Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes in
two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a route to
achieve this in my code....
Many thanks
Jason
18  2471 
You would just have to use cookies to remember them.
Keep in mind though, that anyone who uses that computer will have access to
the pages also.
Bob Lehmann
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes
in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a route
to achieve this in my code....
Many thanks
Jason
As has been mentioned already, you'd most likely need to use cookies for
this.
However, what you are wanting to do is not reccomended as it would be a huge
security risk (partially due to the fact, as Bob mentioned, everyone that
used the users computer, would have access to the pages aswell).
Out of interest, why not just have them login each time they want to access
the secure area? (the pages that you want protected could easily check to
make sure they are permitted (either via a session ID, or a cookie) and if
permitted, allow them access... if not, direct them to the login page)
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes
in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a route
to achieve this in my code....
Many thanks
Jason
Thanks,Yip, I guessed cookies was the answer....but what about these curve
balls:
1. Cookies off....will the user then be presented with login screen...I am
only interested in email - not password.
2. Where does one exactly establish the cookies in the script...is this the
same as using Session Variables? But I thought
session variables were time-specific ie they only lasted by default for 20
minutes for a user.....
3. I remember testing cookies a while back in my code and I found it
frustrating that I had to delete cookies off internet options
whenever I changed some code....is there a better way to test the
applications, without cookies becoming a liability during the testing
process?
Really appeciate advice...
- Jason
"Bob Lehmann" <none> wrote in message
news:uN******** ******@TK2MSFTN GP12.phx.gbl... You would just have to use cookies to remember them.
Keep in mind though, that anyone who uses that computer will have access
to the pages also.
Bob Lehmann
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a
route to achieve this in my code....
Many thanks
Jason
Hi Steven - many thanks for response....
This the the crux of the problem/challenge:
1. I do not need the pages to be pasword protected...onl y USERname or email
address protected....
2. It is not critically important to have a 'heavy' layer of protection over
the pages...we are only concerned with making sure we get some initial
personal
data before the user views any pages and then allow hime unrestricted access
across the site.
3. I am not sure if cookies will mess up eg Aol users who all use the same
IP...probably a stupid question as a cookie records a user browser ID right.
nothing to do with IP?
4. Our internal yacht brokers would have a spasm if customers had to log in
to each page after they sent them a web link...they want easy access for
users....
5. Although I am concerned with a two users using the same machine....I
think this is an acceptable risk....
Could you offer any more pointers or advice relating to the above...
Many thanks
Jason
"Steven Burn" <pv*@noyb.com > wrote in message
news:ur******** ******@TK2MSFTN GP10.phx.gbl... As has been mentioned already, you'd most likely need to use cookies for
this.
However, what you are wanting to do is not reccomended as it would be a
huge security risk (partially due to the fact, as Bob mentioned, everyone that
used the users computer, would have access to the pages aswell).
Out of interest, why not just have them login each time they want to
access the secure area? (the pages that you want protected could easily check to
make sure they are permitted (either via a session ID, or a cookie) and if
permitted, allow them access... if not, direct them to the login page)
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a
route to achieve this in my code....
Many thanks
Jason
ps: Maybe I misintrepted your suggestion.
Scenario
Secure Page with a script that checks to see if a session or cookie is
present for that user.....
Yes - send him directly to page without logging in
No - send him to Username login screen (ie Prompt for email only)
Correct?
But what about :
1. Expiry date of session variables - easy to change, like cookies?
2. If one uses cookies or session variables are you not essentially
compromising security if two users are using the same machine as mentioned
in previous posts?
3. Which is better Sessions or cookies? one is client side and one is server
side.....I see this suggested client side solution.... http://www.com-it.net.au/tutorials/j...pt/cookie5.htm
- Jason
"Steven Burn" <pv*@noyb.com > wrote in message
news:ur******** ******@TK2MSFTN GP10.phx.gbl... As has been mentioned already, you'd most likely need to use cookies for
this.
However, what you are wanting to do is not reccomended as it would be a
huge security risk (partially due to the fact, as Bob mentioned, everyone that
used the users computer, would have access to the pages aswell).
Out of interest, why not just have them login each time they want to
access the secure area? (the pages that you want protected could easily check to
make sure they are permitted (either via a session ID, or a cookie) and if
permitted, allow them access... if not, direct them to the login page)
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a
route to achieve this in my code....
Many thanks
Jason
The only way I know of that you could do what you are wanting is via
cookies, and to answer one of the questions you put to Bob (Q1), if the user
has cookies disabled..... they're not going to be able to login, period.
Thus you'd need to ensure your visitors had them enabled.
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:O1******** ******@TK2MSFTN GP12.phx.gbl... Hi Steven - many thanks for response....
This the the crux of the problem/challenge:
1. I do not need the pages to be pasword protected...onl y USERname or
email address protected....
2. It is not critically important to have a 'heavy' layer of protection
over the pages...we are only concerned with making sure we get some initial
personal
data before the user views any pages and then allow hime unrestricted
access across the site.
3. I am not sure if cookies will mess up eg Aol users who all use the same
IP...probably a stupid question as a cookie records a user browser ID
right. nothing to do with IP?
4. Our internal yacht brokers would have a spasm if customers had to log
in to each page after they sent them a web link...they want easy access for
users....
5. Although I am concerned with a two users using the same machine....I
think this is an acceptable risk....
Could you offer any more pointers or advice relating to the above...
Many thanks
Jason
"Steven Burn" <pv*@noyb.com > wrote in message
news:ur******** ******@TK2MSFTN GP10.phx.gbl... As has been mentioned already, you'd most likely need to use cookies for
this.
However, what you are wanting to do is not reccomended as it would be a
huge security risk (partially due to the fact, as Bob mentioned, everyone
that used the users computer, would have access to the pages aswell).
Out of interest, why not just have them login each time they want to
access the secure area? (the pages that you want protected could easily check
to make sure they are permitted (either via a session ID, or a cookie) and
if permitted, allow them access... if not, direct them to the login page)
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl... Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he
comes in two weeks later or comes directly to that page via an email link.
This scenario seems built on the Amazon model of the 'gold box' which
automatically remembers you through cookies.
If the user does not have cookies he has to re-login.
Can anyone help me identify a 3rd party product that does this or a
route to achieve this in my code....
Many thanks
Jason
Inline.......
<ja***@catamara nco.com> wrote in message
news:ey******** ******@tk2msftn gp13.phx.gbl... ps: Maybe I misintrepted your suggestion.
Scenario
Secure Page with a script that checks to see if a session or cookie is
present for that user.....
Yes - send him directly to page without logging in
No - send him to Username login screen (ie Prompt for email only)
Correct?
</snip>
Yes
<snip> But what about:
1. Expiry date of session variables - easy to change, like cookies?
</snip>
Session timeouts can be controlled either directly from the server, or in
the page(s) that uses them, so your not lumbered with the default 20 mins or
whatever.
<snip> 2. If one uses cookies or session variables are you not essentially
compromising security if two users are using the same machine as mentioned
in previous posts?
<snip>
Not if you assign them based on session ID's
Place the following into a .asp file and open the page in 2 browser windows.
You'll notice they have different session ID's
<%
Response.Write Session.Session ID
%>
</snip> 3. Which is better Sessions or cookies? one is client side and one is
server side.....I see this suggested client side solution....
<snip>
I personally hate using cookies, so tend to stick with sessions......
(though even sessions require cookies be enabled)
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
But could you not redirect them to the login page if cookies were disabled
and default to basic login in via asp checking user name against the
database?
"Steven Burn" <pv*@noyb.com > wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. The only way I know of that you could do what you are wanting is via
cookies, and to answer one of the questions you put to Bob (Q1), if the
user has cookies disabled..... they're not going to be able to login, period.
Thus you'd need to ensure your visitors had them enabled.
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:O1******** ******@TK2MSFTN GP12.phx.gbl... Hi Steven - many thanks for response....
This the the crux of the problem/challenge:
1. I do not need the pages to be pasword protected...onl y USERname or email address protected....
2. It is not critically important to have a 'heavy' layer of protection
over the pages...we are only concerned with making sure we get some initial
personal
data before the user views any pages and then allow hime unrestricted
access across the site.
3. I am not sure if cookies will mess up eg Aol users who all use the
same IP...probably a stupid question as a cookie records a user browser ID
right. nothing to do with IP?
4. Our internal yacht brokers would have a spasm if customers had to log
in to each page after they sent them a web link...they want easy access for
users....
5. Although I am concerned with a two users using the same machine....I
think this is an acceptable risk....
Could you offer any more pointers or advice relating to the above...
Many thanks
Jason
"Steven Burn" <pv*@noyb.com > wrote in message
news:ur******** ******@TK2MSFTN GP10.phx.gbl... As has been mentioned already, you'd most likely need to use cookies
for this.
However, what you are wanting to do is not reccomended as it would be
a huge security risk (partially due to the fact, as Bob mentioned, everyone
that used the users computer, would have access to the pages aswell).
Out of interest, why not just have them login each time they want to
access the secure area? (the pages that you want protected could easily check to make sure they are permitted (either via a session ID, or a cookie)
and if permitted, allow them access... if not, direct them to the login page)
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
<ja***@catamara nco.com> wrote in message
news:u0******** ******@TK2MSFTN GP10.phx.gbl...
> Please help.
>
> After a number of wrong turns and experiments I need advice on login
> management system to secure our web pages without inconveniencing
our > visitors or our internal staff.
>
> What I need:
>
> A system whereby the user only has to register ONCE and he will have
> automatic entry to ANY page without havinto to RE-LOGIN even if he
comes in
> two weeks later or comes directly to that page via an email link.
>
> This scenario seems built on the Amazon model of the 'gold box'
which > automatically remembers you through cookies.
>
> If the user does not have cookies he has to re-login.
>
> Can anyone help me identify a 3rd party product that does this or a
route to
> achieve this in my code....
>
> Many thanks
> Jason
>
>
Inline ......
<ja***@catamara nco.com> wrote in message
news:eY******** ******@TK2MSFTN GP09.phx.gbl... Thanks,Yip, I guessed cookies was the answer....but what about these curve
balls:
1. Cookies off....will the user then be presented with login screen...I am
only interested in email - not password.
<snip>
If cookies are disabled, they'll not be able to login.... period.
<snip> 2. Where does one exactly establish the cookies in the script...is this
the same as using Session Variables?
</snip>
Beginning of your page......
<snip> But I thought session variables were time-specific ie they only lasted by
default for 20 minutes for a user.....
<snip>
You can change this in either;
1. The server settings
2. The page(s) that uses them
<snip> 3. I remember testing cookies a while back in my code and I found it
frustrating that I had to delete cookies off internet options
whenever I changed some code....is there a better way to test the
applications, without cookies becoming a liability during the testing
process?
I personally detest cookies as they're a royal pain in the backside but to
answer your question.... No.
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: |
last post by:
Which of these scenarios is better:
A
--
User Registers and is returned to the login screen to test his new username
ie (email address). A login script checks user name against database.
and asigns him a cookie id with an expiration date 30 days in the future
from Date(Now). He is automaticaly redirected to his initial requested
target URL.
|
by: John |
last post by:
I am writing some JavaScript code and need to write one set of code if on a standard page and a different set if on a secure page.
Does anyone know if there is a JavaScript function that tests for this?
Thanks,
Don
|
by: a_ahsan786 |
last post by:
I am stuck and I need some help solving this problem.
I have this code in CURL & PHP to login to secure page and collect XML
data which works fine using PHP. Now I am migrating to ASP and I need
to convert this code to XML. This code actually logs into secure page
and collects data.
$ch =
curl_init("https://partners.enta.net/xml/ADSLChecker.php?PhoneNo=$phonenum");
|
by: Normie Smith |
last post by:
Hello...
I have a strange situation happening, and I thought maybe I could get some assistance.
I have created a simple user control (.ascx) file that's part of my default.aspx page. The user control contains a link button control, such as:
<asp:LinkButton id="idLinkButtonopenAll" runat="server">open all</asp:LinkButton>
Then in my code-behind file, I have it's event handler, such as:
|
by: Iulian Ionescu |
last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/
All works ok, but, when I transfer to one of the pages on the secure directory all gets lost. First of all, I had to basically duplicate my web application assembly in the secure folder. I created a "secureWrapper" solution and I added the main web application as a reference,...
| | |
by: Eric |
last post by:
I got a particular problem in visual studio 2005
There's a user control on page and I want to meka a cast like this
MyPage mp=(MyPage)this.Page;
Error is : cannot cast from ASP.mypage_blalala_aspx to MyPage.
Stupid namespace ASP doesn't have that class name.
I can't even put any base classes to that crazy App_Code folder
to get the class reference. Am I doing something wrong?
All I want to do is during click to access a mainpage...
|
by: tshad |
last post by:
I have a problem with a page I am trying to secure. It has a flash object
as well as a couple of 3rd party objects used for tracking use of the page.
I keep getting a message saying that there are unsecure items on the page.
I assume this is because of some absolute URL paths. But one of them
doesn't cause the problem and it also has an absolute URL in it.
The first 2 cause an error:...
|
by: pveena |
last post by:
Hi,
I am new to php. I have two pages.one is login page other is details page.
When user enter detaisl page directly in URL i want to redirect to login page then login success it should go to detaisl page.
Could any one help me out.
I tried using a variable declaring , assigning in login page.
checking the value in details page.
but i am getting error as variable not defined if open directly details page.
|
by: Leen |
last post by:
in this page, the user must specify his username and his password, then it supports diverse on 'login'. but there is a fault. sentence after the welcome, he said: "Undefined index: prenom, nompere, nom". Why?u can help me...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php
session_start();
if(isset($_POST))
{
$_session=$_POST;
include("MySQLConnection.php");
$sql= "Select *...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
