FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
You could record IP addresses the first time they login and use that. if you really wanted to use cookies, I see two options: WWWC or Javascript. In WWWC see wwhttpheader.addcookie and wwrequest.getcookie in the WWWC docs.
Ryan,
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
loHeader=CREATEOBJECT("wwHTTPHeader")
loHeader.DefaultHeader()
loHeader.AddCookie(various parameters)
I'm assuming I don't need to actually create the object, just reference it and the correct header. Correct? If so, how.
Thanks!
IMO the problem with setting a long timeout is that it uses licenses.
You could record IP addresses the first time they login and use that. if you really wanted to use cookies, I see two options: WWWC or Javascript. In WWWC see wwhttpheader.addcookie and wwrequest.getcookie in the WWWC docs.
Ryan,
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.valueTEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
var date = new Date();
date.setTime(date.getTime());
var name = "MyCookie";
var value = "<<lcCookieValue>>" ;
document.cookie = name+"="+value+expires+"; path=/";endtext
return lcResult1
else
endif
Or if you want to get a little fancier you could have this in your js library:
function createCookie(name,value,days) {
if (days) {
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
Then in your click:
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.value
lcName = "MyCookie"
lddate = gomonth(date().6)TEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
createCookie("<<lcName>>", "<<lcCookieValue>>", lddate);endtext
return lcresult1
else
endif
What is the best way to get access into wwHTTPHeader inside a form's button.click() so I can create a cooking (wwwc doc's show example like this):
loHeader=CREATEOBJECT("wwHTTPHeader")
loHeader.DefaultHeader()
loHeader.AddCookie(various parameters)
I'm assuming I don't need to actually create the object, just reference it and the correct header. Correct? If so, how.
Thanks!
IMO the problem with setting a long timeout is that it uses licenses.
You could record IP addresses the first time they login and use that. if you really wanted to use cookies, I see two options: WWWC or Javascript. In WWWC see wwhttpheader.addcookie and wwrequest.getcookie in the WWWC docs.
Ryan,
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
One last cookie question. If I'm storing a user name in the cookie, and the user logs out, how do I clear the values in the cookie? (I was expecting something like form.wCookieDelete() or form.wCookieClear() but I must be missing it)
if you are doing it from a button's click, I would use javascript like this:
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.valueTEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
var date = new Date();
date.setTime(date.getTime());
var name = "MyCookie";
var value = "" ;
document.cookie = name+"="+value+expires+"; path=/";endtext
return lcResult1
else
endif
Or if you want to get a little fancier you could have this in your js library:
function createCookie(name,value,days) {
if (days) {
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
Then in your click:
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.value
lcName = "MyCookie"
lddate = gomonth(date().6)TEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
createCookie("" , "" , lddate);endtext
return lcresult1
else
endif
What is the best way to get access into wwHTTPHeader inside a form's button.click() so I can create a cooking (wwwc doc's show example like this):
loHeader=CREATEOBJECT("wwHTTPHeader")
loHeader.DefaultHeader()
loHeader.AddCookie(various parameters)
I'm assuming I don't need to actually create the object, just reference it and the correct header. Correct? If so, how.
Thanks!
IMO the problem with setting a long timeout is that it uses licenses.
You could record IP addresses the first time they login and use that. if you really wanted to use cookies, I see two options: WWWC or Javascript. In WWWC see wwhttpheader.addcookie and wwrequest.getcookie in the WWWC docs.
Ryan,
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
only the user can remove cookies from his/her browser memory, server can only add a cookie to the HTTP response, and this cookie may replace a cookie existing in the browser with the same scope:
- name (tcCookie)
- path (tcPath)
- domain (tcDomain)
(tlHTTPonly)
(tlSecure)
in this case you have several solutions:
- set the cookie value to a non-significant value such as '' or 'N/A'
- set the cookie expiration date to yesterday
Thanks to Thierry adding support, I got cookies working using form.wCookieAdd(). Very cool.
One last cookie question. If I'm storing a user name in the cookie, and the user logs out, how do I clear the values in the cookie? (I was expecting something like form.wCookieDelete() or form.wCookieClear() but I must be missing it)
if you are doing it from a button's click, I would use javascript like this:
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.valueTEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
var date = new Date();
date.setTime(date.getTime());
var name = "MyCookie";
var value = "" ;
document.cookie = name+"="+value+expires+"; path=/";endtext
return lcResult1
else
endif
Or if you want to get a little fancier you could have this in your js library:
function createCookie(name,value,days) {
if (days) {
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
Then in your click:
IF (Type('m.thisForm.wlHTMLgen') == 'L' AND m.thisForm.wlHTMLgen)* get value for cookie
* assumes we do not wish to add an expiration date. if we did set the var date
lcCookieValue = table.value
lcName = "MyCookie"
lddate = gomonth(date().6)TEXT TO lcResult1 TEXTMERGE NOSHOW FLAGS 1 PRETEXT 15
createCookie("" , "" , lddate);endtext
return lcresult1
else
endif
What is the best way to get access into wwHTTPHeader inside a form's button.click() so I can create a cooking (wwwc doc's show example like this):
loHeader=CREATEOBJECT("wwHTTPHeader")
loHeader.DefaultHeader()
loHeader.AddCookie(various parameters)
I'm assuming I don't need to actually create the object, just reference it and the correct header. Correct? If so, how.
Thanks!
IMO the problem with setting a long timeout is that it uses licenses.
You could record IP addresses the first time they login and use that. if you really wanted to use cookies, I see two options: WWWC or Javascript. In WWWC see wwhttpheader.addcookie and wwrequest.getcookie in the WWWC docs.
Ryan,
Please take a moment reading the wwSession class documentation http://www.west-wind.com/webconnection/docs/_s8413ze4y.htm
A short answer:
- cookie expiration date is 6 month ahead, far more than the session duration
- session expires on the server - you can set session duration as long as 4,085.78 years (2^31 minutes) in xxxTest|Prod.ini :
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- you can retrieve a previous session for the same cookie (userID) with the code posted earlier here
- you can store any variable in the session (instead of storing in the cookie):
Session.setSessionVariable('uVariable', m.uValue)
uValue = Session.getSessionVariable('uVariable')
Note that awSession extends wwSession to store not only the value but also the type of the data. Objects are also supported.
If the cookie is really a session ID, does this mean the cookie times out with the session? I was hoping store a user name and token in a cookie. Then if their session expires, the login screen looks for the cookie and automatically login them back in without them needing to enter anything (some of my users don't remember all their credentials so they only want to login once and just stay logged in, tough on the web). Is it possible to write out a username and token on their device (computer, iPhone, android phone, windows phone, etc)? Also, I saw that I could set thisform.wUserLogIn, is there a way to also add a token id as well (I need both)?
Thanks!
Hi Ryan,
FoxInCloud sets cookies automatically so you don't need to care.
Each couple (browser+machine) is assigned a cookie aka session ID; if existent, this cookie is part of any request received by the application; if no active session exists for this cookie, FAS opens one; empty of course.
sessions expire after a delay you set in xxx*.ini;
SessionTimeOutMin=30
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; {en} User disconnect / session expiration timeout in minutes
; {en} - Development: choose a rather high value (say 3000) to stay logged-in across server restart
; {en} - Production: choose a value matching your app's security requirements
; {en} > When session expires, user is automatically redirected to app home page
; {en} > Any expired session no longer accounts for Concurrent Active Session (CAS)
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
before executing any method of a form, eg .Init(), FAS runs .wUserSet(userID), where userID is the user ID for your application, of whatever type (integer or string generally), or .null. if unknown.
your login form.wUserSet() method could do:
procedure wUserSet(userID)if empty(nvl(m.userID, ''))
if !used('wwSession')
use wwSession in 0 again shared
endif
local array aa
select top 1 userID from wwSession where !empty(userID) order by lastin desc into array aa
if _tally > 0
userID = m.aa[1]
endif
use in wwSession
endif
if !empty(m.userID) and seek(cast(m.userId as yourType), 'user', 'ID')
this.txtLogin.Value = user.login
this.txtPass.Value = user.pass
endif
As per our customer's request, they don't want to keep logging in on their mobile phones and would like us to store their credentials. Are cookies the best way to do this in FIC? If so, does anyone have sample code or instructions on how to create cookies and how to read them? Thanks!
-- thn (FoxInCloud)
Hi Thierry,
I come back an old message ... Would you have an example of using wCookieAdd() and wCookieGet() ?
Thanks in advance
Hi Vincent,
Documentation and sample are those of WWWC:
- wCookieAdd: see wwResponse.addCookie()
- wCookieGet: see wwRequest.getCookie()
- online demo
OK. I have a txtLogin field and I wrote:
txtLogin.Valid()
THISFORM.wCookieAdd ("refdossier", THIS.Value)
txtLogin.Refresh_()
THIS.Value = THISFORM.wCookieGet ("refdossier")
But it's always the 1er value entered witch is displayed. What's wrong ?
please post more details about cookies in the request and the reponse from the developer tools > network
GEThttp://localhost/awScripts/Scriptaculous1.9.0/dragdrop.js[HTTP/1.1 200 OK 0ms]
En-têtesCookiesParamètresRéponseDélaisTrace de la pileURL de la requête :Méthode de la requête :Code d’état :200Modifier et renvoyerEn-têtes brutsVersion :En-têtes de la réponse (0 o)Accept-RangesbytesContent-Length31066Content-Typeapplication/javascriptDateWed, 29 Aug 2018 07:37:44 GMTETag"0b7a7a08327d11:0"Last-ModifiedWed, 25 Nov 2015 13:17:26 GMTServerMicrosoft-IIS/10.0X-Powered-ByASP.NETEn-têtes de la requête (0 o)Accept*/*Accept-Encodinggzip, deflateAccept-Languagefr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3Connectionkeep-aliveCookiedoo=59U0ONNNC; refdossier=123456789
DNT1HostlocalhostRefererhttp://localhost/dootest/Dooxi.dooUser-AgentMozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/61.0
refdossier is always the same
this is what we need to look at:
(see ficTutoTestCookie changing across requests)
please filter on the XHR
requests and show the 2 related requests where cookie is set with different values.
Screeshots from 2 different folders
We need the cookie
tab inside the network
tab for the 2 requests where .Valid()
and .Refresh()
execute
Is this what you need ?
yes for all requests where cookie is set on the server
I do not understand. That's not what I sent to you ?
I found, sorry! A bad refresh in the valid () ...
Everything seems to work, I'll confirm you
no worry, that's what discussion is for: see the problem from another perspective
Thanks for this. And it's works fine !
In fact, I have a problem. When I leave the browser and restart, the cookie "Refdossier" is disabled.
After executing wCookieAdd()
After restarting the browser:
Must we modify xxxServer.prg
in protected procedure lAppUserEnvSave
?
Documentation explains cookie expiration
Ok, thanks. But I don't understand how some sites record persistent cookies ...
Cookies can't last forever, just for a very far future; "NEVER" mimics that:
thisForm.wCookieAdd(tcCookie, tcValue, tcPath, "NEVER")
Ok, I know that.
I think this is not a storage problem but rather a request (screenshot attached).
The THISFORM.wCookieGet("Refdossier") request is in the Refresh_ () of a control. Should she be placed elsewhere ?
Ok, I know that
Unambiguous questions avoid this kind of situation and save responders' time.
For each request (classic or AJAX), the browser sends all applicable cookies based on the domain and path.
I need a global and complete view to help … You show an AJAX request; what is it exactly? which method? when was the cookie set previously? with which settings?
Can you check the cookies stored in your browser for this domain? (see attached SS)
I made bad tests and drew bad conclusions ... By default, the cookie is limited to the current session. It suffices to specify a lifetime in 4th parameter.
Thank you for your accompaniement