RE: Witango-Talk: resetting userreferencecookie

Tue, 07 Oct 2003 23:35:56 -0700 

Ok
Here is a brute force taf
Ok I sent it in taf form because these things are so sensitive to extra
spaces and crlfs it was just easier

Note: taf is in T2k if you want to using it in v5 then change the header to
set
Witango_UserReference instead of Tango_UserReference
and save it out in v5.

Give this a try

--Within the <pre below is the output of this taf--
<pre>

HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Wed, 08 Oct 2003 06:37:58 GMT
Connection: close
Set-Cookie: Tango_UserReference=HiTher; path=/;
Cache-Control: no-cache
Cache-Control: post-check=0,pre-check=0
Cache-Control: max-age=0
Pragma: no-cache
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
        <TITLE>Test UR Blank</TITLE>
</HEAD>
<BODY>
<H2 ALIGN=LEFT>Test UR Blank</H2>
</BODY>
</HTML>

</pre>

Ben Johansen - http://www.pcforge.com
-Authorized WiTango Reseller
 http://www.pcforge.com/WitangoGoodies.htm
-Authorized Alt-N Reseller
 http://www.pcforge.com/AltN.htm

-----Original Message-----
From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 6:34 PM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: resetting userreferencecookie


Hey, I'll readily admit that I'm doing something wrong. That's usually
the easiest path:

was trying to set cache expiry and:

<@ASSIGN request$httpHeader VALUE="HTTP/1.1 <@HTTPSTATUSCODE>
<@HTTPREASONPHRASE><@CRLF>Content-Type: text/html<@CRLF>X-Witango:
<@VERSION> <@PLATFORM><@CRLF>Cache-Control: no-cache, max-age=0,
must-revalidate, proxy-revalidate<@CRLF>Pragma:
no-cache<@CRLF><@USERREFERENCECOOKIE><@CRLF>">

was what I set, per Scott, and kaboom goes the webstar plug-in.
(not the witango server or webstar, but the plug-in seems to crash all
by itself)


On Tuesday, October 7, 2003, at 06:24 PM, Ben Johansen wrote:

> Can we see an example of how your are setting the header?
> This can be really persnickety ;-)
> Not saying you are doing any wrong, just interested
>
> Ben Johansen - http://www.pcforge.com
> -Authorized WiTango Reseller
>  http://www.pcforge.com/WitangoGoodies.htm
> -Authorized Alt-N Reseller
>  http://www.pcforge.com/AltN.htm
>
> -----Original Message-----
> From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 07, 2003 5:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Witango-Talk: resetting userreferencecookie
>
>
> ah,
> setting header causes plug-in crash..... (which is where I started)
> (and bug report form to witango has a bug in it so submit don't work)
>
> On Tuesday, October 7, 2003, at 05:48 PM, Bill Conlon wrote:
>
>> After assigning a null string to the cookie sent it to the browser in
>> a
>> custom HTTP header.
>>
>> This will clear the session cookie at the client.
>>
>> Presumably you will simultaneously do a 301 redirect to a login page
>> to
>> cause the hijacked/tailgated user to login and obtain a valid session
>> cookie.
>>
>> <@PURGERESULTS>
>> <@ASSIGN cookie$Witango_UserReference VALUE="">
>> <@ASSIGN NAME="httpHeader" SCOPE="request" VALUE="HTTP/1.1 302
>> <@crlf>Location:
>> login.taf<@crlf><@USERREFERENCECOOKIE><@SETCOOKIES><@crlf><@crlf>">
>>
>>> Normally you would just set the value to nothing
>>> <@ASSIGN cookie$Witango_UserReference VALUE="">
>>>
>>> The problem here is Witango is going to place a new value in there
>>>
>>> So you best bet is to place a value in there like
>>> <@ASSIGN cookie$Witango_UserReference VALUE="HiMom">
>>>
>>>
>>> Ben Johansen - http://www.pcforge.com
>>> Authorized Witango & MDaemon Reseller
>>> Available for Witango Developement
>>>
>>>
>>> -----Original Message-----
>>> From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
>>> Sent: Tuesday, October 07, 2003 12:46 PM
>>> To: [EMAIL PROTECTED]
>>> Subject: Re: Witango-Talk: resetting userreferencecookie
>>>
>>> you can't?
>>>
>>> I see that the altuserkey is set at <@CGIPARAM CLIENT_IP> and deleted
>>> it, figuring that it was keeping sessions alive that way, but it
>>> didn't
>>>
>>> work.
>>>
>>> So how do you kill a session cookie? Can you purge it?
>>>
>>>
>>> On Tuesday, October 7, 2003, at 12:36 PM, Ben Johansen wrote:
>>>
>>>> Ok,
>>>> My post from my other server didn't make it through.
>>>> to change the Witango_UserReference cookie you can't uses the
>>>> EXPIRES
>>>> because it is a session cookie
>>>>
>>>> Ben Johansen
>>>>
>>>> -----Original Message-----
>>>> From:      Roland A. Dumas [SMTP:[EMAIL PROTECTED]
>>>> Sent:      Tuesday, October 07, 2003 12:31 PM
>>>> To:        [EMAIL PROTECTED]
>>>> Subject:   Re: Witango-Talk: resetting userreferencecookie
>>>>
>>>> Thanks
>>>> I figured I should be able to set @@cookie$witango_userreference to
>>>> expire and have witango server create a new one on the spot, but
>>>> there
>>>> seems to be something very persistent about it. jest won't die.
>>>>
>>>> hmmm.. maybe Fergal knows
>>>>
>>>>
>>>> On Tuesday, October 7, 2003, at 12:19 PM, Ben Johansen wrote:
>>>>
>>>>> I have been trying with my testautocookie.taf and seeing the same
>>>>> thing
>>>>>
>>>>> I have been looking at it and wanted you to know that there was
>>>>> someone looking at itJ
>>>>>
>>>>>
>>>>>
>>>>> Ben Johansen - http://www.pcforge.com
>>>>> Authorized Witango & MDaemon Reseller
>>>>> Available for Witango Developement
>>>>>
>>>>> -----Original Message-----
>>>>> From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
>>>>> Sent: Tuesday, October 07, 2003 12:11 PM
>>>>> To: [EMAIL PROTECTED]
>>>>> Subject: Witango-Talk: resetting userreferencecookie
>>>>>
>>>>>
>>>>>
>>>>> If I try to rub out the userreference cookie thusly, it comes right
>>>>> back. How can I kill it and reset in the same request?
>>>>>
>>>>> @ASSIGN name="Witango_userreference" scope=cookie value="now"
>>>>> expires="Tue, 07-Oct-03 00:00:00 GMT ">
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> _____________________________________________________________________
>>> _
>>> _
>>>> _
>>>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf << File:
>>>> ATT00004.att >>
>>>>
>>>>
>>> _____________________________________________________________________
>>> _
>>> _
>>>> _
>>>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>>>>
>>>
>>> _____________________________________________________________________
>>> _
>>> __
>>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>>>
>>>
>>> _____________________________________________________________________
>>> _
>>> __
>>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>>>
>>
>>
>> Bill Conlon
>>
>> To the Point
>> 345 California Avenue Suite 2
>> Palo Alto, CA 94306
>>
>> office: 650.327.2175
>> fax:    650.329.8335
>> mobile: 650.906.9929
>> e-mail: mailto:[EMAIL PROTECTED]
>> web:    http://www.tothept.com
>>
>>
>> ______________________________________________________________________
>> _
>> _
>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>>
>
> _______________________________________________________________________
> _
> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>
>
> _______________________________________________________________________
> _
> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
>

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

Attachment: TestURBlank.taf
Description: Binary data

Reply via email to