RE: Witango-Talk: Internal IP Address as client IP

[Tom Ferguson]

"...teach the GOV..."   Good luck with that, Ben  :) From: Ben Johansen [mailto:[EMAIL PROTECTED] Sent: Thursday, June 08, 2006 04:31 To: witango-talk@witango.com Subject: Re: Witango-Talk: Internal IP Address as client IP Maybe someone needs to teach the GOV what the word "SESSION" means ;-) Ben On Jun 8, 2006, at 12:56 PM, John McGowan wrote: I love the government. The W3C folks should have given session "cookies" a completely different name. Something that doesn't sound a "threatening" as cookie. So irrational organization like our federal government wouldn't create silly policies disallowing the use of them. (they can try to get ISPs to keep a log of every packet that goes through their routers, but don't store some random string in memory as we communicate with a web server that we initiated communications with) What would be a good name that accurately reflects the temporary nature of a session cookie.... what's just as yummy, more useful and doesn't last as long as a normal cookie? /John Dale Graham wrote: Yes but some of us (I work for Federal Gov't) are not actually *allowed* to use cookies.... so when you have those constraints, and need to make sure session variables are saved.... you're kind of stuck. On Jun 8, 2006, at 2:08 PM, Robert Garcia wrote: Yes, but that doesn't solve any of the issues that arise from using it in a url, you have the same issues, when you don't just use the cookie methods. -- Robert Garcia President - BigHead Technology VP Application Development - eventpix.com 13653 West Park Dr Magalia, Ca 95954 ph: 530.645.4040 x222 fax: 530.645.4040 [EMAIL PROTECTED] - [EMAIL PROTECTED] http://bighead.net/ - http://eventpix.com/ On Jun 8, 2006, at 4:48 AM, Dale Graham wrote: You can also pass UserReferenceArgument as a hidden argument, which drops it out of the URL... I believe it must be in this form <input type="hidden" name="_userReference" value="<@UserReferenceArgument>"> If I am in error on the format, someone on the list more knowledgeable can correct this ..... On Jun 7, 2006, at 12:09 PM, GEzra wrote: Folks I'm dealing with do not like cookies, candies or anything sweet - spent a lot of time making sure that I was passing userref in the url to avoid cookies. I'm just gonna see if my isp can do something about their router, unless my xserve is doing this NAT, even though its turned off. Thanks for your help on this Dave, William & Robert! Ezra On 2-Jun-06, at 4:23 AM, Robert Garcia wrote: Yes, they are in the URI, you can see in the log: _function=validate_user&_UserReference=58FA321F03B02D3E447F5B62 Remove userreference from URI, and only use cookies. -- Robert Garcia President - BigHead Technology VP Application Development - eventpix.com 13653 West Park Dr Magalia, Ca 95954 ph: 530.645.4040 x222 fax: 530.645.4040 [EMAIL PROTECTED] - [EMAIL PROTECTED] http://bighead.net/ - http://eventpix.com/ On Jun 1, 2006, at 8:35 PM, William M Conlon wrote: Are the userref's in the URI? That would allow them to be shared. Look in the archive on session hijacking. On Jun 1, 2006, at 7:37 PM, GEzra wrote: Hello all! I looked at my witango log today and it seems like the same userreference was assigned to two different users, seconds apart while both were accessing diff. apps. What's so odd is that the server address of xxx.xxx.xxx.xxx is being logged as the clients ip. How can this be? 01/06/2006 14:27:19 xxx.xxx.xxx.xxx [EMAIL PROTECTED] 25272320 1 1 [Application File] START /apps/login.taf WitangoServer _function=validate_user&_UserReference=58FA321F03B02D3E447F5B62 01/06/2006 14:27:44 xxx.xxx.xxx.xxx [EMAIL PROTECTED] 25310208 1 0 [Application File] START /apps/login.taf WitangoServer _function=validate_user&_UserReference=58FA321F03B02D3E447F5B62 Any ideas? thanks, Ezra ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf Bill William M. Conlon, P.E., Ph.D. To the Point 345 California Avenue Suite 2 Palo Alto, CA 94306 vox: 650.327.2175 (direct) fax: 650.329.8335 mobile: 650.906.9929 e-mail: mailto:[EMAIL PROTECTED] web: http://www.tothept.com ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf -- John McGowan [EMAIL PROTECTED] P 847.608.6900 x 110 F 847.608.9501 ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf