Chuck,
I have thought that a tag which allows the userreference to be regenerated might be useful, but I’m never implemented it as there wasn’t a clear cut use case. There is a possible situation where there could be a non-secure userreference (http) and a secure userreference (https) which both point to the same user scope, alternatively, you could assign a different userreference to the scope when moving from http to https. Right now, you should know that the userreference string is little more than a hash of a random number. Therefore, there is nothing preventing you from simply making a new one and returning it to the user. You just have to do so manually in a custom generated http header, like so: <@ASSIGN request$httpheader "HTTP/1.1 200 OK<@CRLF>Content-Type: text/html<@CRLF>Set-Cookie: TeraScript_UserReference=<@LEFT <@UPPER <@CIPHER hash md5 <@UUID>>> 24><@CRLF><@CRLF>"> Obviously the user will lose their user variables on the next request because the newly generated user reference points to a non-existing user scope. This would have the same pratical effect as if you did <@PURGE scope=user> TS inherently doesn’t allow one request to access more than one user scope. This purposely done as a security blockade. I would only implement such a function if user scopes were isolated to domain scopes. Version 8 will open up all of these possibilities and more. If you did want to retain the user session using the above httpheader, the process would be to build the new user reference string, create a record in the database with that string and an user identifier (primary key). Then, in your global header where you check to see if the user scope contains valid login information (presumably you return the user to the login screen when this happens) now you would check this database for the userreference and reload the user’s session information into the user scope. You should immediately delete the record from the database and probably put a timeout mechanism in place as well so that this rebuilding effect is as secure the normal user scope is. I’ll think on how a tag might work to do something similar. Robert From: Chuck Lockwood [mailto:[email protected]] Sent: Friday, March 06, 2015 11:29 AM To: [email protected] Subject: RE: TeraScript-Talk: Two tabs open Robert, We recently ran into PCI issue, the requirement is that once the user is authenticated, a new cookie should be created with a new session(userreference). So what we need is a way to invalidate the original userreference, and force a new cookie to be created with a new userreference. New tag? From: Robert Shubert [mailto:[email protected]] Sent: Friday, March 6, 2015 10:02 AM To: [email protected] <mailto:[email protected]> Subject: RE: TeraScript-Talk: Two tabs open Does it happen if you open one tab in Safari and the other tab in Chrome? Usually these browsers will use the same cookies (including session cookies) for different tabs, this means that opening a new tab is NOT creating a new session (aka a new user scope) and you are just interacting with the same set of user variables in the different windows. Using different browsers will correct your problem. I was recently having a discussion about the usefulness of a scope that’s more persistent than request but less encompassing than user. It’s a concept we’ll be exploring in the future. In general, the user scope should be used for relatively static session information (like the logged in user’s email address) but not information that is more transient or localized. Robert From: Mark Weiss [mailto:[email protected]] Sent: Friday, March 06, 2015 1:32 AM To: [email protected] <mailto:[email protected]> Subject: TeraScript-Talk: Two tabs open I am running 5.5 on a mac Server. What I am running into is something that I think I have read about before. I log into a program I have written in one tab in a safari or Chrome Brower. Then I create another tab and log in again. Usually this is to compare information simultaneously. It appears though that when I do this, user variables get messed up. and wrong things begin to load in the second window. Is this again, some kind of basic problem I am supposed to know about but don’t. I am NOT using <@userreferenceargument> as I was told by someone that this was not a good practice. Thanks for any advice on this. Mark Weiss _____ To unsubscribe from this list, please send an email to [email protected] <mailto:[email protected]> with "unsubscribe terascript-talk" in the body. _____ To unsubscribe from this list, please send an email to [email protected] <mailto:[email protected]> with "unsubscribe terascript-talk" in the body. _____ To unsubscribe from this list, please send an email to [email protected] <mailto:[email protected]> with "unsubscribe terascript-talk" in the body. ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe terascript-talk" in the body.
