I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
What do you folks think about this request?
10  1431 
sheldonlg wrote:
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
What do you folks think about this request?
Seems rude to me.
--
*************** **************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****
Chuck Anderson wrote:
sheldonlg wrote:
>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
>I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>
>What do you folks think about this request?
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
sheldonlg wrote:
Chuck Anderson wrote:
>sheldonlg wrote:
>>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>>What do you folks think about this request?
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
...... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
--
*************** **************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****
Chuck Anderson wrote:
sheldonlg wrote:
>Chuck Anderson wrote:
>>sheldonlg wrote:
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I
know that I can enforce this by having a revalidation of the
password every time the user changes a page. This, though, seems
like a a lot of overhead in having to make a db call every time a
page is changed.
I also thought about setting a timer for ten minutes, and on
firing of that timer unset a session variable that I would have set
when the user is given this temporary access. Doing this, I would
only have to check at the top of every page that the session
variable is set- no big deal.
You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>>>What do you folks think about this request?
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
But more likely I'll never come back.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I
know that I can enforce this by having a revalidation of the
password every time the user changes a page. This, though, seems
like a a lot of overhead in having to make a db call every time a
page is changed.
I also thought about setting a timer for ten minutes, and on
firing of that timer unset a session variable that I would have set
when the user is given this temporary access. Doing this, I would
only have to check at the top of every page that the session
variable is set- no big deal.
>
You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
What do you folks think about this request?
>
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
But more likely I'll never come back.
Rather intheresting discussion I've found :)
Take a look at this demo :) http://www.l2wh.com/updrop/demo.php
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>>I got an unusual request. One customer wants a password/access made
>availabl e to a user that is valid for only, say, ten minutes. I
>know that I can enforce this by having a revalidation of the
>password every time the user changes a page. This, though, seems
>like a a lot of overhead in having to make a db call every time a
>page is changed.
> I also thought about setting a timer for ten minutes, and on
>firing of that timer unset a session variable that I would have set
>when the user is given this temporary access. Doing this, I would
>only have to check at the top of every page that the session
>variable is set- no big deal.
>>
You need to validate that the user is logged in (session) on every
page requiring password access anyway, right? So store the login time
in a session variable and if it has timed out, ... log them out. I
don't see the problem.
>
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>What do you folks think about this request?
>>
Seems rude to me.
>
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
>I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
>Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
>But more likely I'll never come back.
Rather intheresting discussion I've found :)
Take a look at this demo :)
http://www.l2wh.com/updrop/demo.php
Another bunch of garbage from Anr... He's good at that.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
>Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
Not trolling. Just calling your garbage what it is.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,
>>Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
Not trolling. Just calling your garbage what it is.
Prove or shut up your mouth.
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: teenzbutler |
last post by:
I am attempting to password protect some web pages. I have following the instructions within the following article: Microsoft Knowledge Base Article - 301464 - How To Use Simple ASP Code to Password Protect Your ASP Pages. Every thing works fine. The am having a problem figuring out how to add additional usernames and passwords. It appears as though the code is only good for one user. Can anyone help me out. I have pasted the code below....
|
by: Arpan |
last post by:
An ASP application retrieves records from a SQL Server database. In the
first page of the application, the user has to enter a password & the
columns retrieved from the DB table depends upon the password. For e.g.
if the password entered is say, pwd1, then that user should be
displayed the records of Column1 & Column2 only. If the password
entered is say, pwd2, then that user should be displayed the records of
Column1 & Column3 only. If...
|
by: John Howie |
last post by:
I've found very unusual behavious when using sessions on two different
servers.
I'm using sessions to handle simple log in. When the form submits the
values are checked against a MySQL table. If a match exists two session
variables are created: $_SESSION and
$_SESSION. Each page checks if the session variable
'db_is_logged_in' is set and is true, display the page otherwise use
header to redirect to an error page.
|
by: Eugene Anthony |
last post by:
Is this method of validation for password and username considered to be
secured. In my previous post I was given a solution that uses command
object and the values are parsed by parameters. But the solution only
worked well for insert and delete, but not select.
<%
if Request.QueryString("Action") = 1 then
username = Trim(request.form("username"))
password = Trim(request.form("password"))
if username <> "" and password <> "" then
|
by: sanbm79 |
last post by:
Hi All,
I am facing a problem in posting Web request with username and password
credentials.
I am working on migrating Java client application to .Net which will send
request to Java servlet.
Java Client application code:
HttpClient httpclient;
httpclient = new HttpClient();
| | |
by: roshina |
last post by:
Hi
Iam facing a problem in my project, developing a web site for online shopping in ASP on windows XP using IIS server.
All the validations are ok but the new password is not upadated in the data base and also showing a error page.
the operating system we used is Windows XP,
the source code is ASP,
front end we used - HTML and
javascript and vb script for validations.
the inputs we used are :
old pasword :
|
by: apondu |
last post by:
I'm trying to screen scrape a site that requires a password.
I am using C#.Net, i am new to this and with the information available
around on the internet i just put tht information into the code.
But still i am not able to achieve what i want to.
I have posted the code which i have written, along with the site and
the userid ans password
|
by: hotflash |
last post by:
Hi All,
I want to creat a script where I will allow user to reset their own password. I have tried different options but don't have any luck. Wonder what I want to do is kinda not valid or not.
ResetLogin.asp (where user will have to enter their username, old password, and new password).
<TR>
<TH ALIGN=LEFT> <FONT FACE="HELVETICA,HELV,ARIAL" SIZE=2> User Name: </FONT></TH>
<TD><INPUT CLASS="bluebox"...
|
by: jerrydigital |
last post by:
Hi,
I am working on a forgotpassword.asp page. I would like the user to enter their email address, and click submit. Upon submit, an email will be sent to the user's email address provided with the "password" they registered with.
I have posted my code below. However, I get an error on line 31:
Message = "You're password is:" & <%=objRS("Password" )%>
The input name="email" on the html form that leads to this asp page.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
