Archive
Monthly
Go
|
|
DNN Blog
Jun
30
Posted by:
cathal connolly
Monday, June 30, 2008 11:58:00 PM
I've blogged before about how to make timeouts work correctly for persistent cookies, but thought I should also flag up a minor, but often requested, enhancement that will be in DotNetNuke 5.0. Whilst persistent cookies are useful for a lot of sites in some cases they're not approriate. Sites that require a higher level of security such as many financial, insurance, government or ecommerce sites often do not want to offer the choice of persistent cookies to their users - we've had a number of security audit's sent in to the security@dotnetnuke.com email alias where this has been flagged as an issue.
In 5.0, we've added an option so that the "remember me" checkbox can be removed. To access this, log in as a superuser and go to the Host Settings menu. There you'll see the option to enable the remember me checkbox. By default this will be checked to match the existing behaviour, simply uncheck this to remove the "remember me" checkbox the the user.
If you want to set this option before installation, you can add <RememberCheckbox>N</RememberCheckbox> as a node to the DotNetNuke.install.config
17 comment(s) so far...
Re: Disabling support for persistent cookies
nice addition!
By afromobile on
Tuesday, July 01, 2008 9:44:43 AM
|
Re: Disabling support for persistent cookies
that is great!
By sunwangji on
Tuesday, July 01, 2008 9:44:55 AM
|
Re: Disabling support for persistent cookies
Great, Cathal. Now we need not manually disable the Remember Me checkbox. Hope you'll incorporate the changes in Cambrian to circumvent the browser back button problem (BTW, Mark Gordon has posted another issue related to this at http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/108/threadid/232799/scope/posts/threadpage/5/Default.aspx) as well as making mandatory the ASP.NET client-side validator controls in all core modules as this is a best practice which will also increase performance and reliability as it will avoid unnecessary server round trips and stop the "junk" at the client-end itself.
By iadalang on
Tuesday, July 01, 2008 9:46:13 AM
|
Re: Disabling support for persistent cookies
@iadalang, I am planning on fixing the firefox back button issue as part of cambrian, though I hate having to put workarounds in dotnetnuke code simply because firefox doesn't work correctly. I also note (http://forums.mozillazine.org/viewtopic.php?f=25&t=673135&st=0&sk=t&sd=a) that firefox 3 still ignores the settings, but is broken in a slightly different way. It seems that the firefox developers are ignoring caching bugs as to fix them could impact performance (the back button works as it retrieves from the memory cache) - they'd rather compromise on security, which is not a very good attitude in my opinion.
By cathal on
Tuesday, July 01, 2008 9:58:29 AM
|
Re: Disabling support for persistent cookies
Fabulous! The back button issue was also noticed in Netscape. The fix you recommended worked even with Netscape and therefore I expect the fix to work in most if not all browsers. Hooray!
By iadalang on
Tuesday, July 01, 2008 11:08:36 AM
|
Re: Disabling support for persistent cookies
This is great *but* I think it should be set at the portal level as well as Host level (i.e., some portals within a DNN installation may want to use this). [I'm not sure of the parent/child/admin/host relationships in 5.0, so my suggestion may be moot.]
Thanks.
By jyjohnson on
Wednesday, July 09, 2008 6:27:20 PM
|
Re: Disabling support for persistent cookies
@jyjohnson,
5.0 is pretty tied down, but it's definately something that we'll consider for a future release
By cathal on
Wednesday, July 09, 2008 6:31:28 PM
|
Re: Disabling support for persistent cookies
Wow, i just now found about about this one! Great!
By mitchel.sellers@gmail.com on
Monday, October 13, 2008 4:36:18 PM
|
Re: Disabling support for persistent cookies
Would this setting have an impact on the type of the DotNetNukeAnonymous cookie (session cookie instead of persistent cookie)?
By Emanuel on
Friday, January 02, 2009 11:57:26 PM
|
Re: Disabling support for persistent cookies
@Emanuel, yes and no - a persistant cookie is one with a timeout, so if you use "remember me" a persistent cookie is created, otherwise it's a session cookie
By cathal connolly on
Tuesday, October 28, 2008 8:45:01 PM
|
Re: Disabling support for persistent cookies
Thanks for the feedback.
So just so I'm clear: Setting "remember me" to "no" in version 5.0 will make the "DotNetNukeAnonymous" cookie a session cookie. Is that correct?
By Emanuel on
Monday, December 15, 2008 5:21:33 PM
|
Re: Disabling support for persistent cookies
@ Emanuel, yes.
By cathal connolly on
Monday, December 15, 2008 5:21:55 PM
|
Re: Disabling support for persistent cookies
We are running a site on DNN 5.0, and I was looking to disable the remember me functionality. I went into host settings, but I don't see this option there. Am I missing something? Did this not make it into the 5.0 release? Thanks in advance.
By matrixFEDs on
Wednesday, January 21, 2009 7:41:49 PM
|
Re: Disabling support for persistent cookies
@matrixFEDS, it's there - log in as host and go to host->host settings, it's in the configuration section (which is open by default)
By cathal connolly on
Wednesday, January 21, 2009 7:42:39 PM
|
Re: Disabling support for persistent cookies
@cathal connolly-
Wow, didn't even realize that we are running 04.09.00. I saw 05.00.00 at the top when I was logged in and assumed that was the version we were running. Whoops. Thanks for getting back to me.
By matrixFEDs on
Saturday, February 14, 2009 3:41:18 PM
|
Re: Disabling support for persistent cookies
@matrixFEDS-the lit up 5.0 is actual an indication that there is an upgrade available.
By cathal connolly on
Wednesday, January 21, 2009 9:03:50 PM
|
Re: Disabling support for persistent cookies
But for those of you who do want to have a DNN web site "Remember Me" for a number of days (the opposite of this blog's focus!) see Cathal's earlier blog that really helped me:
www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/1784/a-new-solution-to-an-old-problem.aspx
By Juan de Vashon Isle on
Saturday, December 26, 2009 9:28:01 AM
|
|