Session Control in PH Web

Jeff Hoffman wonicon at optusnet.com.au
Tue Aug 7 09:09:37 CDT 2007 

Hi

Or you could take some known user identification, apply a 1 way 
encryption routine, then pass this value, you can check it later by 
getting the user values again and apply the encryption routine and 
compare to the values.

User values could include machine name, dob, name etc even current 
date, that way the passed value will change each day.

A simple encryption routine would be to build a key split it in half, 
hash each half then multiply or divide the values, just as long as 
you can duplicate the result consistently.

Jeff

At 09:39 PM 7/08/2007, you wrote:
>you could even try somthing like
>
>idfile_temp = ascii( date ... + ... time ... + ph random... + .txt
>if not setsytemval (dict_session_file, idfile_temp ...
>rc_temp = " cmd /c echo %random% >  " + idfile_temp
>run command rc_temp wait
>get dict_session_file
>
>----- Original Message -----
>From: <mailto:atla38 at dsl.pipex.com>Joe Boyle
>To: <mailto:kim_han79 at yahoo.com.sg>'Han Han' ; 
><mailto:powerh-l at lists.sowder.com>powerh-l at lists.sowder.com
>Sent: Tuesday, August 07, 2007 12:03 PM
>Subject: RE: Session Control in PH Web
>
>You could use the date and time to generate a random number ( on the 
>login page ), then use the three values to write a record to table 
>containing a 'auto increment' column. Now retrieve the record and 
>use the auto increment' column value as the session id. The 
>assumption being that a) date and time generate a different random 
>number for different logins and b) there isn't a PHweb session id.
>You could always replace the random number with a value entered by 
>the user if a) isn't the case.
>
>
>----------
>From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com 
>[mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On 
>Behalf Of Han Han
>Sent: 07 August 2007 03:24
>To: powerh-l at lists.sowder.com
>Subject: Session Control in PH Web
>
>Hello Guys,
>
>We are developing PH web application. We come across issue on user 
>login security.
>Currently we are using Database to create user and their login password.
>IN PHP / ASP, there is a syntax call 'session' to capture the value 
>of login session (hidden & encrpyted) and be able to pass from page to page.
>Is there any command in PH Web to do the same feature as 'session' ?
>
>PH Web version: 8.41D1 Axiants 4GL 3.4D1
>O/S: Windows 2003
>Database: MS SQL
>
>Regards,
>Kim Han
>
>
>
><http://answers.yahoo.com.sg>
>[]
>
>Real people. Real questions. Real answers. 
><http://answers.yahoo.com.sg>Share what you know.
>
>
>----------
>--
>= = = = = = = = = = = = = = = = = = = = = = = = = = = =
>Mailing list: powerh-l at lists.sowder.com
>Subscribe: &quot;subscribe&quot; in message body to 
>powerh-l-request at lists.sowder.com
>Unsubscribe: &quot;unsubscribe &lt;password&gt;&quot; in message 
>body to powerh-l-request at lists.sowder.com
>http://lists.sowder.com/mailman/listinfo/powerh-l
>This list is closed, thus to post to the list you must be a subscriber.
>Add 'site:lists.sowder.com powerh-l' to your search terms to search 
>the list archive at Google.
>
>--
>= = = = = = = = = = = = = = = = = = = = = = = = = = = =
>Mailing list: powerh-l at lists.sowder.com
>Subscribe: &quot;subscribe&quot; in message body to 
>powerh-l-request at lists.sowder.com
>Unsubscribe: &quot;unsubscribe &lt;password&gt;&quot; in message 
>body to powerh-l-request at lists.sowder.com
>http://lists.sowder.com/mailman/listinfo/powerh-l
>This list is closed, thus to post to the list you must be a subscriber.
>Add 'site:lists.sowder.com powerh-l' to your search terms to search 
>the list archive at Google.

More information about the powerh-l mailing list