I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
What do you folks think about this request? 10 1397
sheldonlg wrote:
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
What do you folks think about this request?
Seems rude to me.
--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
***********************************
Chuck Anderson wrote:
sheldonlg wrote:
>I got an unusual request. One customer wants a password/access made available to a user that is valid for only, say, ten minutes. I know that I can enforce this by having a revalidation of the password every time the user changes a page. This, though, seems like a a lot of overhead in having to make a db call every time a page is changed.
>I also thought about setting a timer for ten minutes, and on firing of that timer unset a session variable that I would have set when the user is given this temporary access. Doing this, I would only have to check at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>
>What do you folks think about this request?
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
sheldonlg wrote:
Chuck Anderson wrote:
>sheldonlg wrote:
>>I got an unusual request. One customer wants a password/access made available to a user that is valid for only, say, ten minutes. I know that I can enforce this by having a revalidation of the password every time the user changes a page. This, though, seems like a a lot of overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of that timer unset a session variable that I would have set when the user is given this temporary access. Doing this, I would only have to check at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page requiring password access anyway, right? So store the login time in a session variable and if it has timed out, ... log them out. I don't see the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>>What do you folks think about this request?
Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
...... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
***********************************
Chuck Anderson wrote:
sheldonlg wrote:
>Chuck Anderson wrote:
>>sheldonlg wrote:
I got an unusual request. One customer wants a password/access made available to a user that is valid for only, say, ten minutes. I know that I can enforce this by having a revalidation of the password every time the user changes a page. This, though, seems like a a lot of overhead in having to make a db call every time a page is changed. I also thought about setting a timer for ten minutes, and on firing of that timer unset a session variable that I would have set when the user is given this temporary access. Doing this, I would only have to check at the top of every page that the session variable is set- no big deal.
You need to validate that the user is logged in (session) on every page requiring password access anyway, right? So store the login time in a session variable and if it has timed out, ... log them out. I don't see the problem. Man, it is really trivial after all. Thanks. (Now why didn't I think of such an obvious solution?)
>>>What do you folks think about this request?
Seems rude to me. Huh? I hope you don't mean me. If you mean the client, what he wants to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
But more likely I'll never come back.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>I got an unusual request. One customer wants a password/access made available to a user that is valid for only, say, ten minutes. I know that I can enforce this by having a revalidation of the password every time the user changes a page. This, though, seems like a a lot of overhead in having to make a db call every time a page is changed. I also thought about setting a timer for ten minutes, and on firing of that timer unset a session variable that I would have set when the user is given this temporary access. Doing this, I would only have to check at the top of every page that the session variable is set- no big deal. > You need to validate that the user is logged in (session) on every page requiring password access anyway, right? So store the login time in a session variable and if it has timed out, ... log them out. I don't see the problem.
Man, it is really trivial after all. Thanks. (Now why didn't I think of such an obvious solution?) What do you folks think about this request? > Seems rude to me.
Huh? I hope you don't mean me. If you mean the client, what he wants to do is give a "taste" of the site before the user has to subscribe. You said "I got an unusual request. ........ " And later asked ... "What do you folks think about this request?" So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call ..... had to break away for some reason ..... was simply confused for 8 minutes ..... and then that was it; I don't think I'd be coming back. Restricting usage somehow rather than time at the site seems a better idea.
I agree. Better to give them access to a subset of what's available,
with information on what they're missing.
Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.
But more likely I'll never come back.
Rather intheresting discussion I've found :)
Take a look at this demo :) http://www.l2wh.com/updrop/demo.php
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>>>>>I got an unusual request. One customer wants a password/access made >available to a user that is valid for only, say, ten minutes. I >know that I can enforce this by having a revalidation of the >password every time the user changes a page. This, though, seems >like a a lot of overhead in having to make a db call every time a >page is changed. > I also thought about setting a timer for ten minutes, and on >firing of that timer unset a session variable that I would have set >when the user is given this temporary access. Doing this, I would >only have to check at the top of every page that the session >variable is set- no big deal. >> You need to validate that the user is logged in (session) on every page requiring password access anyway, right? So store the login time in a session variable and if it has timed out, ... log them out. I don't see the problem. > Man, it is really trivial after all. Thanks. (Now why didn't I think of such an obvious solution?) >What do you folks think about this request? >> Seems rude to me. > Huh? I hope you don't mean me. If you mean the client, what he wants to do is give a "taste" of the site before the user has to subscribe.
You said "I got an unusual request. ........ " And later asked ... "What do you folks think about this request?" So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call ..... had to break away for some reason ..... was simply confused for 8 minutes ..... and then that was it; I don't think I'd be coming back. Restricting usage somehow rather than time at the site seems a better idea.
>I agree. Better to give them access to a subset of what's available, with information on what they're missing.
>Plus, there are ways around it - for instance, when my session expires, just create another user (so maybe I have to clear cookies in my browser). And if it requires verification, I can create 5,000 gmail accounts and be there for months.
>But more likely I'll never come back.
Rather intheresting discussion I've found :)
Take a look at this demo :) http://www.l2wh.com/updrop/demo.php
Another bunch of garbage from Anr... He's good at that.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
>Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided?
Why you behave like a troll?
Not trolling. Just calling your garbage what it is.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,
>>Another bunch of garbage from Anr... He's good at that.
You aren't pleased with example i have provided? Why you behave like a troll?
Not trolling. Just calling your garbage what it is.
Prove or shut up your mouth.
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>
AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,
>>>Another bunch of garbage from Anr... He's good at that. You aren't pleased with example i have provided? Why you behave like a troll?
>Not trolling. Just calling your garbage what it is.
Prove or shut up your mouth.
Your words are enough to prove it.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: teenzbutler |
last post by:
I am attempting to password protect some web pages. I have following the instructions within the following article: Microsoft Knowledge Base Article - 301464 - How To Use Simple ASP Code to...
|
by: Arpan |
last post by:
An ASP application retrieves records from a SQL Server database. In the
first page of the application, the user has to enter a password & the
columns retrieved from the DB table depends upon the...
|
by: John Howie |
last post by:
I've found very unusual behavious when using sessions on two different
servers.
I'm using sessions to handle simple log in. When the form submits the
values are checked against a MySQL table. If...
|
by: Eugene Anthony |
last post by:
Is this method of validation for password and username considered to be
secured. In my previous post I was given a solution that uses command
object and the values are parsed by parameters. But the...
|
by: sanbm79 |
last post by:
Hi All,
I am facing a problem in posting Web request with username and password
credentials.
I am working on migrating Java client application to .Net which will send
request to Java servlet.
...
|
by: roshina |
last post by:
Hi
Iam facing a problem in my project, developing a web site for online shopping in ASP on windows XP using IIS server.
All the validations are ok but the new password is not upadated in the data...
|
by: apondu |
last post by:
I'm trying to screen scrape a site that requires a password.
I am using C#.Net, i am new to this and with the information available
around on the internet i just put tht information into the...
|
by: hotflash |
last post by:
Hi All,
I want to creat a script where I will allow user to reset their own password. I have tried different options but don't have any luck. Wonder what I want to do is kinda not valid or not. ...
|
by: jerrydigital |
last post by:
Hi,
I am working on a forgotpassword.asp page. I would like the user to enter their email address, and click submit. Upon submit, an email will be sent to the user's email address provided with...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |