The example code provided in this section is presented in ASP (and JSP is provided with APS as well). However, FPS does not require the use of any specific web language. Some pages can actually be presented entirely in static HTML, others will require some sort of server-side scripting so that fields can be initialized.
Most fields can and should be edited on the client side using JavaScript. However, some browsers allow JavaScript to be disabled and others do not support JavaScript at all, so the process should not depend entirely on it. Additionally, a savvy user can save the source, edit the JavaScript, then post from the modified page. FPS will perform its own edits to ensure that the data is valid.
When building the pages for the FPS process, always consider the BACK button on the browser. If a user uses FPS to recover her password, what happens when that user leaves her terminal and another user goes over and presses the BACK button?
For this reason, all but the static pages should be set to expire and not be cached. In addition, many pages should also do whatever they can to prevent the redisplay of the page. This can be done using the following code. Note that this depends on JavaScript and is subject to the caveat above.
<input type="hidden" name="control" value="0">
<script language="JavaScript 1.1">
<!---
If document.forms[0].control.value == "0")
document.forms[0].control.value = "1";
else
window.location.replace("SomeplaceElse.html");
-->
</script>
The replace method causes the current page to be replaced in the browser history with the specified page.
FPS pages must exist on the same server as the FORGOT CGI program, since the requisite cookies will not be transmitted from FORGOT to the pages if they are not.
All FPS forms can and should be referenced using SSL (https). To do so, configure all of the URLs in the APS configuration file with the https: prefix (assuming that your Web Server is capable of handling SSL requests).
To start the Forgotten Password process, your site needs to direct the user to the Forgot CGI stub (supplied with FPS). The user will then be redirected into the FPS process.
Typically, this link exists in one of two places. It can exist on the site's public (unprotected) home page ("Forgot your user id or password?") or directly on the login form. In either case, the query string passed to Forgot should include the URL that the user should be returned to upon completion as a Target macro. For example:
<a href="/FPS/Forgot?Target=HomePage.html"> Forgot your user id or password? </a>
If placed on the login form, the target should be the URL that the user originally desired. From within an FCC, the following could be used:
<a href="/FPS/Forgot?Target=$$target$$"> Forgot your user id or password? </a>
|
Copyright © 2014 CA.
All rights reserved.
|
|