close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

SA and Cookies

Thread began 8/04/2009 2:54 pm by shadow329043 | Last modified 8/06/2009 3:49 pm by Eric Mittman | 1271 views | 3 replies |

shadow329043

SA and Cookies

Hi all - I am encountering a problem with a site that I am setting up a user registration system on. I am thinking that the problem has to do with the cookies.

I am now testing the user registration system generated by SA. In a security test, I entered the wrong user name to see how SA would react.......I was locked out. When I clicked on the login link, I was immediately directed to the "Access Denied" page and wasn't allowed to attempt to log in. I tried the same procedure with Firefox (because it is easier to delete individual cookies).....got locked out and when I deleted the cookie from my website, I was allowed to log in again. That is how I discovered what caused the problem. I do also own the Cookie Toolkit but am not sure if it is what I need to fix the problem.

Now.....I want to set up the registration system to allow for at least 3 tp 5 attempts without the immediate lockout. Do I delete the cookies displayed under server behaviors and recreate them? Will the Cookie Toolkit offer me the option to set the number of attempts?
When I tried the "Display cookie" function, I got an error message (I assume from SA) saying that "making this change would require changing code that is locked by a template or translator" and I don't really understand this.

Sign in to reply to this post

Eric Mittman

The reason you are denied access when entering the wrong username with the cookie being set is because of the auto login option. When this option is checked it will store the posted username and password in a cookie then attempt to login the user if they are not already logged in. Since these cookies have a value the script is attempting to auto log you in based on the values in the cookies. When you get the redirected to a restricted page you will be denied.

One way that you can get around this problem would be to set the failed redirect for the auto login to a page that unsets the cookies. Once these cookies have been unset you can attempt to login again.

If you wanted to make it like you have stated to allow a few login attempts you could record the number of times the user hits the failed redirect page that is resetting the cookie using an insert, and a recordset to count the number of entries for that user. If the count is greater than your limit then don't reset the cookie.

The error about the code being locked in the template is a problem that occurs from time to time when you attempt to insert server behaviors into a page derived from a template. Some ways to get around this are to temporarily detach the page from the template and add the server behavior, then re-attach the template. You can also apply the server behavior to another page and cut and paste it to your target page. Sometimes just restarting DW and trying it again will work also.

Sign in to reply to this post

shadow329043

Thanks for you reply - that answers all my questions. I have added a server behavior on the redirect page to reset those values.

Sign in to reply to this post

Eric Mittman

Your welcome, hopefully others that are trying to do something similar will be able to use this also.

Sign in to reply to this post

graham

Jason ... are you out there?

I have a login issue very similar to the subject of this thread ... a few of our users have encountered it in the last week.

When a user mistakenly tries to login to our site without having previously registered, security assist is set to redirect to login.php?failedLogin=1 - proper error statement displays and user retries. However, if that same non-registered user checks "remember my information" and "login automatically" and tries to login, security assist is set to redirect to login.php?failedLogin=1&failed_auto=1 - resulting in a 310 error : too many redirects.

How do I remedy the situation? How do I tell the user, without looping through the failed login, that their info is not in the database?

Sign in to reply to this post

Jason ByrnesWebAssist

go to the bindings panel and click the plus button, select URL Variable ands name it:
failedLogin

then add a set cookie value behavior for the auto login in cookie to reset it;s value to 0, for the trigger, click the lightning bolt icon, and select the failedLogin url variable.


you can also do the same for the username cookie, the password cookie and the remember me cookie.

Sign in to reply to this post

graham

Jason, on my login.php I have 2 Set Cookie Values already for each RememberMeUN, RememberMePWD, AutoLoginPWD and AutoLoginUN - the first has no set value, while the second is Log_In_group_Email/Password dependent. I am not to edit either of these, but to instead add another Set Cookie Value for each as described? I tried just that but had no luck with the looping issue. I have zipped the file in case you have a moment to investigate.

Attached Files
login.zip
Sign in to reply to this post

Jason ByrnesWebAssist

In the save for settings, set the number of days to 0 or a negative number.

also, leave the value blank instead of using 0.

Sign in to reply to this post

graham

That seems to have done it ... many thanks for the speedy reply, as always!

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...