473,698 Members | 1,952 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Unusual password request

I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.

I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.

What do you folks think about this request?
Jun 2 '08 #1
10 1421
sheldonlg wrote:
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
What do you folks think about this request?
Seems rude to me.

--
*************** **************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****

Jun 2 '08 #2
Chuck Anderson wrote:
sheldonlg wrote:
>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
>I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.

You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)

>
>What do you folks think about this request?

Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
Jun 2 '08 #3
sheldonlg wrote:
Chuck Anderson wrote:
>sheldonlg wrote:
>>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.

You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.

Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>>What do you folks think about this request?

Seems rude to me.

Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"

So ..... what do you think?

Logging someone out after ten minutes seems rude. If I got a phone call
...... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.

--
*************** **************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****

Jun 2 '08 #4
Chuck Anderson wrote:
sheldonlg wrote:
>Chuck Anderson wrote:
>>sheldonlg wrote:

I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I
know that I can enforce this by having a revalidation of the
password every time the user changes a page. This, though, seems
like a a lot of overhead in having to make a db call every time a
page is changed.
I also thought about setting a timer for ten minutes, and on
firing of that timer unset a session variable that I would have set
when the user is given this temporary access. Doing this, I would
only have to check at the top of every page that the session
variable is set- no big deal.

You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.

Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>>>What do you folks think about this request?

Seems rude to me.

Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.

You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?

Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.

Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.

But more likely I'll never come back.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===

Jun 2 '08 #5
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I
know that I can enforce this by having a revalidation of the
password every time the user changes a page. This, though, seems
like a a lot of overhead in having to make a db call every time a
page is changed.
I also thought about setting a timer for ten minutes, and on
firing of that timer unset a session variable that I would have set
when the user is given this temporary access. Doing this, I would
only have to check at the top of every page that the session
variable is set- no big deal.
>
You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)

What do you folks think about this request?
>
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.

You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?

Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
But more likely I'll never come back.
Rather intheresting discussion I've found :)
Take a look at this demo :)
http://www.l2wh.com/updrop/demo.php
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>

Jun 27 '08 #6
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>>I got an unusual request. One customer wants a password/access made
>availabl e to a user that is valid for only, say, ten minutes. I
>know that I can enforce this by having a revalidation of the
>password every time the user changes a page. This, though, seems
>like a a lot of overhead in having to make a db call every time a
>page is changed.
> I also thought about setting a timer for ten minutes, and on
>firing of that timer unset a session variable that I would have set
>when the user is given this temporary access. Doing this, I would
>only have to check at the top of every page that the session
>variable is set- no big deal.
>>
You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.
>
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)

>What do you folks think about this request?
>>
Seems rude to me.
>
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.

You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?

Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
>I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
>Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
>But more likely I'll never come back.

Rather intheresting discussion I've found :)
Take a look at this demo :)
http://www.l2wh.com/updrop/demo.php

Another bunch of garbage from Anr... He's good at that.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===

Jun 27 '08 #7
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>

Jun 27 '08 #8
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
>Another bunch of garbage from Anr... He's good at that.

You aren't pleased with example i have provided?
Why you behave like a troll?

Not trolling. Just calling your garbage what it is.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Jun 27 '08 #9
Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,
>>Another bunch of garbage from Anr... He's good at that.

You aren't pleased with example i have provided?
Why you behave like a troll?

Not trolling. Just calling your garbage what it is.
Prove or shut up your mouth.
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>

Jun 27 '08 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1139
by: teenzbutler | last post by:
I am attempting to password protect some web pages. I have following the instructions within the following article: Microsoft Knowledge Base Article - 301464 - How To Use Simple ASP Code to Password Protect Your ASP Pages. Every thing works fine. The am having a problem figuring out how to add additional usernames and passwords. It appears as though the code is only good for one user. Can anyone help me out. I have pasted the code below....
5
1805
by: Arpan | last post by:
An ASP application retrieves records from a SQL Server database. In the first page of the application, the user has to enter a password & the columns retrieved from the DB table depends upon the password. For e.g. if the password entered is say, pwd1, then that user should be displayed the records of Column1 & Column2 only. If the password entered is say, pwd2, then that user should be displayed the records of Column1 & Column3 only. If...
15
2077
by: John Howie | last post by:
I've found very unusual behavious when using sessions on two different servers. I'm using sessions to handle simple log in. When the form submits the values are checked against a MySQL table. If a match exists two session variables are created: $_SESSION and $_SESSION. Each page checks if the session variable 'db_is_logged_in' is set and is true, display the page otherwise use header to redirect to an error page.
15
9726
by: Eugene Anthony | last post by:
Is this method of validation for password and username considered to be secured. In my previous post I was given a solution that uses command object and the values are parsed by parameters. But the solution only worked well for insert and delete, but not select. <% if Request.QueryString("Action") = 1 then username = Trim(request.form("username")) password = Trim(request.form("password")) if username <> "" and password <> "" then
0
2991
by: sanbm79 | last post by:
Hi All, I am facing a problem in posting Web request with username and password credentials. I am working on migrating Java client application to .Net which will send request to Java servlet. Java Client application code: HttpClient httpclient; httpclient = new HttpClient();
1
7424
by: roshina | last post by:
Hi Iam facing a problem in my project, developing a web site for online shopping in ASP on windows XP using IIS server. All the validations are ok but the new password is not upadated in the data base and also showing a error page. the operating system we used is Windows XP, the source code is ASP, front end we used - HTML and javascript and vb script for validations. the inputs we used are : old pasword :
4
5132
by: apondu | last post by:
I'm trying to screen scrape a site that requires a password. I am using C#.Net, i am new to this and with the information available around on the internet i just put tht information into the code. But still i am not able to achieve what i want to. I have posted the code which i have written, along with the site and the userid ans password
7
3474
by: hotflash | last post by:
Hi All, I want to creat a script where I will allow user to reset their own password. I have tried different options but don't have any luck. Wonder what I want to do is kinda not valid or not. ResetLogin.asp (where user will have to enter their username, old password, and new password). <TR> <TH ALIGN=LEFT> <FONT FACE="HELVETICA,HELV,ARIAL" SIZE=2>&nbsp;&nbsp;User Name: </FONT></TH> <TD><INPUT CLASS="bluebox"...
3
5555
by: jerrydigital | last post by:
Hi, I am working on a forgotpassword.asp page. I would like the user to enter their email address, and click submit. Upon submit, an email will be sent to the user's email address provided with the "password" they registered with. I have posted my code below. However, I get an error on line 31: Message = "You're password is:" & <%=objRS("Password" )%> The input name="email" on the html form that leads to this asp page.
0
8671
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9152
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9016
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8887
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7709
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5858
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4613
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2321
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1997
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.