Search DominoPower's 10,675 Lotus-related article archive 
Home
EasyPrint
News details Click here for the RSS feed's XML code. This is not a browser URL.
Articles-only Click here for the RSS feed's XML code. This is not a browser URL.
Twitter Feed Click here for the Twitter feed.
WEB SITE MANAGEMENT
Keeping user credentials in a frameset
By Chris Stoner a.k.a. GreenJellybean

It's often very helpful to know what's going on "under the covers." The way each Web browser handles the pages our sites serve up is important to understand, because the user experience is really based upon what they actually see, not what we intended for them to see. For example, I frequently encounter questions from people having difficulty with user credentials. Therefore, I thought I'd address the issue once and for all in this article.

We have a situation here
I came across a scenario recently where I allowed anonymous users to browse my Web site and only have to login if they really wanted to do something interactive. However, once logged in, many users were still not seeing any changes to the site. I had special buttons that should've been displayed, but they weren't.

After some testing, I found that the users' Web browsers would cache pages with anonymous access and often not pass the user credentials to the server. This meant that even after successfully logging into the site, they would still see only what anonymous users see, instead of what would normally be displayed for authenticated users.

A little testing goes a long way
Here's how the whole thing went down. It came about that a few users would log into the site and expect to see the action buttons that only authenticated users should see. My first thought was that the browser was caching the page, so I put a META Tag (<META HTTP-EQUIV="expires" CONTENT="0">) in the Header. My hope was the tag would force the browser to go back to the server each time this page was accessed. While that little tag is often a lifesaver, it didn't work in this case.

My frameset consisted of two frames, with a thin left frame containing some View links and some basic actions (Login, Email, Webmaster, etc.). The right frame was where the Views and Documents would load. It was very simple and straightforward, so why wasn't it working?

The first thing to figure out was whether or not the user had really logged in. I put a ComputedForDisplay field in the left frame that would show the current username. Then I copied that field and pasted it into the $$ViewTemplateDefault. I was amazed to see that it came up "anonymous" in the right frame, but with my login name, "Chris Stoner," in the left frame!

Caching those credentials
Perplexed by this behavior, I tried, after much trial and error, launching the View in a separate window and appending "&login" to the URL. Voila! The new field correctly calculated "Chris Stoner." It seemed that I needed to authenticate in each frame in order to override the cached anonymous credentials that the frame was, by default, serving up.


1  ·  2  ·  Next »
Other articles you might like
Home > Internet Technologies > Logging and analysis (8 articles)
   Boost your server performance with HTTrack
   Using probes to monitor your Domino servers
   How to use cookies with Notes and the Web
Home > Internet Technologies > HTML and CSS (15 articles)
   Using a reusable code approach to HTML select option lists
   One reader's opinion on HTML mailing
   Keep lookin' good with Cascading Style Sheets
Get Weekly Email Updates
Subscribe to our regular weekly email newsletter. It's packed with tips, reviews, deep analysis, and the latest news.
 
Recent DominoPower Articles
What to look for in a Domino-based document management solution
Understanding Domino.doc end-of-life options
When the debugger won't debug hidden code that isn't hidden
What to do if the LotusScript debugger won't single-step over code
Top 10 ways to launch and build a Lotus consulting practice (with a little help from the Beatles)
Troubleshooting an OpenSuse Notes install
Incident report: denial of service attack against ConnectedPhotographer.com
Latest Lotus Headlines
SnTT - Enabling ALL the bells and whistles!
Tivoli Data protection causes Domino to crash
Fun when running DB2 CLP scripts
Introducing Flippr, the easy way to admin Quickr
DXL and fake security
Using search forms in IBM Workplace Collaborative Learning 2.7
Schmidt, Freed, and Gering on the OVF Toolkit
>> Read all the news
More from the ZATZ journals
Computing Unplugged: Eight steps to successful and reliable home backups
David Gewirtz Online: CNN commentary and analysis
OutlookPower: Can Outlook run when it's not running (and other mysteries)?
-- Advertisement --

PistolStar: Lotus Notes Authentication That Breaks the Status Quo
Password Power's complete integration with the Microsoft Active Directory password enables Notes client access, ends time-consuming Notes ID password recovery and addresses known issues with Notes 8.5:
  • Passwords are encrypted in volatile memory - not stored on user's hard drive
  • Notes roaming capabilities are fully functional - not limited
  • Password checking is honored - no decreased security or failed compliance
  • All Notes ID file copies are synched automatically with Active Directory password - no remembering old passwords or restoring ID files


Learn more about Password Power's powerful, advanced functionality.
-- Advertisement --

Easy Domino Access: Remove Passwords, End Login Prompts, Reduce Password Management
PistolStar's Password Power provides browser-based single sign-on to Lotus Domino, Sametime and Quickr with the enhanced security of the Kerberos or NTLM authentication protocol.

  • Full support available for NTLM authentication protocol in non-Active Directory environments
  • Seamlessly integrate Microsoft Active Directory and the Kerberos authentication protocol
  • Leverage Active Directory password policies to unify Lotus applications


Learn more about Password Power's powerful, advanced functionality.
ZATZ Home  ·  News  ·  Back Issues  ·  Credits/Trademarks ·  Link To Us
Copyright © 1998-2009, ZATZ Publishing. All rights reserved worldwide.
Editor's Login