do: > > > > [SETCOOKIE > > name=siteblogger&value=[cart]&domain=site.com] > > Blogger Admin > > > > Am I then incorporating the cookie just set within > > MemberChecker on all other protected pages to see > if > > it exists and if so they continue onward??? > > Yes, that sounds about right. Just keep in mind that > subdomain names may > count, so a cookie with domain=site.com may not work > on a page at > www.site.com and vice versa. > > > ....or another way > > > > Is using [cart] as a cookie a good idea? > > That depends. Remember the user can access and read > the value the cookie > is set to. If that's OK, there shouldn't be any > problem. > > The only important thing is that the cookie is set > to a value that's > easily identifiable/retievable throughtout the time > the cookie lasts. > In low-security setups you can simply use a constant > string, such as > "OK" (without the quotes of course) as the cookie > value. > > I use the username and password for each member as > the cookie's value. > That way I can be sure the it doesn't give away any > info the user > doesn't already know. I actually have the > name/password value stored in > a separate field in the members database, although > that's not necessary > of course. Just a result of fuzzy thinking when I > wrote the script in > the first place - and no urgent need to change > anything afterwards. > > For maximum security you can assign a random correct > cookie value for > each member of course - and even set up some > algorithm to create a new > correct value each time a member logs on (your > [CART] solution seems to > do exactly that). Just remember that the cookie > value must always be > retrievable, that is the server has to know what > value is the right one > each and every time it encounters a [GETCOOKIE] tag! > > > Anyone have some simple example code with cookies > for > > login??? > > Once you've set the cookie it should be fairly easy > going. > > Just retrieve the cookie value using the [GETCOOKIE] > tag and > [HIDEIF]/[SHOWIF] contexts to display and/or hide > page content depending > on whether the cookie is correctly set. > > Something like: > > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE > {cookiename}] > > The code I actually use is slightly more > complicated: > > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]] > > My members database includes (among others) two > fields named CCODE and > STATUS > > CCODE is the field with the individual cookie value > for each member tat > I mentioned earlier. > STATUS is - well the status of that particular > member. If the value > there is "OK" the membership is still valid, if not > it's expired. > > > Frank Nordberg > http://www.musicaviva.com > > > > > ------------------------------------------------------------- > This message is sent to you because you are > subscribed to > the mailing list > . > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: > http://webdna.smithmicro.com/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: login via cookies ( Frank Nordberg 2006)
  2. Re: login via cookies ( "Dan Strong" 2006)
  3. Re: login via cookies ( Bob Minor 2006)
  4. Re: login via cookies ( "Dan Strong" 2006)
  5. Re: login via cookies ( Lester 2006)
  6. Re: login via cookies ( Frank Nordberg 2006)
  7. Re: login via cookies ( Gary Krockover 2006)
  8. login via cookies ( Lester 2006)
Are you storing a set predefined cookie value for each user in the database thats always the same (but unique) and then accessing that for the cookie value when a user logins corectly? I do check logins via an existing db already... --- Frank Nordberg wrote: > Lester wrote: > > > After I search the db and they have in fact > entered > > the correct user/pass I do: > > > > [SETCOOKIE > > name=siteblogger&value=[cart]&domain=site.com] > > Blogger Admin > > > > Am I then incorporating the cookie just set within > > MemberChecker on all other protected pages to see > if > > it exists and if so they continue onward??? > > Yes, that sounds about right. Just keep in mind that > subdomain names may > count, so a cookie with domain=site.com may not work > on a page at > www.site.com and vice versa. > > > ....or another way > > > > Is using [cart] as a cookie a good idea? > > That depends. Remember the user can access and read > the value the cookie > is set to. If that's OK, there shouldn't be any > problem. > > The only important thing is that the cookie is set > to a value that's > easily identifiable/retievable throughtout the time > the cookie lasts. > In low-security setups you can simply use a constant > string, such as > "OK" (without the quotes of course) as the cookie > value. > > I use the username and password for each member as > the cookie's value. > That way I can be sure the it doesn't give away any > info the user > doesn't already know. I actually have the > name/password value stored in > a separate field in the members database, although > that's not necessary > of course. Just a result of fuzzy thinking when I > wrote the script in > the first place - and no urgent need to change > anything afterwards. > > For maximum security you can assign a random correct > cookie value for > each member of course - and even set up some > algorithm to create a new > correct value each time a member logs on (your > [cart] solution seems to > do exactly that). Just remember that the cookie > value must always be > retrievable, that is the server has to know what > value is the right one > each and every time it encounters a [GETCOOKIE] tag! > > > Anyone have some simple example code with cookies > for > > login??? > > Once you've set the cookie it should be fairly easy > going. > > Just retrieve the cookie value using the [GETCOOKIE] > tag and > [hideif]/[showif] contexts to display and/or hide > page content depending > on whether the cookie is correctly set. > > Something like: > > [HIDEIF/SHOWIF {correct cookie value}=[GETCOOKIE > {cookiename}] > > The code I actually use is slightly more > complicated: > > [HIDEIF/SHOWIF OK=[LOOKUP db={members > database}&lookInField=CCODE&value=[GETCOOKIE > {cookiename}]&returnField=STATUS¬Found=no]] > > My members database includes (among others) two > fields named CCODE and > STATUS > > CCODE is the field with the individual cookie value > for each member tat > I mentioned earlier. > STATUS is - well the status of that particular > member. If the value > there is "OK" the membership is still valid, if not > it's expired. > > > Frank Nordberg > http://www.musicaviva.com > > > > > ------------------------------------------------------------- > This message is sent to you because you are > subscribed to > the mailing list > . > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: > http://webdna.smithmicro.com/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Lester

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

upgrade? (1997) [include ...] behavior (1997) Rhapsody? (1997) A little help on e-mail (HELP!!! :-) ) (1998) 4.0 image uploading /features (2000) Calculating Shipping (1997) Not really WebCat- (1997) WebTEN vs webSTAR (1998) autosensing lanague selection (1997) something weird happening on our site. (2001) html pages not working (2003) For those of you not on the WebCatalog Beta... (1997) Caching [include] files ... (1997) rename a file (1997) More on the email templates (1997) WebCat Talk Arhives... (1998) MacAuthorize order data fields WAS:How To question... (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) New servers and new inline cache (1997) Fwd: Problems with Webcatalog Plug-in (1997)