Web Connection
Multisite with same exe - Session problem ?
Gravatar is a globally recognized avatar based on your email address. Multisite with same exe - Session problem ?
  Marcel DESMET
  All
  Mar 8, 2019 @ 04:04am

I thing you have a problem with cookies or you session file.I click reply to another post and I am here with a new post .

The problem was also yesterday

As a reference to another of my post I think it's a bad idea to link cookie on the logon / logoff. Cookies have to stay as long as possible and the logon / logoff must be done in a activity file ( as I do see my other posts )

Just my two cents .. 😉

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Rick Strahl
  Marcel DESMET
  Mar 8, 2019 @ 11:31am

Not sure what you're saying.

Security and timeout are tied between the Session object and the wwUserSecurity class, which stores a cookie to identify the user and track them. Without a cookie that's not possible and the cookie has to have the same expiration quality as the Session otherwise you won't be remembered.

I think the particular issue you're seeing is that you reply to a message, then have to login and maybe don't get pushed back tot he right forum or message after the login is complete.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Marcel DESMET
  Rick Strahl
  Mar 11, 2019 @ 07:47am

Yes that's why you can't do anyting before logon ( like reply to a message ) and after logoff like tracking activity for marketing purpose .. 😃

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Rick Strahl
  Marcel DESMET
  Mar 11, 2019 @ 01:18pm

That's not true. You can't reply yes, but that's by design. You have to be logged in to reply and that's to avoid anonymous posting and spam. I used to allow this before the spam bots got in and posted all sorts of crap.

Marketing tracking is not the job of session. If you want to do that you can by setting your own cookies and tracking them in your requests (in OnProcessInit() most likely). Session and auth have one particular purpose and that is to track user state.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Marcel DESMET
  Rick Strahl
  Mar 11, 2019 @ 01:40pm

Yes I understand but the fact is that we lose the message Id when we login after reply. Of course there is a solution to put hidden var in the logform but if you don't "reset" the session when login you are able to hold the var's in the session table ...

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Rick Strahl
  Marcel DESMET
  Mar 11, 2019 @ 01:42pm

Yes but that's a different bug - that's in the message board forwarding logic. The problem here is that the URL is actually redirected once already before the login form gets a hold of it so it gets the wrong URL. That has to be addressed in the message board.

The login handling in Web Connection captures the old URL before redriecting to the login form normally and should go back to that same URL.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Rick Strahl
  Marcel DESMET
  Mar 11, 2019 @ 01:53pm

I've updated the reply logic to remember the original reply form when forcing a login now.

Found an interesting bug with 1Password though - it looks like 1Password when auto-filling actually reloads the login page with a whole new request which then loses the original URL which nixes the return url logic.

Works when you manually enter the username/password though, so nothing wrong with the actual logic, but the 1Password thing is disconcerting - never noticed that before.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Marcel DESMET
  Rick Strahl
  Mar 11, 2019 @ 02:06pm

Ok great, but on my side I run my Eshop based on your foxpro code since 2004 and maybe you don't remember but you put the invoice id in the session table var's that's why I am a "let the session open" advocate

Gravatar is a globally recognized avatar based on your email address. re: Multisite with same exe - Session problem ?
  Rick Strahl
  Marcel DESMET
  Mar 11, 2019 @ 09:26pm

The shop does something different - it uses a dedicated second cookie to track the customer so if you log out that cookie is still there and you can still track the customer id. That's not the Session's job though.

I suppose we could leave the session active - this will kill the authentication since the values are removed, but the cookie stays.

 CASE UPPER(lcValidUserName) == "LOGOUT"
      IF THIS.cAuthenticationMode == "UserSecurity"
	      THIS.lEnableSessionState = .T. && ensure that session exists
	      Session.SetSessionVar(this.cAuthenticationUserSecurityKey,"")
	      Session.SetSessionVar(this.cAuthenticationUserSecurityKey + "Name","")
	      THIS.lIsAuthenticated = .F.
	      THIS.cAuthenticatedUser = ""
	      this.oUserSecurity = null
	      
		  *** Expire cookie

                  *** COMMENTING THIS HERE IN WWPROCESS LEAVES THE COOKIE
		  * THIS.oResponse.AddCookie(this.cSessionKey,"","/",DATE()-1)	 		  
		  THIS.oResponse.AppendHeader("Authorization","") 		  	
      ELSE
          *** Clear authorization header by forcing to empty
          THIS.oResponse.AppendHeader("Authorization","")      
      ENDIF

But frankly I don't think this is a good idea given all the security and tracking concerns these days. If you say you want to sign out you want to be forgotten, not 'sort of' gone.

+++ Rick ---

© 1996-2019