NetTalk Central

Author Topic: Erasing session values  (Read 3695 times)

Matthew51

  • Full Member
  • ***
  • Posts: 152
    • View Profile
    • Email
Erasing session values
« on: November 17, 2016, 04:11:50 PM »
For security reasons I need to completely erase a session value, rather the just freeing the memory.  From looking at the code simply doing p_web.DeleteSessionValue('myData') will not do this.  However p_web.ssv('myData', '') will over write the data, and then I can delete the value to free the memory.  Is this correct, or do I need to do something different?

Thanks

Matthew
Contractor with 10+ years of NetTalk experience looking for work.
www.linkedin.com/in/matthew-leavitt
BisWare.ca
Check out my free EasyTime Template

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Erasing session values
« Reply #1 on: November 22, 2016, 06:27:23 AM »
Hi Matthew,

>> For security reasons I need to completely erase a session value, rather the just freeing the memory.

I'm not sure I 100% understand the difference. But, a session value is just a value in a queue.

But I think what you are suggesting is that instead of just
DELETE(Q)
you would prefer something like
CLEAR(Q.Field)
PUT(Q)
DELETE(Q)


>> However p_web.ssv('myData', '') will over write the data, and then I can delete the value to free the memory.

I guess that that would have a similar effect. You could add code to the WebHandler, DeleteSessionValue method, before the parent call.

That would _not_ however be called if a _DeleteSession occurred. So you may want to add code to that as well, before the parent call. This is in the WebServer app.

See netweb.clw for the code that currently happens when sessions, and session values, are deleted.

cheers
Bruce