Mercurial > urweb
annotate demo/cookieSec.ur @ 1552:c3b5cf5c2f98
Gentle handling of back-button returns to pages with stale message-passing credentials
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Sun, 28 Aug 2011 17:16:54 -0400 |
parents | 731e6aa6655a |
children |
rev | line source |
---|---|
adamc@779 | 1 cookie username : string |
adamc@779 | 2 |
adamc@779 | 3 table lastVisit : { User : string, When : time } |
adamc@779 | 4 PRIMARY KEY User |
adamc@779 | 5 |
adamc@779 | 6 fun main () = |
adamc@779 | 7 userO <- getCookie username; |
adamc@779 | 8 |
adamc@779 | 9 list <- queryX (SELECT * FROM lastVisit) |
adamc@779 | 10 (fn r => <xml><tr><td>{[r.LastVisit.User]}</td> <td>{[r.LastVisit.When]}</td></tr></xml>); |
adamc@779 | 11 |
adamc@779 | 12 return <xml><body> |
adamc@779 | 13 Cookie: {[userO]}<br/> |
adamc@779 | 14 |
adamc@779 | 15 <table> |
adamc@779 | 16 <tr><th>User</th> <th>Last Visit</th></tr> |
adamc@779 | 17 {list} |
adamc@779 | 18 </table> |
adamc@779 | 19 |
adamc@779 | 20 <h2>Set cookie value</h2> |
adamc@779 | 21 <form><textbox{#User}/> <submit action={set}/></form> |
adamc@779 | 22 |
adamc@779 | 23 <h2>Record your visit</h2> |
adamc@779 | 24 <form><submit action={imHere}/></form> |
adamc@779 | 25 </body></xml> |
adamc@779 | 26 |
adamc@779 | 27 and set r = |
adamc@1051 | 28 setCookie username {Value = r.User, Expires = None, Secure = False}; |
adamc@779 | 29 main () |
adamc@779 | 30 |
adamc@779 | 31 and imHere () = |
adamc@779 | 32 userO <- getCookie username; |
adamc@779 | 33 case userO of |
adamc@779 | 34 None => return <xml>You don't have a cookie set!</xml> |
adamc@779 | 35 | Some user => |
adamc@779 | 36 dml (DELETE FROM lastVisit WHERE User = {[user]}); |
adamc@779 | 37 dml (INSERT INTO lastVisit (User, When) VALUES ({[user]}, CURRENT_TIMESTAMP)); |
adamc@779 | 38 main () |
adamc@779 | 39 |