Unusual password request

**Chuck Anderson** · Jun 2 '08, 10:36 AM

Re: Unusual password request

sheldonlg wrote:

I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
>

I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
>

You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.

What do you folks think about this request?
>

Seems rude to me.

--
*************** **************
Chuck Anderson • Boulder, CO

Chuck Anderson's Cycle Tourist Home Page

http://www.CycleTourist.com

Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****

**sheldonlg** · Jun 2 '08, 10:36 AM

Re: Unusual password request

Chuck Anderson wrote:

sheldonlg wrote:

>I got an unusual request. One customer wants a password/access made
>available to a user that is valid for only, say, ten minutes. I know
>that I can enforce this by having a revalidation of the password every
>time the user changes a page. This, though, seems like a a lot of
>overhead in having to make a db call every time a page is changed.
>>

>

>I also thought about setting a timer for ten minutes, and on firing of
>that timer unset a session variable that I would have set when the
>user is given this temporary access. Doing this, I would only have to
>check at the top of every page that the session variable is set- no
>big deal.
>>

>
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don't see
the problem.

Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)

>

>What do you folks think about this request?
>>

>
Seems rude to me.

Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.

**Chuck Anderson** · Jun 2 '08, 10:36 AM

Re: Unusual password request

sheldonlg wrote:

Chuck Anderson wrote:
>

>sheldonlg wrote:
>>

>>I got an unusual request. One customer wants a password/access made
>>available to a user that is valid for only, say, ten minutes. I know
>>that I can enforce this by having a revalidation of the password every
>>time the user changes a page. This, though, seems like a a lot of
>>overhead in having to make a db call every time a page is changed.
>>>
>>>
>>I also thought about setting a timer for ten minutes, and on firing of
>>that timer unset a session variable that I would have set when the
>>user is given this temporary access. Doing this, I would only have to
>>check at the top of every page that the session variable is set- no
>>big deal.
>>>
>>>

>You need to validate that the user is logged in (session) on every page
>requiring password access anyway, right? So store the login time in a
>session variable and if it has timed out, ... log them out. I don't see
>the problem.
>>

>
Man, it is really trivial after all. Thanks. (Now why didn't I think
of such an obvious solution?)
>
>
>

>>What do you folks think about this request?
>>>
>>>

>Seems rude to me.
>>

>
Huh? I hope you don't mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
>

You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"

So ..... what do you think?

Logging someone out after ten minutes seems rude. If I got a phone call
...... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.

--
*************** **************
Chuck Anderson • Boulder, CO

Chuck Anderson's Cycle Tourist Home Page

http://www.CycleTourist.com

Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****

**Jerry Stuckle** · Jun 2 '08, 10:36 AM

Re: Unusual password request

Chuck Anderson wrote:

sheldonlg wrote:

>Chuck Anderson wrote:
>>

>>sheldonlg wrote:
>>>
>>>I got an unusual request. One customer wants a password/access made
>>>available to a user that is valid for only, say, ten minutes. I
>>>know that I can enforce this by having a revalidation of the
>>>password every time the user changes a page. This, though, seems
>>>like a a lot of overhead in having to make a db call every time a
>>>page is changed.
>>> I also thought about setting a timer for ten minutes, and on
>>>firing of that timer unset a session variable that I would have set
>>>when the user is given this temporary access. Doing this, I would
>>>only have to check at the top of every page that the session
>>>variable is set- no big deal.
>>>>
>>You need to validate that the user is logged in (session) on every
>>page requiring password access anyway, right? So store the login time
>>in a session variable and if it has timed out, ... log them out. I
>>don't see the problem.
>>>

>>
>Man, it is really trivial after all. Thanks. (Now why didn't I think
>of such an obvious solution?)
>>
>>
>>

>>>What do you folks think about this request?
>>>>
>>Seems rude to me.
>>>

>>
>Huh? I hope you don't mean me. If you mean the client, what he wants
>to do is give a "taste" of the site before the user has to subscribe.
>>

>
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
>
Logging someone out after ten minutes seems rude. If I got a phone call
..... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don't think I'd be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
>

I agree. Better to give them access to a subset of what's available,
with information on what they're missing.

Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.

But more likely I'll never come back.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**AnrDaemon** · Jun 27 '08, 04:15 PM

Re: Unusual password request

Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,

>>>>I got an unusual request. One customer wants a password/access made
>>>>available to a user that is valid for only, say, ten minutes. I
>>>>know that I can enforce this by having a revalidation of the
>>>>password every time the user changes a page. This, though, seems
>>>>like a a lot of overhead in having to make a db call every time a
>>>>page is changed.
>>>> I also thought about setting a timer for ten minutes, and on
>>>>firing of that timer unset a session variable that I would have set
>>>>when the user is given this temporary access. Doing this, I would
>>>>only have to check at the top of every page that the session
>>>>variable is set- no big deal.
>>>>>
>>>You need to validate that the user is logged in (session) on every
>>>page requiring password access anyway, right? So store the login time
>>>in a session variable and if it has timed out, ... log them out. I
>>>don't see the problem.
>>>>
>>>
>>Man, it is really trivial after all. Thanks. (Now why didn't I think
>>of such an obvious solution?)
>>>
>>>
>>>
>>>>What do you folks think about this request?
>>>>>
>>>Seems rude to me.
>>>>
>>>
>>Huh? I hope you don't mean me. If you mean the client, what he wants
>>to do is give a "taste" of the site before the user has to subscribe.
>>>

>>
>You said "I got an unusual request. ........ " And later asked ...
>"What do you folks think about this request?"
>So ..... what do you think?
>>
>Logging someone out after ten minutes seems rude. If I got a phone call
>..... had to break away for some reason ..... was simply confused for 8
>minutes ..... and then that was it; I don't think I'd be coming back.
>Restricting usage somehow rather than time at the site seems a better idea.
>>

I agree. Better to give them access to a subset of what's available,
with information on what they're missing.

Plus, there are ways around it - for instance, when my session expires,
just create another user (so maybe I have to clear cookies in my
browser). And if it requires verification, I can create 5,000 gmail
accounts and be there for months.

But more likely I'll never come back.

Rather intheresting discussion I've found :)
Take a look at this demo :)

10 Stück Tulpen-Kunstblumen, fühlt sich echt an, künstlicher Blumenstrauß, PE-Kunstblumen für Hochzeitsdekoration, Blumen, Hausgarten-Dekoration - AliExpress 15

http://www.l2wh.com/updrop/demo.php

Smarter Shopping, Better Living! Aliexpress.com

--
Sincerely Yours, AnrDaemon <anrdaemon@free mail.ru>

**Jerry Stuckle** · Jun 27 '08, 04:15 PM

Re: Unusual password request

AnrDaemon wrote:

Greetings, Jerry Stuckle.
In reply to Your message dated Saturday, May 10, 2008, 14:53:15,
>

>>>>>I got an unusual request. One customer wants a password/access made
>>>>>availabl e to a user that is valid for only, say, ten minutes. I
>>>>>know that I can enforce this by having a revalidation of the
>>>>>password every time the user changes a page. This, though, seems
>>>>>like a a lot of overhead in having to make a db call every time a
>>>>>page is changed.
>>>>> I also thought about setting a timer for ten minutes, and on
>>>>>firing of that timer unset a session variable that I would have set
>>>>>when the user is given this temporary access. Doing this, I would
>>>>>only have to check at the top of every page that the session
>>>>>variable is set- no big deal.
>>>>>>
>>>>You need to validate that the user is logged in (session) on every
>>>>page requiring password access anyway, right? So store the login time
>>>>in a session variable and if it has timed out, ... log them out. I
>>>>don't see the problem.
>>>>>
>>>Man, it is really trivial after all. Thanks. (Now why didn't I think
>>>of such an obvious solution?)
>>>>
>>>>
>>>>
>>>>>What do you folks think about this request?
>>>>>>
>>>>Seems rude to me.
>>>>>
>>>Huh? I hope you don't mean me. If you mean the client, what he wants
>>>to do is give a "taste" of the site before the user has to subscribe.
>>>>
>>You said "I got an unusual request. ........ " And later asked ...
>>"What do you folks think about this request?"
>>So ..... what do you think?
>>>
>>Logging someone out after ten minutes seems rude. If I got a phone call
>>..... had to break away for some reason ..... was simply confused for 8
>>minutes ..... and then that was it; I don't think I'd be coming back.
>>Restricting usage somehow rather than time at the site seems a better idea.
>>>

>

>I agree. Better to give them access to a subset of what's available,
>with information on what they're missing.

>

>Plus, there are ways around it - for instance, when my session expires,
>just create another user (so maybe I have to clear cookies in my
>browser). And if it requires verification, I can create 5,000 gmail
>accounts and be there for months.

>

>But more likely I'll never come back.

>
Rather intheresting discussion I've found :)
Take a look at this demo :)

10 Stück Tulpen-Kunstblumen, fühlt sich echt an, künstlicher Blumenstrauß, PE-Kunstblumen für Hochzeitsdekoration, Blumen, Hausgarten-Dekoration - AliExpress 15

http://www.l2wh.com/updrop/demo.php

Smarter Shopping, Better Living! Aliexpress.com

>
>

Another bunch of garbage from Anr... He's good at that.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**AnrDaemon** · Jun 27 '08, 04:15 PM

Re: Unusual password request

Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,

Another bunch of garbage from Anr... He's good at that.

You aren't pleased with example i have provided?
Why you behave like a troll?

--
Sincerely Yours, AnrDaemon <anrdaemon@free mail.ru>

**Jerry Stuckle** · Jun 27 '08, 04:15 PM

Re: Unusual password request

AnrDaemon wrote:

Greetings, Jerry Stuckle.
In reply to Your message dated Thursday, June 12, 2008, 08:37:07,
>

>Another bunch of garbage from Anr... He's good at that.

>
You aren't pleased with example i have provided?
Why you behave like a troll?
>
>

Not trolling. Just calling your garbage what it is.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**AnrDaemon** · Jun 27 '08, 04:15 PM

Re: Unusual password request

Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,

>>Another bunch of garbage from Anr... He's good at that.

>>
>You aren't pleased with example i have provided?
>Why you behave like a troll?
>>
>>

Not trolling. Just calling your garbage what it is.

Prove or shut up your mouth.

--
Sincerely Yours, AnrDaemon <anrdaemon@free mail.ru>

**Jerry Stuckle** · Jun 27 '08, 04:15 PM

Re: Unusual password request

AnrDaemon wrote:

Greetings, Jerry Stuckle.
In reply to Your message dated Monday, June 16, 2008, 00:23:21,
>

>>>Another bunch of garbage from Anr... He's good at that.
>>You aren't pleased with example i have provided?
>>Why you behave like a troll?
>>>
>>>

>

>Not trolling. Just calling your garbage what it is.

>
Prove or shut up your mouth.
>
>

Your words are enough to prove it.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Unusual password request

Unusual password request

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment