Thank you Bryan. Using a full qualified server name did it. I'm lazy you know and like to keep things short.
--- In [email protected], "Bryan Yates" <[EMAIL PROTECTED]> wrote: > > It may be the way you are accessing your local server. For instance if > you access the application via http://myserver/mypgm.pgm then cookies > won't work. They require at least two qualified levels so > http://myserver.mydomain/mypgm.pgm will create a cookie. > > Bryan Yates > SR Systems Analyst/Programmer > Information Technology > Collin County Government > http://www.collincountytexas.gov > mailto:[EMAIL PROTECTED] > > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > On Behalf Of eg_pops > Sent: Saturday, January 07, 2006 9:49 AM > To: [email protected] > Subject: [Easy400Group] Re: Cookies doesn't work on local Apache Server > > Thanks K. > > I've found a thread that addresses my needs, without the use of > cookies. > > However, I'm concerned about having the cookies working for other > purposes. Just in case we need them down the road. > > Any idea of why it is working everywhere but on our local server? Is > there a setting on Apache I must turn on? > > Regards > Eric > > > --- In [email protected], "K. Schreur" <[EMAIL PROTECTED]> > wrote: > > > > If you browse through the messages posted I believe you will find > several > > different ideas on how to perform what you are asking. In my past > > experience, we generated a random value, and passed that as a > hidden value. > > We had a simple algorithm to encode that value so that it was > meaningless to > > the user. Each cgi program would validate the key and check a > timestamp. If > > the key was invalid, or the timestamp was older than 30 minutes we > > considered the session expired, and the user had to begin all over > again. > > (this was accomplished with a couple of basic programs that were > executed > > after every input request)We kept a file on the server with all > keys, and > > last cgi process used. We also kept some additional information > such as > > variable data needed between programs that we did not wish to pass > as hidden > > variables, to keep state information. This allowed for trouble > shooting when > > there was a problem, and also to back out any uncompleted > transaction sets. > > For general web pages that were not transaction oriented, we did > not care. > > However for any process that required file updates etc, we always > started > > those processes in a new browser window that did not allow > navigation or > > tool bars so that the process would proceed until finished or the > user > > cancelled out (close the window or hit cancel button). There was a > server > > process that cleaned up unfinished transaction processes. We > didn't find it > > necessary to pass the password between pages in any form, and that > would not > > have passed a security audit anyway. Once the person was signed > onto the > > server, unless they closed the browser they were validated. > > > > ----- Original Message ----- > > From: "eg_pops" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Friday, January 06, 2006 10:00 PM > > Subject: [Easy400Group] Cookies doesn't work on local Apache Server > > > > > > > Hi, > > > > > > I'm looking for a way to pass crypted session user and password > info > > > from one page to another to prevent a user to inquire someone > else's > > > data by fooling with the URL. I don't like using hidden inputs > to > > > pass such sensitive info, so I thought about using cookies. > > > > > > However, I can't have a cookie created at all when running CGI's > > > from my local Apache server. > > > > > > I did a little test to know if I was wrong. On the Easy400 web > > > site, there's a demo that illustrates the use of cookies > (http://www- > > > 922.ibm.com/cgidev2p/cookie2.pgm) this one works just fine, so > this > > > proves that this is not an issue with my browser settings. > > > > > > Now, if I run the same demo from my local server which was > > > implemented with the CGIDEV2 package -- and should be the same as > > > the one available on Easy400 site -- no cookie is created at > all. > > > > > > Anybody has a clue? > > > > > > Otherwise, I'm considering using user space which I believe > might > > > be even more secure than cookies since only the random userspace > > > name will travel thru the Web, which is additionnaly crypted, > has no > > > sense for a malicious user. However, I don't like the idea of > > > accumulating thousands of userspaces thru the day until a purge > task > > > wipe them off at night. > > > > > > Cookies also have their downsides since many users disable them > from > > > their browsers. > > > > > > Any other proposals? > > > > > > TIA > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
