NetTalk Central

Author Topic: Login Form "remember me" doesn't remember the user  (Read 1927 times)

DonnEdwards

  • Jr. Member
  • **
  • Posts: 56
    • View Profile
    • Insights and Rants
    • Email
Login Form "remember me" doesn't remember the user
« on: May 29, 2021, 06:05:09 AM »
I have searched other forum posts dealing with the "remember me" option, but not found any answers for my question. The "BasicWithLogin (3)" example doesn't have a "remember me" option, and "LoginBeforeFrame (7)" has "remember me on this computer" but it doesn't.

I have a simple Web Server app that just needs to know who is using the app. So the login test is simple:

WebHandler / Embeds / Local Objects / p_web / Authenticate PROCEDURE(String pUser,String pPassword)

IF (pUser = 'Donn' AND pPassword = 'Donn') or (pUser = 'Brian' AND pPassword = 'Brian')
    ReturnValue = true
    p_web.SetSessionValue('UserName',pUser,'@s20')
    self.SetSessionLevel(2)
END


In the Priming section of the login form I have added:
loc:Remember = p_web.GetValue('loc:Remember')

and in the ValidateUpdate embed point I have made a small change to the sample code:

      if loc:remember = 1
        p_web.SetCookie('loc__login',loc:login,today()+30)       ! note the expiry date. It's good form
!            p_web.SetCookie('loc__password',loc:password,today()+30) ! to make sure your cookies expire sometime.
            p_web.SetCookie('loc__remember',loc:remember,today()+30)
      else
        ! don't remember, so clear cookies in browser.
        p_web.DeleteCookie('loc__login')
        p_web.DeleteCookie('loc__password')
        p_web.DeleteCookie('loc__remember')
      End


So now I can see that the cookie only has a value for loc__remember and loc__login and I have dropped the password requirement.

What I can't find is any example of the server inspecting the cookie and treating the user as logged in within the 30 days specified by the cookie.

I realize I need to run some code something like:

if p_web.GetSessionLoggedIn() = 0 then
        pUser = p_web.GetValue('loc:login')
        pRemember = p_web.GetValue('loc:remember')
        if pRemember then
               if pUser = 'Donn' or pUser = 'Brian' then
                   p_web.SetSessionValue('UserName',pUser,'@s20')
                   p_web.ValidateLogin()                   ! this sets the session to "logged in"
                   p_web.SetSessionLevel(2)
              end
       end
end


But where do I put this code so that it runs before a page is displayed?

Any advice or code correction will be most welcome.
« Last Edit: May 30, 2021, 05:54:29 AM by DonnEdwards »
If you're happy with your security, then so are the bad guys

Jane

  • Sr. Member
  • ****
  • Posts: 348
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: Login Form "remember me" doesn't remember the user
« Reply #1 on: May 29, 2021, 09:31:22 AM »
Donn,

Are you looking for your app to
pre-populate the login name (and possibly password) on your login screen?
or
automatically log-in the user?

For the latter, check the user group webinar 263  from about 18:00 onwards.

For the former, just wizard up a new web app from scratch (you don't need a dictionary or anything complicated).  For me, it automatically populates the login form (see pic).  I'm guessing that's due to the call to self._ReadCookies(self.RequestData.Datastring) in the NetWebServerWorkerBase.ProcessRequest method in netweb.clw.

A bit of additional code you should add IMNSHO is to delete those cookie values should the user later clear the Remember me checkbox.

I have this embedded in the Validate::Loc:Remember routine on the login form:

  do ValidateValue::Loc:Remember  ! copies value to session value if valid.
  ! Start of "After Validate New Value"
  ! [Priority 5000]
  !MY EMBED CODE:
    if loc:remember = 0
      p_web.DeleteCookie('loc__login')
      p_web.DeleteCookie('loc__password')
      p_web.DeleteCookie('loc__remember')
    end ! if   
 
  ! End of "After Validate New Value"

  p_web.PushEvent('parentupdated')
  do Refresh::Loc:Remember   ! Field is auto-validated
  do SendMessage
  p_web.ntForm(loc:formname,'ready')

Hope that helps.

Jane

« Last Edit: May 29, 2021, 09:34:07 AM by Jane »

Jane

  • Sr. Member
  • ****
  • Posts: 348
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: Login Form "remember me" doesn't remember the user
« Reply #2 on: May 29, 2021, 09:51:14 AM »
Here's the app I wizarded to make the screen shot.

DonnEdwards

  • Jr. Member
  • **
  • Posts: 56
    • View Profile
    • Insights and Rants
    • Email
Re: Login Form "remember me" doesn't remember the user
« Reply #3 on: May 29, 2021, 12:27:12 PM »

For the latter, check the user group webinar 263  from about 18:00 onwards.

Hope that helps.

Jane

Thank you Jane, that helps a great deal. From the video I took the attached screen shot. My working code is a little different for the Webhandler ProcessLink embed point after PARENT.ProcessLink(p_action)

    if p_web.GetSessionLoggedIn() = 0 then
!        UD.Debug('This is the value of p_web.GetValue(loc:login) ' & p_web.GetValue('loc:login'))
!        UD.Debug('This is the value of p_web.GetValue(loc:remember) ' & p_web.GetValue('loc:remember'))
        if p_web.GetValue('loc:login') and p_web.GetValue('loc:password') and p_web.GetValue('loc:remember') then
            if self.Authenticate(p_web.GetValue('loc:login'),p_web.GetValue('loc:password'))
                p_web.ValidateLogin()                   ! this sets the session to "logged in"
                p_web.SetSessionValue('loc:hash',0)     ! clear the hash, so this login can't get "replayed".                   
!                UD.Debug('This is the value of p_web.GetSessionLoggedIn() ' & p_web.GetSessionLoggedIn())
            end
        end
    end


Also, I had to modify the LoginForm so that the "Logout" menu item would work. After the statements
  p_web.site.SaveButton.TextValue = 'Login'
  p_web.site.SaveButton.Tooltip = 'Click here to Login'

the next bit of code should read

    p_web.SetSessionLoggedIn(0)
    p_web.DeleteCookie('loc__login')
    p_web.DeleteCookie('loc__password')
    p_web.deletesessionvalue('loc:login')
    p_web.deletesessionvalue('loc:password')
!   p_web.deletesessionvalue('loc:remember')
    p_web.deletevalue('loc:login')
    p_web.deletevalue('loc:password')


I will follow up on your advice about the "Remember me" button being cleared.

Many thanks
Donn
« Last Edit: May 30, 2021, 05:55:09 AM by DonnEdwards »
If you're happy with your security, then so are the bad guys