tag:help.tenderapp.com,2008-11-12:/discussions/problems/492-auto-login-cookiesTender: Discussion 2011-04-07T06:08:20Ztag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-10T18:30:24Z2009-04-10T18:30:24ZAuto login cookies<div><p>If the cookies are all there and being set (you can determine
this by inspecting them in the browser), the "error" is basically
that your hmac signed string (tender_hash) doesn't match up. What
language are you coding this in?</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-10T19:00:56Z2009-04-10T19:00:56ZAuto login cookies<div><p>Yeah the cookies are there, using firecookie to check.</p>
<p>It's in C#, however I've used the test data ('monkey', etc) at
the bottom of your article to confirm that the hmac is right...</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-10T19:25:44Z2009-04-10T19:25:44ZAuto login cookies<div><p>http://monoport.com/40349</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T16:32:20Z2009-04-14T16:32:20ZAuto login cookies<div><p>Any new ideas on this one?</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T19:21:06Z2009-04-14T19:21:06ZAuto login cookies<div><p>You're sure you are using the correct secret?</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T19:26:31Z2009-04-14T19:26:31ZAuto login cookies<div><p>We're having Rick (who speaks C#, at least a variant of it) take
a look.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T19:28:03Z2009-04-14T19:28:03ZAuto login cookies<div><p>Can you paste all the cookie values too? That will help us
debug.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T19:30:20Z2009-04-14T19:30:20ZAuto login cookies<div><p>Also, what exact string value are you passing to the HMAC
function?</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T20:12:29Z2009-04-14T20:12:29ZAuto login cookies<div><p>Hey Patrick, I'm installing mono so I can try this out.</p></div>ricktag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:12:12Z2009-04-14T21:12:12ZAuto login cookies<div><p>Thanks guys, this effort is muchly appreciated!</p>
<p>I'm pretty sure I'm using the right secret, but I enabled it way
back when you were in (or just out off) private beta, so perhaps
reseting it might clear things up?!</p>
<p>Cookies...</p>
<p>tender_hash=CE29AB5FCA189F768236F8D1BE28EEBB6B0F532B;
expires=Tue, 28 Apr 2009 21:04:45 GMT; path=/;
domain=.clubhouseapp.com tender_expires=1240956361; expires=Tue, 28
Apr 2009 21:04:45 GMT; path=/; domain=.clubhouseapp.com
tender_email=dan@qmtech.net; expires=Tue, 28 Apr 2009 21:04:45 GMT;
path=/; domain=.clubhouseapp.com</p>
<p>Code to gen hash, set the cookies http://monoport.com/40406</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:15:37Z2009-04-14T21:15:37ZAuto login cookies<div><p>What's epoch.toString look like?</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:16:52Z2009-04-14T21:16:52ZAuto login cookies<div><p>Checked it, it all matches up just like the cookie value...
1240956361</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:17:09Z2009-04-14T21:17:09ZAuto login cookies<div><p>Hmm, your tender hash is all upper cased.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:17:29Z2009-04-14T21:17:29ZAuto login cookies<div><p>Try lower-casing your tender_hash.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:17:56Z2009-04-14T21:17:56ZAuto login cookies<div><p>I wrote a little console app to test it all, not got it now tho,
it's on my laptop at work</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:18:37Z2009-04-14T21:18:37ZAuto login cookies<div><p>We definitely require your tender_hash to be lower cased.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:19:48Z2009-04-14T21:19:48ZAuto login cookies<div><p>Ah!!! I'm gonna pop that it svn and deploy to our production
box, I'll get back to you</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-04-14T21:36:31Z2009-04-14T21:36:31ZAuto login cookies<div><p>Yep, we're working now... thanks guys...</p>
<p>Also I've just seen how you take the first part of the email
address as an initial name. Why not let us set 'tender_fullname'
initially till (or if) tender gets a change in the profile. To be
fair most users are lazy and won't bother setting a password or
updating there name as they don't have too. However someone might
get confused not seeing there name there. We deal with wide range
of user ages from 12-70+ and every little helps to ensure we do
(and don't!!) get support tickets!!</p></div>Patrick McEvoytag:help.tenderapp.com,2008-11-12:Comment/1276762009-05-01T23:27:14Z2009-05-01T23:27:14ZAuto login cookies<div><p>Patrick,</p>
<p>rtfm :) tender_name is how you set that.
https://help.tenderapp.com/faqs/setup-installation/include-custom-information-from-your-site</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/1276762009-05-01T23:30:23Z2009-05-01T23:30:23ZAuto login cookies<div><p>If you want to ensure the users don't set their own name, you
want to add tender_name to the hmac at the end. So you'd sign (in
ruby)</p>
<p><code>generate_hmac([self.class.support_domain, @user.email,
expires, name_field].compact.join("/"))</code></p>
<p>(or in pseudocode)</p>
<p>was: <code>help.mysite.com/user@foo.bar/1244023432</code></p>
<p>becomes: <code>help.mysite.com/user@foo.bar/1244023432/Mr Foo
Bar</code></p>
<p>We actually check for both versions.</p></div>Courtenay