Re: Witango-Talk: Secured User Access

[Stephen Su]

I am pointing to the same domain that their logged into.

I will try a version to remove the <@USERREFERENCEARGUMENT> and see  
what happens.

Best,
Stephen


On Feb 18, 2004, at 4:11 PM, Scott Cadillac wrote:

Hi Stephen,

Are your frame SRCs all pointing at the same domain they logged into?
Remember https://domain.com != https://www.domain.com
Also try removing the <@USERREFERENCEARGUMENT>

I can't help but wonder what else is going on with your frame (or
related) code (HTML/JavaScript). What you are describing is fairly
standard stuff, and shouldn't be a problem.
What logic are you using that determines when a user should be "thrown
back to the login screen" ?
Let us know, when you have a moment. Cheers...



-----Original Message-----
From: Stephen Su <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Wed, 18 Feb 2004 15:32:12 -0500
Subject: Re: Witango-Talk: Secured User Access
Scott,

Thank you for your help and advice. I wasn't purposefully vague but
rather my situation is somewhat alluding me right now.
In short, we have tested multiple versions of the login taf in which  
we

did everything from separation of the taf itself into various
components all the way to substituting the frame-set with a single  
page

taf. The user seems get validated just fine, because we register and
update their "last visited on" profile. But the frameset page comes
right after and that's when they are thrown back to the login screen.
The only way we are able to avoid this is by substituting with a
non-frame-set page. In each of the "src URL(s)" we do have the
UserReferenceArgument variable passed.
I hope that's more clear than before. Please let me know if you need  
to

know more.

Best,
Stephen


On Feb 18, 2004, at 12:48 PM, Scott Cadillac wrote:

Hi Stephen,

Please describe in detail what you mean by "but then are kicked back
out
of the site". This is kind of a vague description of the problem,
which
will likely lead to some vague answers.

Here's me vague answer:

A trend I'm noticing lately with Home computers over Office ones, is
the
rapid adoption of Popup and Cookie blocking add-ons for browsers. And

of
course, people don't know how to properly set them.
For the most part, by default these add-ons compensate for "session-
cookies" so they don't break Sessions necessarily - but if your code
relies on any other kind of cookies, then you're users are in
trouble.
I say this, because I notice Office computer "policies" are slower to
adopt (or allow install) these kinds of downloadable "free" add-ons.
Lately I've taken to using some of these add-ons myself to make sure
my
systems keep working. And I noticed two things:

~~ Never rely on standard cookies (session-ccokies are still fine).

~~ Popup window killers are not very smart, and sometimes can't tell
the
difference between a user-invoked "window.open" and an event-
invoked "window.open" call.
Hope this helps. Cheers....

Scott Cadillac,
403-281-6090 ~ [EMAIL PROTECTED]
------------
XML-Extranet ~ http://xmlx.ca ~ http://forums.xmlx.ca
Well-formed Programming in C# .NET, Witango, MSIE and XML
------------
Witango ~ http://witango.org
EasyXSLT ~ http://easyxslt.ca
IIS Watcher ~ http://iiswatcher.ca
------------
-----Original Message-----
From: Stephen Su <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Wed, 18 Feb 2004 09:10:32 -0500
Subject: Witango-Talk: Secured User Access
We have a site completely built on witango that is accessed via. the
"https" gateway. It is built around multiple frames. When people try

to
login, they seem to make it into our validation process, but then
are
kicked back out of the site. This happens only on windows machines
and
mostly on XP. No clients have problem from their office computers,
most
occurrences only happen at home. Is there a security setting in XP
or
any of the windows systems that's causing this? Any other common
experiences?
Please advise,
Stephen

______________________________________________________________________
_
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf


______________________________________________________________________ 
_
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
______________________________________________________________________ 
_
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
_______________________________________________________________________ 
_
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf