WEBLOGCOOKIE (JANUS DEFINE parameter): Difference between revisions
m (1 revision) |
mNo edit summary |
||
Line 1: | Line 1: | ||
{{DISPLAYTITLE:WEBLOGCOOKIE}} | {{DISPLAYTITLE:WEBLOGCOOKIE}} | ||
<span class="pageSubtitle"><section begin="desc" />cookie-name<section end="desc" /></span> | <span class="pageSubtitle"><section begin="desc" />WEBLOGCOOKIE cookie-name -- log user with web cookie id.<section end="desc" /></span> | ||
WEBLOGCOOKIE is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | WEBLOGCOOKIE is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | ||
This parameter indicates that, for public URLs, Janus Web should log the user in with the userid specified by cookie-name. Normally, all public URL logins use the default public userid (usually WEBUSER). This parameter simply allows applications to set their own public userids. One way to do this is with the Janus Web API function [[$Web_Set_Cookie]]. | |||
This parameter indicates that, for public URLs, Janus Web should log the user in with the userid specified by cookie-name. Normally, all public URL logins use the default public userid (usually WEBUSER). This parameter simply allows applications to set their own public userids. One way to do this is with the Janus Web API function $Web_Set_Cookie. | |||
If you specify the WEBLOGCOOKIE parameter, use caution if you also use the WEBPUBLOG parameter. WEBPUBLOG logins use CCASTAT or an external authorizer for public logins, therefore if a login cookie specifies a userid which has system privileges, a security breach is possible. For this reason, use of WEBLOGCOOKIE with WEBPUBLOG is not recommended, but it is not explicitly prohibited. | If you specify the WEBLOGCOOKIE parameter, use caution if you also use the WEBPUBLOG parameter. WEBPUBLOG logins use CCASTAT or an external authorizer for public logins, therefore if a login cookie specifies a userid which has system privileges, a security breach is possible. For this reason, use of WEBLOGCOOKIE with WEBPUBLOG is not recommended, but it is not explicitly prohibited. |
Revision as of 16:47, 14 March 2011
<section begin="desc" />WEBLOGCOOKIE cookie-name -- log user with web cookie id.<section end="desc" />
WEBLOGCOOKIE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.
This parameter indicates that, for public URLs, Janus Web should log the user in with the userid specified by cookie-name. Normally, all public URL logins use the default public userid (usually WEBUSER). This parameter simply allows applications to set their own public userids. One way to do this is with the Janus Web API function $Web_Set_Cookie.
If you specify the WEBLOGCOOKIE parameter, use caution if you also use the WEBPUBLOG parameter. WEBPUBLOG logins use CCASTAT or an external authorizer for public logins, therefore if a login cookie specifies a userid which has system privileges, a security breach is possible. For this reason, use of WEBLOGCOOKIE with WEBPUBLOG is not recommended, but it is not explicitly prohibited.
Note that some browsers do not support cookies (though most do) and end-users can turn off support of the cookies feature. An end-user using a browser that does not support cookies or has their support turned off will be logged in using the default public userid (usually WEBUSER).
Public logins which use a WEBLOGCOOKIE cookie will participate in web logging.
Valid only for WEBSERV ports.
References
See: List of Janus commands | List of JANUS DEFINE parameters.