Well, there are 2 issues, but keep in mind I am going from memory.

1. You can't gen a userreference, and you can't fake with an MD5, because witango uses the usereference to tie it to the correct instance of witango in the group.

2. You can't use purge on cookie scope. If I remember correct, you have to write the cooke name with zero data. I would test to be sure, but I am pretty sure you assign cookie value empty string to purge it. Then on subsequent request, witango should assign new userref.

--

Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/

On Mar 15, 2008, at 8:18 AM, William M Conlon wrote:

I wrote a test taf to see what purging the various scopes would do, and the USERREFERENCE is unchanged. So to change it, I would need to generate a new one to replace the cookie from the browser.

What I was looking for was a hook into the witango USERREFERENCE generation scheme. Anyway, it's just a curiousity, I re-worked my thinking.


Bill

William M. Conlon, P.E., Ph.D.
To the Point
2330 Bryant Street
Palo Alto, CA 94301
  vox:  650.327.2175 (direct)
  fax:  650.329.8335
mobile:  650.906.9929
e-mail:  mailto:[EMAIL PROTECTED]
  web:  http://www.tothept.com


On Mar 15, 2008, at 4:17 AM, Robert Garcia wrote:

I think the only way, is to CLEAR the userref cookie, and let witango gen.

--

Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/

On Mar 14, 2008, at 5:48 PM, William M Conlon wrote:

BUT ... userreference WAS received via cookie 'abc'

Bill

On Mar 14, 2008, at 5:46 PM, Ben Johansen wrote:

NO
in the manual

If no user reference number was received
(via the “_userReference” search argument or an HTTP cookie) when
the application file was called, a new number is generated; otherwise, the
number passed in is returned.

so you clear the cookie and when you call a page without a userreference arg it will gen a new one




On Mar 14, 2008, at 5:39 PM, William M Conlon wrote:

No, that would not be a NEW userreference, rather the same userreference that was passed in by cookie.

Here's the flow;

userreference cookie 'abc' is passed to taf
        @@user$id and @@user$somedata is known from user reference 'abc'
        assign @@request$id == @@user$id
        purge user scope variables
        get new user refernence 'def'
        assign user$id = @@request$id and user$somedata = user's new data
        setcookie

Now on subsequent requests the cookie 'def' is used

Bill

William M. Conlon, P.E., Ph.D.
To the Point
2330 Bryant Street
Palo Alto, CA 94301
vox:  650.327.2175 (direct)
fax:  650.329.8335
mobile:  650.906.9929
e-mail:  mailto:[EMAIL PROTECTED]
web:  http://www.tothept.com


On Mar 14, 2008, at 5:30 PM, Ben Johansen wrote:

that would be
<@USERREFERENCE>

<@ASSIGN SCOPE="cookie" NAME="Witango_UserReference" VALUE="<@USERREFERENCE>">.

On Mar 14, 2008, at 5:22 PM, William M Conlon wrote:

I want to tear down a user's session (purging all their variables) and give the user a new session with new user variables and a new userreference.

I'll need to <@ASSIGN SCOPE="cookie" NAME="Witango_UserReference" VALUE="@@request $newUserReference">.

How do I generate @@request$newUserReference on the server so I can set the cookie?

I would like the new UserReference to be generated by the server, rather than by my own home-grown approach, so it isn't subject to replay cracking attempts. For example if I just generated a hash from things I new about the user, someone could conceivably work out the algorithm and generate their own userreference to hijack a session (admittedly unlikely).

I don't want to know how the server generates a new userReference -- I just want to get one.

thanks.

Bill

William M. Conlon, P.E., Ph.D.
To the Point
2330 Bryant Street
Palo Alto, CA 94301
vox:  650.327.2175 (direct)
fax:  650.329.8335
mobile:  650.906.9929
e-mail:  mailto:[EMAIL PROTECTED]
web:  http://www.tothept.com

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf


________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ maillist.taf


________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

Reply via email to