Re: Witango-Talk: Secured User Access

[John McGowan]

could the user be seeing a cached version of the home page or something 
showing them the login form?

Scott Cadillac wrote:

Hi Stephen,

Are your frame SRCs all pointing at the same domain they logged into? 
Remember https://domain.com != https://www.domain.com

Also try removing the <@USERREFERENCEARGUMENT>

I can't help but wonder what else is going on with your frame (or 
related) code (HTML/JavaScript). What you are describing is fairly 
standard stuff, and shouldn't be a problem.

What logic are you using that determines when a user should be "thrown 
back to the login screen" ?

Let us know, when you have a moment. Cheers...



-----Original Message-----
From: Stephen Su <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Wed, 18 Feb 2004 15:32:12 -0500
Subject: Re: Witango-Talk: Secured User Access
 

Scott,

Thank you for your help and advice. I wasn't purposefully vague but  
rather my situation is somewhat alluding me right now.

In short, we have tested multiple versions of the login taf in which we

did everything from separation of the taf itself into various  
components all the way to substituting the frame-set with a single page

taf. The user seems get validated just fine, because we register and  
update their "last visited on" profile. But the frameset page comes  
right after and that's when they are thrown back to the login screen.  
The only way we are able to avoid this is by substituting with a  
non-frame-set page. In each of the "src URL(s)" we do have the  
UserReferenceArgument variable passed.

I hope that's more clear than before. Please let me know if you need to

know more.

Best,
Stephen


On Feb 18, 2004, at 12:48 PM, Scott Cadillac wrote:

   

Hi Stephen,

Please describe in detail what you mean by "but then are kicked back 
out
of the site". This is kind of a vague description of the problem,
     

which
   

will likely lead to some vague answers.

Here's me vague answer:

A trend I'm noticing lately with Home computers over Office ones, is 
the
rapid adoption of Popup and Cookie blocking add-ons for browsers. And
     

   

of
course, people don't know how to properly set them.
For the most part, by default these add-ons compensate for "session-
cookies" so they don't break Sessions necessarily - but if your code
relies on any other kind of cookies, then you're users are in
     

trouble.
   

I say this, because I notice Office computer "policies" are slower to
adopt (or allow install) these kinds of downloadable "free" add-ons.
Lately I've taken to using some of these add-ons myself to make sure
     

my
   

systems keep working. And I noticed two things:

~~ Never rely on standard cookies (session-ccokies are still fine).

~~ Popup window killers are not very smart, and sometimes can't tell 
the
difference between a user-invoked "window.open" and an event-
invoked "window.open" call.

Hope this helps. Cheers....

Scott Cadillac,
403-281-6090 ~ [EMAIL PROTECTED]
------------
XML-Extranet ~ http://xmlx.ca ~ http://forums.xmlx.ca
Well-formed Programming in C# .NET, Witango, MSIE and XML
------------
Witango ~ http://witango.org
EasyXSLT ~ http://easyxslt.ca
IIS Watcher ~ http://iiswatcher.ca
------------
-----Original Message-----
From: Stephen Su <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Wed, 18 Feb 2004 09:10:32 -0500
Subject: Witango-Talk: Secured User Access
     

We have a site completely built on witango that is accessed via. the
"https" gateway. It is built around multiple frames. When people try
       

   

to
login, they seem to make it into our validation process, but then
       

are
   

kicked back out of the site. This happens only on windows machines
       

and
   

mostly on XP. No clients have problem from their office computers,  
most
occurrences only happen at home. Is there a security setting in XP
       

or
   

any of the windows systems that's causing this? Any other common
experiences?
Please advise,
Stephen
       

______________________________________________________________________ 
   

_
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
       

     

_______________________________________________________________________
   

_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
     

_______________________________________________________________________
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
   

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
 

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf