You can change to port 443 (https). This resets the cookie. It might change 
when going to a subdomain too, but I haven't checked this. I have also seen 
instances when the cookie was trashed going into ASP pages and back again. 

Just some rambling thoughts. 


-----Original message-----
From: William M Conlon [EMAIL PROTECTED]
Date: Sat, 15 Mar 2008 11:17:53 -0500
To: [email protected]
Subject: Re: Witango-Talk: getting a new userreference

> I wrote a test taf to see what purging the various scopes would do,  
> and the USERREFERENCE is unchanged.  So to change it, I would need to  > 
> generate a new one to replace the cookie from the browser.
> 
> What I was looking for was a hook into the witango USERREFERENCE  
> generation scheme.  Anyway, it's just a curiousity, I re-worked my  
> thinking.
> 
> 
> Bill
> 
> William M. Conlon, P.E., Ph.D.
> To the Point
> 2330 Bryant Street
> Palo Alto, CA 94301
>     vox:  650.327.2175 (direct)
>     fax:  650.329.8335
> mobile:  650.906.9929
> e-mail:  mailto:[EMAIL PROTECTED]
>     web:  http://www.tothept.com
> 
> 
> On Mar 15, 2008, at 4:17 AM, Robert Garcia wrote:
> 
> > I think the only way, is to CLEAR the userref cookie, and let  
> > witango gen.
> >
> > -- 
> >
> > Robert Garcia
> > President - BigHead Technology
> > VP Application Development - eventpix.com
> > 13653 West Park Dr
> > Magalia, Ca 95954
> > ph: 530.645.4040 x222 fax: 530.645.4040
> > [EMAIL PROTECTED] - [EMAIL PROTECTED]
> > http://bighead.net/ - http://eventpix.com/
> >
> > On Mar 14, 2008, at 5:48 PM, William M Conlon wrote:
> >
> >> BUT ... userreference WAS received via cookie 'abc'
> >>
> >> Bill
> >>
> >> On Mar 14, 2008, at 5:46 PM, Ben Johansen wrote:
> >>
> >>> NO
> >>> in the manual
> >>>
> >>> If no user reference number was received
> >>> (via the “_userReference” search argument or an HTTP cookie) > when
> >>> the application file was called, a new number is generated;  
> >>> otherwise, the
> >>> number passed in is returned.
> >>>
> >>> so you clear the cookie and when you call a page without a  
> >>> userreference arg it will gen a new one
> >>>
> >>>
> >>>
> >>>
> >>> On Mar 14, 2008, at 5:39 PM, William M Conlon wrote:
> >>>
> >>>> No, that would not be a NEW userreference, rather the same  
> >>>> userreference that was passed in by cookie.
> >>>>
> >>>> Here's the flow;
> >>>>
> >>>> userreference cookie 'abc' is passed to taf
> >>>>  @@user$id and @@user$somedata is known from user reference 'abc'
> >>>>  assign @@request$id == @@user$id
> >>>>  purge user scope variables
> >>>>  get new user refernence 'def'
> >>>>  assign user$id = @@request$id and user$somedata = user's new > data
> >>>>  setcookie
> >>>>
> >>>> Now on subsequent requests the cookie 'def' is used
> >>>>
> >>>> Bill
> >>>>
> >>>> William M. Conlon, P.E., Ph.D.
> >>>> To the Point
> >>>> 2330 Bryant Street
> >>>> Palo Alto, CA 94301
> >>>>  vox:  650.327.2175 (direct)
> >>>>  fax:  650.329.8335
> >>>> mobile:  650.906.9929
> >>>> e-mail:  mailto:[EMAIL PROTECTED]
> >>>>  web:  http://www.tothept.com
> >>>>
> >>>>
> >>>> On Mar 14, 2008, at 5:30 PM, Ben Johansen wrote:
> >>>>
> >>>>> that would be
> >>>>> <@USERREFERENCE>
> >>>>>
> >>>>> <@ASSIGN SCOPE="cookie" NAME="Witango_UserReference"  
> >>>>> VALUE="<@USERREFERENCE>">.
> >>>>>
> >>>>> On Mar 14, 2008, at 5:22 PM, William M Conlon wrote:
> >>>>>
> >>>>>> I want to tear down a user's session (purging all their  
> >>>>>> variables) and give the user a new session with new user  
> >>>>>> variables and a new userreference.
> >>>>>>
> >>>>>> I'll need to <@ASSIGN SCOPE="cookie"  
> >>>>>> NAME="Witango_UserReference" > VALUE="@@request$newUserReference">.
> >>>>>>
> >>>>>> How do I generate @@request$newUserReference on the server so  
> >>>>>> I can set the cookie?
> >>>>>>
> >>>>>> I would like the new UserReference to be generated by the  
> >>>>>> server, rather than by my own home-grown approach, so it isn't  > 
> >>>>>> subject to replay cracking attempts.  For example if I just  
> >>>>>> generated a hash from things I new about the user, someone  
> >>>>>> could conceivably work out the algorithm and generate their  
> >>>>>> own userreference to hijack a session (admittedly unlikely).
> >>>>>>
> >>>>>> I don't want to know how the server generates a new  
> >>>>>> userReference -- I just want to get one.
> >>>>>>
> >>>>>> thanks.
> >>>>>>
> >>>>>> Bill
> >>>>>>
> >>>>>> William M. Conlon, P.E., Ph.D.
> >>>>>> To the Point
> >>>>>> 2330 Bryant Street
> >>>>>> Palo Alto, CA 94301
> >>>>>> vox:  650.327.2175 (direct)
> >>>>>> fax:  650.329.8335
> >>>>>> mobile:  650.906.9929
> >>>>>> e-mail:  mailto:[EMAIL PROTECTED]
> >>>>>> web:  http://www.tothept.com
> >>>>>>
> >>>>>> _________________________________________________________________ > 
> >>>>>> _______
> >>>>>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
> >>>>>> maillist.taf
> >>>>>>
> >>>>>
> >>>>> __________________________________________________________________ > 
> >>>>> ______ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
> >>>>> maillist.taf
> >>>> ___________________________________________________________________ > 
> >>>> _____
> >>>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
> >>>>
> >>>
> >>> ____________________________________________________________________ > 
> >>> ____ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/ 
> >>> maillist.taf
> >> _____________________________________________________________________ > 
> >> ___
> >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
> >>
> > ______________________________________________________________________ > 
> > __
> > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
> >
> ________________________________________________________________________
> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
> 
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

Reply via email to