ah, setting header causes plug-in crash..... (which is where I started) (and bug report form to witango has a bug in it so submit don't work)
On Tuesday, October 7, 2003, at 05:48 PM, Bill Conlon wrote:
After assigning a null string to the cookie sent it to the browser in a custom HTTP header.
This will clear the session cookie at the client.
Presumably you will simultaneously do a 301 redirect to a login page to cause the hijacked/tailgated user to login and obtain a valid session cookie.
<@PURGERESULTS> <@ASSIGN cookie$Witango_UserReference VALUE=""> <@ASSIGN NAME="httpHeader" SCOPE="request" VALUE="HTTP/1.1 302 <@crlf>Location: login.taf<@crlf><@USERREFERENCECOOKIE><@SETCOOKIES><@crlf><@crlf>">
Normally you would just set the value to nothing <@ASSIGN cookie$Witango_UserReference VALUE="">
The problem here is Witango is going to place a new value in there
So you best bet is to place a value in there like <@ASSIGN cookie$Witango_UserReference VALUE="HiMom">
Ben Johansen - http://www.pcforge.com Authorized Witango & MDaemon Reseller Available for Witango Developement
-----Original Message----- From: Roland A. Dumas [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 12:46 PM To: [EMAIL PROTECTED] Subject: Re: Witango-Talk: resetting userreferencecookie
you can't?
I see that the altuserkey is set at <@CGIPARAM CLIENT_IP> and deleted
it, figuring that it was keeping sessions alive that way, but it didn't
work.
So how do you kill a session cookie? Can you purge it?
On Tuesday, October 7, 2003, at 12:36 PM, Ben Johansen wrote:
______________________________________________________________________ _Ok, My post from my other server didn't make it through. to change the Witango_UserReference cookie you can't uses the EXPIRES because it is a session cookie
Ben Johansen
-----Original Message----- From: Roland A. Dumas [SMTP:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: Re: Witango-Talk: resetting userreferencecookie
Thanks
I figured I should be able to set @@cookie$witango_userreference to
expire and have witango server create a new one on the spot, but there
seems to be something very persistent about it. jest won't die.
hmmm.. maybe Fergal knows
On Tuesday, October 7, 2003, at 12:19 PM, Ben Johansen wrote:
I have been trying with my testautocookie.taf and seeing the same thing
I have been looking at it and wanted you to know that there was someone looking at itJ
Ben Johansen - http://www.pcforge.com Authorized Witango & MDaemon Reseller Available for Witango Developement
-----Original Message----- From: Roland A. Dumas [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: Witango-Talk: resetting userreferencecookie
If I try to rub out the userreference cookie thusly, it comes right back. How can I kill it and reset in the same request?
@ASSIGN name="Witango_userreference" scope=cookie value="now" expires="Tue, 07-Oct-03 00:00:00 GMT ">
______________________________________________________________________ __ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf << File: ATT00004.att >>
_ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
______________________________________________________________________ __
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
______________________________________________________________________ __
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
Bill Conlon
To the Point 345 California Avenue Suite 2 Palo Alto, CA 94306
office: 650.327.2175 fax: 650.329.8335 mobile: 650.906.9929 e-mail: mailto:[EMAIL PROTECTED] web: http://www.tothept.com
_______________________________________________________________________ _
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
