After assigning a null string to the cookie sent it to the browser in a custom HTTP header.
This will clear the session cookie at the client. Presumably you will simultaneously do a 301 redirect to a login page to cause the hijacked/tailgated user to login and obtain a valid session cookie. <@PURGERESULTS> <@ASSIGN cookie$Witango_UserReference VALUE=""> <@ASSIGN NAME="httpHeader" SCOPE="request" VALUE="HTTP/1.1 302 <@crlf>Location: login.taf<@crlf><@USERREFERENCECOOKIE><@SETCOOKIES><@crlf><@crlf>"> >Normally you would just set the value to nothing ><@ASSIGN cookie$Witango_UserReference VALUE=""> > >The problem here is Witango is going to place a new value in there > >So you best bet is to place a value in there like ><@ASSIGN cookie$Witango_UserReference VALUE="HiMom"> > > >Ben Johansen - http://www.pcforge.com >Authorized Witango & MDaemon Reseller >Available for Witango Developement > > >-----Original Message----- >From: Roland A. Dumas [mailto:[EMAIL PROTECTED] >Sent: Tuesday, October 07, 2003 12:46 PM >To: [EMAIL PROTECTED] >Subject: Re: Witango-Talk: resetting userreferencecookie > >you can't? > >I see that the altuserkey is set at <@CGIPARAM CLIENT_IP> and deleted >it, figuring that it was keeping sessions alive that way, but it didn't > >work. > >So how do you kill a session cookie? Can you purge it? > > >On Tuesday, October 7, 2003, at 12:36 PM, Ben Johansen wrote: > >> Ok, >> My post from my other server didn't make it through. >> to change the Witango_UserReference cookie you can't uses the EXPIRES >> because it is a session cookie >> >> Ben Johansen >> >> -----Original Message----- >> From: Roland A. Dumas [SMTP:[EMAIL PROTECTED] >> Sent: Tuesday, October 07, 2003 12:31 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Witango-Talk: resetting userreferencecookie >> >> Thanks >> I figured I should be able to set @@cookie$witango_userreference to >> expire and have witango server create a new one on the spot, but there >> seems to be something very persistent about it. jest won't die. >> >> hmmm.. maybe Fergal knows >> >> >> On Tuesday, October 7, 2003, at 12:19 PM, Ben Johansen wrote: >> >>> I have been trying with my testautocookie.taf and seeing the same >>> thing >>> >>> I have been looking at it and wanted you to know that there was >>> someone looking at itJ >>> >>> >>> >>> Ben Johansen - http://www.pcforge.com >>> Authorized Witango & MDaemon Reseller >>> Available for Witango Developement >>> >>> -----Original Message----- >>> From: Roland A. Dumas [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, October 07, 2003 12:11 PM >>> To: [EMAIL PROTECTED] >>> Subject: Witango-Talk: resetting userreferencecookie >>> >>> >>> >>> If I try to rub out the userreference cookie thusly, it comes right >>> back. How can I kill it and reset in the same request? >>> >>> @ASSIGN name="Witango_userreference" scope=cookie value="now" >>> expires="Tue, 07-Oct-03 00:00:00 GMT "> >>> >>> >>> >> >> >_______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf << File: >> ATT00004.att >> >> >> >_______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >> > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > Bill Conlon To the Point 345 California Avenue Suite 2 Palo Alto, CA 94306 office: 650.327.2175 fax: 650.329.8335 mobile: 650.906.9929 e-mail: mailto:[EMAIL PROTECTED] web: http://www.tothept.com ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
