views:

919

answers:

3

Previously I had posted a program and asked about handling cookies in Javascript. I had posted one code and u can find it in my other question. Many gave good answers and I aslo tried their solutions. But since I am new to this html and javascript may be I dont know how to find bugs and debug it.

So can anybody please post their solution for this problem. I want a webpage to be created in which it should check a cookie upon loading. If the cookie is 20 mins older it has to go to login page(ask for usename and password). Otherwise no login is required and it should directly come to one page(it is being designed).

So if anybody is already having a similar or exact code(in which time cookie is maintained) kindly post it.

Regards Chaithra

+7  A: 

It sounds like you're trying to implement a login system using javascript. If this is the case, STOP. All forms of authentication should take place on the server side, and you can use sessions to determine how long it has been since activity from that account. "Cracking" client-side (eg: javascript) security measures is laughably easy.

nickf
can u tell any tutorial on web to guide this..
Chaithra
http://www.google.com/search?q=php%20authentication%20tutorialhttp://www.google.com/search?q=asp.net%20authentication%20tutorial
nickf
thank you nickf
Chaithra
+2  A: 

As nickf said, session timeout is best handled by the server side. The presence of a cookie is used to locate the session, not to implement the timeout. Session cookies are usually what's used to track session state - not the ones that expire. They last as long as the browser is open.

The server side, when processing a request, uses the cookie's value (usually a long random, hard to guess string) to locate the user's session. If the session isn't present, it can respond with a redirect to the login page.

EDIT: In the comments you said you're using goAhead - I'm having difficulty accessing their wiki but assuming it's close to Microsoft's ASP, see this link from webmaster-talk's asp-forum for an example of how to process a login. The part to note on the login page is:

   session("UserID") = rs.Fields("usrName")

and the part that checks on each page load the sessions is still good is:

    if (session("UserID") = "") then
        response.redirect("default.asp")

This is like I outlined in the notes below, driving the timeout detection from the server side and letting the framework (goAhead in your case) do all the cookie magic and timeout on inactivity.

Tony Lee
I dont know what is framework and all... can u pls simplify ur question
Chaithra
Frameworks: php, asp.net, asp, jsp, cgi. What language are you writing the server side in? How are the web pages delivered by the server?
Tony Lee
we have a web server it is go ahead web server. we are simply building web pages ... we are using html and javascript..
Chaithra
goAhead is ASP like. In ASP you store login state in 'Session' (eg Session[loggedIn] = true on login). On each page, check if Session[loggedIn] <> true then response.redirect(loginpage.asp). The web server handles resetting the Session state on inactivity (ie, Session[loggedIn] will be cleared).You'll likely get better responses and no down votes if you re-ask your question as how to manage a login/timeout for goAhead's web server.
Tony Lee
ok..thanks...a ,ot...
Chaithra
+2  A: 

Short answer - This is a pretty good tutorial...click here...

Better answer - If you're going to create a login system you need to understand cookies, sessions, forms, and security (injection!!!) before you start on anything that is implemented for serious use. You should know to avoid client-side scripting for things like login before you even start. I'd recommend you keep looking at tutorials. You might want to look at things like the difference between different languages and when best to use which.

McAden