|
Next: Looking Reliable, multi browser 2 clo and 3 col l..
|
| Author |
Message |
External
Since: Feb 13, 2004
Posts: 1104
|
(Msg. 31) Posted: Wed Jul 19, 2006 10:01 am
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: alt>www>webmaster, others (more info?)
|
|
|
|
|
| Back to top |
|
 | |
External
Since: Feb 06, 2006
Posts: 126
|
(Msg. 32) Posted: Wed Jul 19, 2006 10:02 am
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Jerry Stuckle" <jstucklex.DeleteThis@attglobal.net> wrote in message
news:AvWdnQdRgs0vAyDZnZ2dnUVZ_vGdnZ2d@comcast.com...
>> Have you ever tried to steal a house? It's a pain, escapecially getting
>> it
>> on the truck.
>>
>> Grtz,
>
> Nonsense. All you need is a really good two-wheeler and 3,000 friends.
>
Jerry,
We're all geeks... we don't even have 3,000 friends between us... In fact we
probably *are* our friends!
CJM |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1507
|
(Msg. 33) Posted: Wed Jul 19, 2006 10:02 am
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
CJM wrote:
> "Jerry Stuckle" <jstucklex.TakeThisOut@attglobal.net> wrote in message
> news:AvWdnQdRgs0vAyDZnZ2dnUVZ_vGdnZ2d@comcast.com...
>
>
>>>Have you ever tried to steal a house? It's a pain, escapecially getting
>>>it
>>>on the truck.
>>>
>>>Grtz,
>>
>>Nonsense. All you need is a really good two-wheeler and 3,000 friends.
>>
>
>
> Jerry,
>
> We're all geeks... we don't even have 3,000 friends between us... In fact we
> probably *are* our friends!
>
> CJM
>
>
Good point!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.TakeThisOut@attglobal.net
================== >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Nov 07, 2003
Posts: 366
|
(Msg. 34) Posted: Wed Jul 19, 2006 12:01 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: alt>www>webmaster (more info?)
|
|
|
Jerry Stuckle wrote:
> Beauregard T. Shagnasty wrote:
>> In alt.www.webmaster, Jerry Stuckle wrote:
>>
>>>Nonsense. All you need is a really good two-wheeler and 3,000 friends.
>>
>> You going to the rally in Essex Junction this weekend?
>>
>> (dreamweaver group snipped)
>
> Sorry, it's a few hundred miles too far for a weekend trip. 
Oh, ok. Well, if you change your mind, I'll see you there. Find me among
the other six thousand BMW riders if you can.
--
-bts
-Hi ho hi ho, it's off to Vermont I go... >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: May 30, 2006
Posts: 452
|
(Msg. 35) Posted: Fri Jul 21, 2006 8:10 am
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Dylan Parry <usenet DeleteThis @dylanparry.com> wrote in news:4ic1jrF33uhpU1
@individual.net:
> Charles Sweeney wrote:
>
> > Ignoramus18860 wrote
> >
> >> session IDs in URLs, a very bad
> >> practice.
> >
> > ?
> >
> > How else can you pass the id if cookies are disabled by the user?
>
> No way that I can think of, but IDs in the URL *are* bad as somebody
> snooping on your session could easily get the ID from the URL and then
> hijack your session, potentially adding billions of pounds worth of
> stuff to a shopping cart and hitting confirm  It wouldn't be nice when
> 7000 copies of "Black Lace: Greatest Hits" arrive through your door the
> next day 
Or any 'Yes' album, for that matter.
--
Karl Groves
www.karlcore.com >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: May 08, 2004
Posts: 953
|
(Msg. 36) Posted: Fri Jul 21, 2006 9:19 am
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 2384
|
(Msg. 37) Posted: Fri Jul 21, 2006 12:37 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: alt>www>webmaster, others (more info?)
|
|
|
ship wrote
>
>
> Hi
>
> Anyone got strong views on REMEMBERING the user?
>
> What is best practice?
>
> Should this be
> - done using a cookie?
> - done using IP number??
> - done in some other clever way
> - not done at all?!
>
> Rumour has it that cookies that last more than one session
> may end up getting banned. In fact some people say that
> cookies should no used AT ALL for anything!!
>
> What does Google do on its email system?
>
> We have a bidding website which requires users to register.
> But how ofren should the be asked to *re-logon* ?!
>
> My guess is that Gmail uses a cookie that only lasts about 1 week??
Hi Ship.
I don't use anything for remembering visitors. Where appropriate they
can log in. Depends on the site/service I suppose.
Cookies. With all the mallware and stuff around, I think people are
getting spooked by cookies. Personally I think they are useful, saves
me selecting a preferred version of a website every time I visit! I
would say though, that if possible, one should give the visitor a choice
over such things.
--
Charles Sweeney
http://CharlesSweeney.com >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 2384
|
(Msg. 38) Posted: Fri Jul 21, 2006 12:39 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: alt>www>webmaster (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 2384
|
(Msg. 39) Posted: Fri Jul 21, 2006 12:48 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: May 08, 2004
Posts: 953
|
(Msg. 40) Posted: Fri Jul 21, 2006 12:48 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
And lo, Charles Sweeney didst speak in alt.www.webmaster:
> ship wrote
>
>> It seems me that logging back in EVERY time you visit a site is a
>> MIGHTY pain!
>
> This discussion is too broad. What if it's a site you visit once a
> month/year?
>
> In any event, if the user is not accepting cookies, they will log in,
> their choice...generally works pretty well as far as I can tell.
You could do like Yahoo! Its cookies practically last forever and if it
finds one on your machine, even if it isn't yours, it will use it until
you try to go somewhere sensitive like Yahoo! Mail or view your portfolios
in Yahoo! Finance. If your cookie is over a certain age, they will ask
you to verify yourself by re-typing your password.
Otherwise, you're always "logged-in" there.
Grey
--
The technical axiom that nothing is impossible sinisterly implies the
pitfall corollary that nothing is ridiculous.
- http://www.greywyvern.com/orca#search - Orca Search: Full-featured
spider and site-search engine >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 1147
|
(Msg. 41) Posted: Fri Jul 21, 2006 2:02 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Charles Sweeney wrote:
> Ignoramus18860 wrote
>
>> session IDs in URLs, a very bad
>> practice.
>
> ?
>
> How else can you pass the id if cookies are disabled by the user?
No way that I can think of, but IDs in the URL *are* bad as somebody
snooping on your session could easily get the ID from the URL and then
hijack your session, potentially adding billions of pounds worth of
stuff to a shopping cart and hitting confirm It wouldn't be nice when
7000 copies of "Black Lace: Greatest Hits" arrive through your door the
next day
--
Dylan Parry - http://electricfreedom.org
A Flower? >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 2384
|
(Msg. 42) Posted: Fri Jul 21, 2006 2:02 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Dylan Parry wrote
> Charles Sweeney wrote:
>
> > Ignoramus18860 wrote
> >
> >> session IDs in URLs, a very bad
> >> practice.
> >
> > ?
> >
> > How else can you pass the id if cookies are disabled by the user?
>
> No way that I can think of, but IDs in the URL *are* bad as somebody
> snooping on your session could easily get the ID from the URL and then
> hijack your session, potentially adding billions of pounds worth of
> stuff to a shopping cart and hitting confirm It wouldn't be nice
when
> 7000 copies of "Black Lace: Greatest Hits" arrive through your door
the
> next day
Hoot!
I was reading about session security recently:
http://uk.php.net/session
Seems the best way for security reasons is to insist on cookies, or use
SSL.
I often use sessions where security is not a big issue (populating a
search form if the users has to return to it, for example) as ever, it
depends on the situation.
--
Charles Sweeney
http://CharlesSweeney.com >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Sep 14, 2004
Posts: 1147
|
(Msg. 43) Posted: Fri Jul 21, 2006 2:15 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Jan 25, 2005
Posts: 345
|
(Msg. 44) Posted: Fri Jul 21, 2006 8:10 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 21 Jul 2006 13:37:00 GMT, Charles Sweeney put finger to keyboard
and typed:
>Dylan Parry wrote
>>
>> No way that I can think of, but IDs in the URL *are* bad as somebody
>> snooping on your session could easily get the ID from the URL and then
>> hijack your session, potentially adding billions of pounds worth of
>> stuff to a shopping cart and hitting confirm It wouldn't be nice
>when
>> 7000 copies of "Black Lace: Greatest Hits" arrive through your door
>the
>> next day
>
>Hoot!
>
>I was reading about session security recently:
>
>http://uk.php.net/session
>
>Seems the best way for security reasons is to insist on cookies, or use
>SSL.
>
>I often use sessions where security is not a big issue (populating a
>search form if the users has to return to it, for example) as ever, it
>depends on the situation.
I'm happy with sessions for a shopping cart, provided that the data is
transferred to a secure connection before the customer confirms the
price and enters their card details. That way, if the improbable event
of a session being hijacked should happen, the genuine customer has a
chance to back out before committing to pay for goods they didn't
want.
It's not particularly difficult to write your code in such a way that
a session ID left in a published URL (eg, if someone with cookies
disabled decides to firstly visit your shop and then post a product
link - complete with session id - in their blog or whatever) is
harmless. Any attempt to use a "dead" session should always result in
a new one being generated.
Mark
--
Please give me one! http://www.pleasegivemeone.com >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1507
|
(Msg. 45) Posted: Fri Jul 21, 2006 10:27 pm
Post subject: Re: Remembering website (registered) users - what is best practice?! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Dylan Parry wrote:
> Charles Sweeney wrote:
>
> > Ignoramus18860 wrote
> >
> >> session IDs in URLs, a very bad
> >> practice.
> >
> > ?
> >
> > How else can you pass the id if cookies are disabled by the user?
>
> No way that I can think of, but IDs in the URL *are* bad as somebody
> snooping on your session could easily get the ID from the URL and then
> hijack your session, potentially adding billions of pounds worth of
> stuff to a shopping cart and hitting confirm It wouldn't be nice when
> 7000 copies of "Black Lace: Greatest Hits" arrive through your door the
> next day
>
But if they[re sniffing the packets they can get the session id in the
http headers, also. What's the difference?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex DeleteThis @attglobal.net
================== >> Stay informed about: Remembering website (registered) users - what is best prac.. |
|
| Back to top |
|
| |
FAQ
Profile
Private Messages
Log in
Who needs more than five or six of any album anyway?