[WebDNA] Secure & HttpOnly Session Cookies

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110793
interpreted = N
texte = --047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  23. Re: [WebDNA] Secure & HttpOnly Session Cookies (WebDNA 2013)
  24. [WebDNA] Secure & HttpOnly Session Cookies (Tom Duke 2013)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  27. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  28. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  29. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  30. Re: [WebDNA] Secure Cookies (Govinda 2009)
  31. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  32. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  33. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  34. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  35. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  36. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  37. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  38. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  39. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  40. [WebDNA] Secure Cookies (Stuart Tremain 2009)
--047d7bdca488d3e60104e7e0141b Content-Type: text/plain; charset=UTF-8 Dan / Stuart, As we're on a security thing at the moment, I was trying to work out how best to set session cookies. Here's what's working for me (WebDNA 6.2 on CentOS). - Tom On the 'login template' where the users username/password are checked: [!] ----------------------------------- ### Set session cookie and redirect to dashboard ### [/!][setcookie name=session-cookie&value=[url][url][encrypt seed=secret-seed][cart][/encrypt][/url][/url]&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&secure=T][!] [/!][redirect /dashboard.tmpl?v=logon] On the 'dasboard template': [!] ------------------------------------ ### Reset session cookie with HttpOnly option ### [/!][showif [v]=logon][!] [/!][setmimeheader name=Set-Cookie&value=session-cookie=[url][url][getcookie name=session-cookie][/url][/url]; path=/; domain=[grep search=www&replace=][getmimeheader name=host][/grep]; secure; HttpOnly][!] [/!][/showif] On the 'logout template': [!] ------------------------------------ ### Clear session cookie ### [/!][setcookie name=session-cookie&value=&path=/&domain=[grep search=www&replace=][getmimeheader name=host][/grep]&expires=Thu, 01 Jan 1970 00:00:00 GMT] I can't get the [setmimeheader] working on the 'logon template'. It seems the full page has to load, maybe that's the way it's meant to be? --047d7bdca488d3e60104e7e0141b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dan / Stuart,

As we're on a securit= y thing at the moment, I was trying to work out how best to set session coo= kies. =C2=A0Here's what's working for me (WebDNA 6.2 on CentOS).

- Tom




On the 'login template' where the users username/pa= ssword are checked:


[!]


-----------------------------------
### =C2=A0Set session cookie and redirect = to dashboard =C2=A0###

[/!][setcookie name=3Dsession-cookie&value=3D[url][= url][encrypt seed=3Dsecret-seed][cart][/encrypt][/url][/url]&path=3D/&a= mp;domain=3D[grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/= grep]&secure=3DT][!]
[/!][redirect /dashboard.tmpl?v=3Dlogon]



On the 'dasboard template':

[!]


----------------------------= --------
### =C2=A0Reset ses= sion cookie with HttpOnly option =C2=A0###

[/!][sh= owif [v]=3Dlogon][!]
= [/!][setmimeheader name=3DSet-Cookie&value=3Dsession-cookie=3D[u= rl][url][getcookie name=3Dsession-cookie][/url][/url]; path=3D/; domain=3D[= grep search=3Dwww&replace=3D][getmimeheader name=3Dhost][/grep]; secure= ; HttpOnly][!]
[/!][/showif]



=
On the 'logout template':

[!]


------------------------------------
### =C2=A0Clear ses= sion cookie =C2=A0###

[/!][setcookie name=3Dsessio= n-cookie&value=3D&path=3D/&domain=3D[grep search=3Dwww&repl= ace=3D][getmimeheader name=3Dhost][/grep]&expires=3DThu, 01 Jan 1970 00= :00:00 GMT]




I ca= n't get the [setmimeheader] working on the 'logon template'. = =C2=A0 It seems the full page has to load, maybe that's the way it'= s meant to be?
--047d7bdca488d3e60104e7e0141b-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

No luck with taxes (1997) PLEASE REMOVE MY EMAIL ADDRESS (1997) NT considerations (1997) Text data with spaces in them... (1997) sendmail for email (was Netforms) (1998) So many lookers, hey smith micro (2003) Number of Line Items (1998) [TaxTotal] (1998) Re:quit command on NT (1997) [OT] 'Email this story to a friend' (2003) [format] problem (2001) Bug Report, maybe (1997) Text data with spaces in them... (1997) [WebDNA] Candidate versions release (2010) Database (2002) PCS Frames (1997) orders being printed (1998) Finding max value for a field (1997) XML Syntax, Cookies and Variables.... (2004) CommandSecurity? (1997)