Re: Witango-Talk: resetting userreferencecookie

Wed, 08 Oct 2003 13:40:43 -0700

Your header is working at preventing caching and doesn't cause the crashes I was experiencing. Now I have to go back and figure out what I did that was so reliable at causing the crash. It was trivially different.


On Tuesday, October 7, 2003, at 11:40 PM, Ben Johansen wrote:

Ok
Here is a brute force taf
Ok I sent it in taf form because these things are so sensitive to extra
spaces and crlfs it was just easier

Note: taf is in T2k if you want to using it in v5 then change the header to
set
Witango_UserReference instead of Tango_UserReference
and save it out in v5.

Give this a try

--Within the <pre below is the output of this taf--
<pre>

HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Wed, 08 Oct 2003 06:37:58 GMT
Connection: close
Set-Cookie: Tango_UserReference=HiTher; path=/;
Cache-Control: no-cache
Cache-Control: post-check=0,pre-check=0
Cache-Control: max-age=0
Pragma: no-cache
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
        <TITLE>Test UR Blank</TITLE>
</HEAD>
<BODY>
<H2 ALIGN=LEFT>Test UR Blank</H2>
</BODY>
</HTML>

</pre>

Ben Johansen - http://www.pcforge.com
-Authorized WiTango Reseller
 http://www.pcforge.com/WitangoGoodies.htm
-Authorized Alt-N Reseller
 http://www.pcforge.com/AltN.htm

-----Original Message-----
From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 6:34 PM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: resetting userreferencecookie


Hey, I'll readily admit that I'm doing something wrong. That's usually
the easiest path:

was trying to set cache expiry and:

<@ASSIGN request$httpHeader VALUE="HTTP/1.1 <@HTTPSTATUSCODE>
<@HTTPREASONPHRASE><@CRLF>Content-Type: text/html<@CRLF>X-Witango:
<@VERSION> <@PLATFORM><@CRLF>Cache-Control: no-cache, max-age=0,
must-revalidate, proxy-revalidate<@CRLF>Pragma:
no-cache<@CRLF><@USERREFERENCECOOKIE><@CRLF>">

was what I set, per Scott, and kaboom goes the webstar plug-in.
(not the witango server or webstar, but the plug-in seems to crash all
by itself)


On Tuesday, October 7, 2003, at 06:24 PM, Ben Johansen wrote:

Can we see an example of how your are setting the header?
This can be really persnickety ;-)
Not saying you are doing any wrong, just interested

Ben Johansen - http://www.pcforge.com
-Authorized WiTango Reseller
 http://www.pcforge.com/WitangoGoodies.htm
-Authorized Alt-N Reseller
 http://www.pcforge.com/AltN.htm

-----Original Message-----
From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 5:54 PM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: resetting userreferencecookie


ah,
setting header causes plug-in crash..... (which is where I started)
(and bug report form to witango has a bug in it so submit don't work)

On Tuesday, October 7, 2003, at 05:48 PM, Bill Conlon wrote:

After assigning a null string to the cookie sent it to the browser in
a
custom HTTP header.

This will clear the session cookie at the client.

Presumably you will simultaneously do a 301 redirect to a login page
to
cause the hijacked/tailgated user to login and obtain a valid session
cookie.

<@PURGERESULTS>
<@ASSIGN cookie$Witango_UserReference VALUE="">
<@ASSIGN NAME="httpHeader" SCOPE="request" VALUE="HTTP/1.1 302
<@crlf>Location:
login.taf<@crlf><@USERREFERENCECOOKIE><@SETCOOKIES><@crlf><@crlf>">

Normally you would just set the value to nothing
<@ASSIGN cookie$Witango_UserReference VALUE="">

The problem here is Witango is going to place a new value in there

So you best bet is to place a value in there like
<@ASSIGN cookie$Witango_UserReference VALUE="HiMom">


Ben Johansen - http://www.pcforge.com
Authorized Witango & MDaemon Reseller
Available for Witango Developement


-----Original Message-----
From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 12:46 PM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: resetting userreferencecookie

you can't?

I see that the altuserkey is set at <@CGIPARAM CLIENT_IP> and deleted
it, figuring that it was keeping sessions alive that way, but it
didn't

work.

So how do you kill a session cookie? Can you purge it?


On Tuesday, October 7, 2003, at 12:36 PM, Ben Johansen wrote:

Ok,
My post from my other server didn't make it through.
to change the Witango_UserReference cookie you can't uses the
EXPIRES
because it is a session cookie

Ben Johansen

-----Original Message-----
From:   Roland A. Dumas [SMTP:[EMAIL PROTECTED]
Sent:   Tuesday, October 07, 2003 12:31 PM
To:     [EMAIL PROTECTED]
Subject:        Re: Witango-Talk: resetting userreferencecookie

Thanks
I figured I should be able to set @@cookie$witango_userreference to
expire and have witango server create a new one on the spot, but
there
seems to be something very persistent about it. jest won't die.

hmmm.. maybe Fergal knows


On Tuesday, October 7, 2003, at 12:19 PM, Ben Johansen wrote:

I have been trying with my testautocookie.taf and seeing the same
thing

I have been looking at it and wanted you to know that there was
someone looking at itJ



Ben Johansen - http://www.pcforge.com
Authorized Witango & MDaemon Reseller
Available for Witango Developement

-----Original Message-----
From: Roland A. Dumas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 12:11 PM
To: [EMAIL PROTECTED]
Subject: Witango-Talk: resetting userreferencecookie



If I try to rub out the userreference cookie thusly, it comes right
back. How can I kill it and reset in the same request?

@ASSIGN name="Witango_userreference" scope=cookie value="now"
expires="Tue, 07-Oct-03 00:00:00 GMT ">





____________________________________________________________________ _
_
_ 
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf << File:
ATT00004.att >>


____________________________________________________________________ _
_
_ 
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


____________________________________________________________________ _
_
__
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


____________________________________________________________________ _
_
__
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf



Bill Conlon

To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306

office: 650.327.2175
fax:    650.329.8335
mobile: 650.906.9929
e-mail: mailto:[EMAIL PROTECTED]
web:    http://www.tothept.com


_____________________________________________________________________ _
_
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


______________________________________________________________________ _
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


______________________________________________________________________ _
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


_______________________________________________________________________ _
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

_______________________________________________________________________ _
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf<TestURBlank.taf> 

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

Reply via email to