powerh-l Digest, Vol 27, Issue 12
Deskin, Bob
Bob.Deskin at Cognos.COM
Wed Aug 8 08:57:07 CDT 2007
This assumes that PowerHouse Web can get the MAC address. PHCGI has available to it whatever environment variables the Web Server sets. I don't believe that the MAC address is amont them.
Bob
-----Original Message-----
From: powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com [mailto:powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com] On Behalf Of Birket Foster
Sent: August 8, 2007 9:31 AM
To: powerh-l at lists.sowder.com
Subject: RE: powerh-l Digest, Vol 27, Issue 12
Hi Bob,
Could a MAC address be used in conjunction with the time to get a totally unique id ... and this solves what happens if more than one session starts from the same PC/other device.
Birket Foster
M.B. Foster Associates - The 1-800-ANSWERS Team!
Forging the Future of Software Integration www.MBFoster.com
(613) 448-2333 ext. 204
******** Important Notice ********
This Message and any files transmitted is intended only for the use of the individual or entity to which it is addressed, and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee, or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disseminating, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify M.B. Foster Associates Limited immediately by telephone at (613) 448-2333 [call collect] - Thank You.
-----Original Message-----
From: powerh-l-bounces+birket=mbfoster.com at lists.sowder.com [mailto:powerh-l-bounces+birket=mbfoster.com at lists.sowder.com] On Behalf Of powerh-l-request at lists.sowder.com
Sent: Wed,August 08, 2007 8:08 AM
To: powerh-l at lists.sowder.com
Subject: powerh-l Digest, Vol 27, Issue 12
Send powerh-l mailing list submissions to
powerh-l at lists.sowder.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.sowder.com/mailman/listinfo/powerh-l
or, via email, send a message with subject or body 'help' to
powerh-l-request at lists.sowder.com
You can reach the person managing the list at
powerh-l-owner at lists.sowder.com
When replying, please edit your Subject line so it is more specific than "Re: Contents of powerh-l digest..."
Today's Topics:
1. RE:Session Control in PH Web - new feature suggestion for
phweb (Deskin, Bob)
2. RE:Session Control in PH Web - new feature suggestion for
phweb (Han Han)
3. RE:Session Control in PH Web - new feature suggestion for
phweb (Joe Boyle)
----------------------------------------------------------------------
Message: 1
Date: Tue, 7 Aug 2007 13:00:13 -0400
From: "Deskin, Bob" <Bob.Deskin at Cognos.COM>
Subject: RE: Session Control in PH Web - new feature suggestion for
phweb
To: "Joe Boyle" <atla38 at dsl.pipex.com>, "Han Han"
<kim_han79 at yahoo.com.sg>, <powerh-l at lists.sowder.com>
Message-ID:
<2B4E386EAEC90947802323BF373DC0EC0B971E43 at sottemail1.ent.ad.cognos.com>
Content-Type: text/plain; charset="us-ascii"
Reasonably unique is not unique. Browser IPs as provided by the Web server environment variables provide the IP to return the results page to the browser. But if the browser is behind a router, that IP may not be unique to a specific PC. Regardless, we do have an enhancement on the list to provide these values.
As for a system function, it's probably not worth the effort since any value that's received in the request can be obtained by declaring a temporary and doing an ACCEPT in the INITIALIZE procedure.
As for generating a unique ID, there are many different requirements and it's easier for customers to put their own together from things like SYSDATETIME, the result of the RANDOM function, and so on.
Bob
-----Original Message-----
From: Joe Boyle [mailto:atla38 at dsl.pipex.com]
Sent: August 7, 2007 12:53 PM
To: Deskin, Bob; 'Han Han'; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
Given that the return address of the browser must be reasonably unique, allow a system call ( along the lines of 'userid/logonid') to return the value of the address of the browser. This would help enable sessionid processing.
Obviously, it would be even easier if PHweb simply generated the equivalent of a unique sessionid :-)
________________________________
From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com
[mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On Behalf Of Deskin, Bob
Sent: 07 August 2007 14:46
To: Han Han; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web
There is no session ID in PH Web because PH Web is stateless. In other words, once a request has been satisfied, the PH Web Server does not retain any information about that request. As Joe has pointed out, you can easily generate a unique number and pass it back and forth.
Bob
-----Original Message-----
From:
powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com
[mailto:powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com] On Behalf Of Han Han
Sent: August 6, 2007 10:24 PM
To: powerh-l at lists.sowder.com
Subject: Session Control in PH Web
Hello Guys,
We are developing PH web application. We come across
issue on user login security.
Currently we are using Database to create user and their login password.
IN PHP / ASP, there is a syntax call 'session' to
capture the value of login session (hidden & encrpyted) and be able to pass from page to page.
Is there any command in PH Web to do the same feature as 'session' ?
PH Web version: 8.41D1 Axiants 4GL 3.4D1
O/S: Windows 2003
Database: MS SQL
Regards,
Kim Han
________________________________
<http://answers.yahoo.com.sg>
Real people. Real questions. Real answers. Share what
you know <http://answers.yahoo.com.sg> .
This message may contain privileged and/or confidential information. If you have received this e-mail in error or are not the intended recipient, you may not use, copy, disseminate or distribute it; do not open any attachments, delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20070807/a083d032/attachment.html
------------------------------
Message: 2
Date: Wed, 8 Aug 2007 14:45:14 +0800 (CST)
From: Han Han <kim_han79 at yahoo.com.sg>
Subject: RE: Session Control in PH Web - new feature suggestion for
phweb
To: powerh-l at lists.sowder.com
Message-ID: <422747.63523.qm at web33509.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello Guys,
I'm appreciate on all the reply and i will try work it out with the suggestion given.
I also hope that PHweb can generated the unique sessionid in the next echancement just as Joe suggested.
Thanks & Regards
Kim Han
---------------------------------
Real people. Real questions. Real answers. Share what you know.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20070808/25bece65/attachment.htm
------------------------------
Message: 3
Date: Wed, 8 Aug 2007 13:03:00 +0100
From: "Joe Boyle" <atla38 at dsl.pipex.com>
Subject: RE: Session Control in PH Web - new feature suggestion for
phweb
To: "'Han Han'" <kim_han79 at yahoo.com.sg>, <powerh-l at lists.sowder.com>
Message-ID: <01e301c7d9b4$12c26960$639bd255 at qwertya974dc67>
Content-Type: text/plain; charset="us-ascii"
I am guessing that if two users login at the same 8 digit time ( I don't know if the processing of PHweb would ever enable this) , the PHrandom function will return the same value; so, I would say that a reasonably unique browser IP ( in conjunction with 8 digit time) would be more effective than a PHrandom result.
That said, the windows %random% call seems pretty useful, but a database of used session id's (%random% values) would probably need to be maintained - however they are generated, in order to ensure that you aren't giving out duplicates.
If the PHwebservers were able to maintain a counter in memory, incremented when activated, and the individual PHwebservers per application worked on specific ranges of values, a unique sessionid would easily be available.
In conjunction with date and 8 digit time the combined result would be unique, even if the PHwebserver were left running for thousands of years ( an 8 byte integer using only fifty two bits can count up to 4503599627370496
- I only ever saw quiz accurate up to about 8999999999999999 - 52ish bits ).
I have some notes containing some tips on returning random values below, it wasn't complete, but the approach worked at the time for PH on Windows ( didn't test with PHweb). With MSSQL I still like the idea of referencing an autoincrement column, but the key segments have to be unique in order to retrieve the correct row - so that obviates the need for the autoincrement column.
type dict_session_file.cmd
set v_dict_session_file=%1
echo %v_dict_session_file%
qutil < c:\ph\sqlserver\v_dict_session_file.in > c:\ph\sqlserver\makefile.log
exit
type idsession.qts
can cle
run n1
req q1 proc lim 1 input lim 1
acc file_lock
choose orderid 99999999
define t_sess char*10 = parm
output dict_session_file add
item word final t_sess
type idsession.qks
can clear
screen idsession menu
temporary t_seed integer *8 size 4 reset at startup
temporary t_sess float reset at startup
temporary t_count integer reset at startup
temporary idfile_temp character *100 reset at startup
temporary rc_temp character *150 reset at startup
file dict_session_file designer close
field t_sess id 1
procedure internal isef
begin
let idfile_temp = truncate ( &
"c:\ph\sqlserver\f_" + ascii( sysdate ) + ascii (systime) + ".dat")
if not setsystemval ("v_dict_session_file", idfile_temp )
then error "not set "
let rc_temp = "cmd /c c:\ph\sqlserver\dict_session_file.cmd " + idfile_temp
+ " > c:\ph\sqlserver\dict_session_file.log"
run command rc_temp
let rc_temp = "cmd /c echo %random% > c:\ph\sqlserver\idsession.ran "
run command rc_temp
let rc_temp = &
;both below work fine
;"cmd /c qtp auto=c:\ph\sqlserver\idsession.qtc < c:\ph\sqlserver\idsession.ran > idsession.log"
"cmd /c echo %random% | qtp auto=c:\ph\sqlserver\idsession.qtc > idsession.log"
run command rc_temp
get dict_session_file seq
close dict_session_file
info = word now response
end
procedure internal ises
begin
let t_sess = random( t_seed) * 1000
end
procedure initialize
begin
let t_seed = systime
let t_count = t_count + 1
do internal isef
display t_sess
info = ascii (t_count) + " <> " + ascii ( t_sess) now response
return
end
build list
_____
From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com
[mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On Behalf Of Deskin, Bob
Sent: 07 August 2007 18:00
To: Joe Boyle; Han Han; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
Reasonably unique is not unique. Browser IPs as provided by the Web server environment variables provide the IP to return the results page to the browser. But if the browser is behind a router, that IP may not be unique to a specific PC. Regardless, we do have an enhancement on the list to provide these values.
As for a system function, it's probably not worth the effort since any value that's received in the request can be obtained by declaring a temporary and doing an ACCEPT in the INITIALIZE procedure.
As for generating a unique ID, there are many different requirements and it's easier for customers to put their own together from things like SYSDATETIME, the result of the RANDOM function, and so on.
Bob
-----Original Message-----
From: Joe Boyle [mailto:atla38 at dsl.pipex.com]
Sent: August 7, 2007 12:53 PM
To: Deskin, Bob; 'Han Han'; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
Given that the return address of the browser must be reasonably unique, allow a system call ( along the lines of 'userid/logonid') to return the value of the address of the browser. This would help enable sessionid processing.
Obviously, it would be even easier if PHweb simply generated the equivalent of a unique sessionid :-)
_____
From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com
[mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On Behalf Of Deskin, Bob
Sent: 07 August 2007 14:46
To: Han Han; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web
There is no session ID in PH Web because PH Web is stateless. In other words, once a request has been satisfied, the PH Web Server does not retain any information about that request. As Joe has pointed out, you can easily generate a unique number and pass it back and forth.
Bob
-----Original Message-----
From: powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com
[mailto:powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com] On Behalf Of Han Han
Sent: August 6, 2007 10:24 PM
To: powerh-l at lists.sowder.com
Subject: Session Control in PH Web
Hello Guys,
We are developing PH web application. We come across issue on user login security.
Currently we are using Database to create user and their login password.
IN PHP / ASP, there is a syntax call 'session' to capture the value of login session (hidden & encrpyted) and be able to pass from page to page.
Is there any command in PH Web to do the same feature as 'session' ?
PH Web version: 8.41D1 Axiants 4GL 3.4D1
O/S: Windows 2003
Database: MS SQL
Regards,
Kim Han
_____
<http://answers.yahoo.com.sg>
Real people. Real questions. Real answers. Share what you know <http://answers.yahoo.com.sg> .
This message may contain privileged and/or confidential information. If you have received this e-mail in error or are not the intended recipient, you may not use, copy, disseminate or distribute it; do not open any attachments, delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20070808/981ba27e/attachment.html
------------------------------
--
= = = = = = = = = = = = = = = = = = = = = = = = = = = =
Mailing list: powerh-l at lists.sowder.com
Subscribe: "subscribe" in message body to powerh-l-request at lists.sowder.com
Unsubscribe: "unsubscribe <password>" in message body to powerh-l-request at lists.sowder.com http://lists.sowder.com/mailman/listinfo/powerh-l
This list is closed, thus to post to the list you must be a subscriber. Add 'site:lists.sowder.com powerh-l' to your search terms to search the list archive at Google.
End of powerh-l Digest, Vol 27, Issue 12
****************************************
--
= = = = = = = = = = = = = = = = = = = = = = = = = = = =
Mailing list: powerh-l at lists.sowder.com
Subscribe: "subscribe" in message body to powerh-l-request at lists.sowder.com
Unsubscribe: "unsubscribe <password>" in message body to powerh-l-request at lists.sowder.com http://lists.sowder.com/mailman/listinfo/powerh-l
This list is closed, thus to post to the list you must be a subscriber. Add 'site:lists.sowder.com powerh-l' to your search terms to search the list archive at Google.
More information about the powerh-l
mailing list