Add a cookie mechanism

The cookie mechanism allows the browser to permanently keep the password, eliminating the need to log in when you revisit the application.

How does the cookie mechanism work?

The cookie is set via the HTTP header “Set-Cookie” and requires a name-value pair that can be sent to the browser by a request on the form.
CALL req.setResponseHeader ("Set-Cookie", myCookie)
These must also be set: The cookie is created when a connection is accepted. The username and password must be correct for a new cookie to be created.

Cookie expiration date issue (and solution)

The date of expiration is usually defined by the cookie attribute “max-age”. It represents a value in seconds relative to the current date and time. For instance, max-age=3600 means that the cookie will expire in 1 hour.

The problem: the max-age attribute is not supported by Internet Explorer. The service could use the attribute “expires”, however it requires an absolute GMT hour and Genero currently doesn't handle this format.

The solution:: The expiration date is directly included (and encrypted) inside the cookie value.

The cookie structure

For ease of understanding of this example, the cookie has a simple structure:

'name=value;Path=path_value'

How the cookie is handled in the 4GL service

The cookie needs to be checked initially by the 4GL service (step 2 of the workflow) in order to know if the application can be executed directly or if the end user needs to login again.

There are three options.

Expiration date of the cookie

When the cookie is created, it is handled like this: It can be easily changed by the constants C_EXPIRATION_COOKIE_CHECKED (value in years) and C_EXPIRATION_COOKIE_UNCHECKED (value in seconds) of the SSOUserFunctions module.