Can we see an example of how your are setting the header? This can be really persnickety ;-) Not saying you are doing any wrong, just interested
Ben Johansen - http://www.pcforge.com -Authorized WiTango Reseller http://www.pcforge.com/WitangoGoodies.htm -Authorized Alt-N Reseller http://www.pcforge.com/AltN.htm -----Original Message----- From: Roland A. Dumas [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 5:54 PM To: [EMAIL PROTECTED] Subject: Re: Witango-Talk: resetting userreferencecookie ah, setting header causes plug-in crash..... (which is where I started) (and bug report form to witango has a bug in it so submit don't work) On Tuesday, October 7, 2003, at 05:48 PM, Bill Conlon wrote: > After assigning a null string to the cookie sent it to the browser in a > custom HTTP header. > > This will clear the session cookie at the client. > > Presumably you will simultaneously do a 301 redirect to a login page to > cause the hijacked/tailgated user to login and obtain a valid session > cookie. > > <@PURGERESULTS> > <@ASSIGN cookie$Witango_UserReference VALUE=""> > <@ASSIGN NAME="httpHeader" SCOPE="request" VALUE="HTTP/1.1 302 > <@crlf>Location: > login.taf<@crlf><@USERREFERENCECOOKIE><@SETCOOKIES><@crlf><@crlf>"> > >> Normally you would just set the value to nothing >> <@ASSIGN cookie$Witango_UserReference VALUE=""> >> >> The problem here is Witango is going to place a new value in there >> >> So you best bet is to place a value in there like >> <@ASSIGN cookie$Witango_UserReference VALUE="HiMom"> >> >> >> Ben Johansen - http://www.pcforge.com >> Authorized Witango & MDaemon Reseller >> Available for Witango Developement >> >> >> -----Original Message----- >> From: Roland A. Dumas [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, October 07, 2003 12:46 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Witango-Talk: resetting userreferencecookie >> >> you can't? >> >> I see that the altuserkey is set at <@CGIPARAM CLIENT_IP> and deleted >> it, figuring that it was keeping sessions alive that way, but it >> didn't >> >> work. >> >> So how do you kill a session cookie? Can you purge it? >> >> >> On Tuesday, October 7, 2003, at 12:36 PM, Ben Johansen wrote: >> >>> Ok, >>> My post from my other server didn't make it through. >>> to change the Witango_UserReference cookie you can't uses the EXPIRES >>> because it is a session cookie >>> >>> Ben Johansen >>> >>> -----Original Message----- >>> From: Roland A. Dumas [SMTP:[EMAIL PROTECTED] >>> Sent: Tuesday, October 07, 2003 12:31 PM >>> To: [EMAIL PROTECTED] >>> Subject: Re: Witango-Talk: resetting userreferencecookie >>> >>> Thanks >>> I figured I should be able to set @@cookie$witango_userreference to >>> expire and have witango server create a new one on the spot, but >>> there >>> seems to be something very persistent about it. jest won't die. >>> >>> hmmm.. maybe Fergal knows >>> >>> >>> On Tuesday, October 7, 2003, at 12:19 PM, Ben Johansen wrote: >>> >>>> I have been trying with my testautocookie.taf and seeing the same >>>> thing >>>> >>>> I have been looking at it and wanted you to know that there was >>>> someone looking at itJ >>>> >>>> >>>> >>>> Ben Johansen - http://www.pcforge.com >>>> Authorized Witango & MDaemon Reseller >>>> Available for Witango Developement >>>> >>>> -----Original Message----- >>>> From: Roland A. Dumas [mailto:[EMAIL PROTECTED] >>>> Sent: Tuesday, October 07, 2003 12:11 PM >>>> To: [EMAIL PROTECTED] >>>> Subject: Witango-Talk: resetting userreferencecookie >>>> >>>> >>>> >>>> If I try to rub out the userreference cookie thusly, it comes right >>>> back. How can I kill it and reset in the same request? >>>> >>>> @ASSIGN name="Witango_userreference" scope=cookie value="now" >>>> expires="Tue, 07-Oct-03 00:00:00 GMT "> >>>> >>>> >>>> >>> >>> >> ______________________________________________________________________ >> _ >>> _ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf << File: >>> ATT00004.att >> >>> >>> >> ______________________________________________________________________ >> _ >>> _ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> >> >> ______________________________________________________________________ >> __ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >> >> >> ______________________________________________________________________ >> __ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >> > > > Bill Conlon > > To the Point > 345 California Avenue Suite 2 > Palo Alto, CA 94306 > > office: 650.327.2175 > fax: 650.329.8335 > mobile: 650.906.9929 > e-mail: mailto:[EMAIL PROTECTED] > web: http://www.tothept.com > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
