Re: Witango-Talk: Internal IP Address as client IP

[William M Conlon]

How about a 'scoop' as in ice cream, because it melts away when  
you're done.  ;)

bill
On Jun 8, 2006, at 12:56 PM, John McGowan wrote:
I love the government.

The W3C folks should have given session "cookies" a completely  
different name.  Something that doesn't sound a "threatening" as  
cookie.  So irrational organization like our federal government  
wouldn't create silly policies disallowing the use of them.  (they  
can try to get ISPs to keep a log of every packet that goes through  
their routers, but don't store some random string in memory as we  
communicate with a web server that we initiated communications with)

What would be a good name that accurately reflects the temporary  
nature of a session cookie....  what's just as yummy, more useful  
and doesn't last as long as a normal cookie?

/John

Dale Graham wrote:
Yes but some of us (I work for Federal Gov't) are not actually  
*allowed* to use cookies....  so when you have those constraints,  
and need to make sure session variables are saved.... you're kind  
of stuck.

On Jun 8, 2006, at 2:08 PM, Robert Garcia wrote:

Yes, but that doesn't solve any of the issues that arise from  
using it in a url, you have the same issues, when you don't just  
use the cookie methods.

--

Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/

On Jun 8, 2006, at 4:48 AM, Dale Graham wrote:

You can also pass UserReferenceArgument as a hidden argument,  
which drops it out of the URL...

I believe it must be in this form  <input type="hidden"  
name="_userReference" value="<@UserReferenceArgument>">

If I am in error on the format, someone on the list more  
knowledgeable can correct this .....

On Jun 7, 2006, at 12:09 PM, GEzra wrote:

Folks I'm dealing with do not like cookies, candies or anything  
sweet - spent a lot of time making sure that I was passing  
userref in the url to avoid cookies. I'm just gonna see if my  
isp can do something about their router, unless my xserve is  
doing this NAT, even though its turned off.

Thanks for your help on this Dave, William & Robert!

Ezra


On 2-Jun-06, at 4:23 AM, Robert Garcia wrote:

Yes, they are in the URI, you can see in the log:

_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62

Remove userreference from URI, and only use cookies.

--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/

On Jun 1, 2006, at 8:35 PM, William M Conlon wrote:

Are the userref's in the URI?  That would allow them to be  
shared.

Look in the archive on session hijacking.


On Jun 1, 2006, at 7:37 PM, GEzra wrote:

Hello all!

I looked at my witango log today and it seems like the same  
userreference was assigned to two different users, seconds  
apart while both were accessing diff. apps.

What's so odd is that the server address of xxx.xxx.xxx.xxx  
is being logged as the clients ip. How can this be?


01/06/2006 14:27:19 xxx.xxx.xxx.xxx  
[EMAIL PROTECTED] 25272320 1 1  [Application  
File] START               /apps/login.taf WitangoServer   
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62
01/06/2006 14:27:44 xxx.xxx.xxx.xxx  
[EMAIL PROTECTED] 25310208 1 0  [Application  
File] START               /apps/login.taf WitangoServer   
_function=validate_user&_UserReference=58FA321F03B02D3E447F5B62


Any ideas?

thanks,
Ezra
_______________________________________________________________ 
_________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

Bill

William M. Conlon, P.E., Ph.D.
To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306
   vox:  650.327.2175 (direct)
   fax:  650.329.8335
mobile:  650.906.9929
e-mail:  mailto:[EMAIL PROTECTED]
   web:  http://www.tothept.com

________________________________________________________________ 
________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

_________________________________________________________________ 
_______
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

__________________________________________________________________ 
______
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf


___________________________________________________________________ 
_____ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

____________________________________________________________________ 
____ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

_____________________________________________________________________ 
___ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
maillist.taf

-- John McGowan [EMAIL PROTECTED] P 847.608.6900 x 110 F  
847.608.9501  
______________________________________________________________________ 
__ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf