Search Results

Search found 1491 results on 60 pages for 'tea with cookies'.

Page 10/60 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17 | Next Page >

Sharing Authentication Across Subdomains using cookies

- by Jordan Reiter

I know that in general cookies themselves are not considered robust enough to store authentication information. What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID. Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database. The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).

Read the article
Can AdSense crawler view pages that require cookies?

- by moomoochoo

Details I require users to agree to terms and conditions before they can view several pages on my site. Once they have agreed a cookie is set and they can proceed to the webpage. If a user somehow manages to end up on the webpage without a cookie they will not be able to access the page's content. My question(s) Is the AdSense crawler able to set the cookie and visit these pages? If yes, how will it know to agree to the TOS? Is there some way to allow it access to the pages even if it couldn't use cookies?

Read the article
Parse the HTTP_COOKIES string from Apache for use in #if clause

- by Ambrose

I want to be able to read the cookies from Apache's HTTP_COOKIE string and then add includes based on the contents of that string. I've got this far:  <p>COOKIES: </p> which gives me a string with all the cookies in it. Now I want to be able to parse the string for something like Name=Bob. I thought I'd be able to do this:  <p>Your name is </p>  But it doesn't seem to work. What should I be doing -- or isn't this possible?

Read the article
ActiveRecordStore InvalidAuthenticityToken

- by Andy

I have recently been using cookie store and I want to transition to active record store. However I keep getting an invalid authenticity token. After deleting my cookies, I was able to access the page just fine, but I don't want all my users to come to my page, get a huge error and then figure out that I want them to delete their cookies. So I made a function called delete cookies: after_filter :delete_cookie def delete_cookie puts "deleting cookies" cookies.to_hash.each_pair do |k, v| puts k cookies.delete(k) end end In application controller, but it doesn't seem to be working correctly. I still see my cookie after visiting any page. I feel like there really should be a better solution but I can't seem to find any so far. Any hints?

Read the article
Running isolated Internet Explorer instances side by side? (separate cookie sets)

- by GJ

I'm using PAMIE (http://pamie.sourceforge.net/) to automate some testing routines on a client's web site via IE8, and would like to be able to run multiple tests under different user credentials. The site which I'm testing is using cookies to remember the user (without a "remember me" option I can deselect). Therefore, when I run a second instance of IE8 the cookies get shared and I can't log in as a different user. Is there any way to get IE8 to use isolated sets of cookies in each window?

Read the article
How can I delete current session in Chrome?

- by Eric

I'm using Google Chrome and want to delete the current session data on the fly. I can do this on Firefox with the web developer extension, but Chrome doesn't seem to have the same option in their webdev extension. So how can I do this? I realize that session data is stored on the server side and tracked in the browser with cookies. So really, I think what I want to do is delete cookies that are set to live for the session lifetime. Is there a way to do THAT in Chrome? "Delete browsing data" lets me delete all cookies from within a certain time period (for example, the last hour), but that could delete OTHER cookies on the site that I don't want to erase. I just want to delete the cookie being used to track my current session. Thanks y'all...

Read the article
How to configure grails and shiro to mark cookies secure?

- by j4y

I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http. This is the attribute I want to set: securityManager.sessionManager.sessionIdCookie.secure = true The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting? // If the legacy 'security.shiro.filter.config' option is set, // use our custom INI-based filter... if (application.config.security.shiro.filter.config) { log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead." 'filter-class'('org.apache.shiro.grails.LegacyShiroFilter') 'init-param' { 'param-name'('securityManagerBeanName') 'param-value'('shiroSecurityManager') }

Read the article
Reason to use more cookies than just a session hash for authentication?

- by dierre

I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

Read the article
Setting existing cookies to use with libcurl

- by Dave18

does current version of libcurl support firefox 3.0 and above cookies file (cookies.sqlite) ? I'm trying to set the file to allow cookies to be used when retrieving the data from web address. int return_val = curl_easy_setopt(hCurl, CURLOPT_COOKIEFILE, \..\cookies.sqlite); return_val is zero but i don't get to see the expected data.

Read the article
Are cookies enough for storing login data? (PHP)

- by jpjp

I am reading the Head First PHP/Mysql book and they say to store both the user's username, email into cookies and sessions. Is it safe to assume that everyone know a day has cookies? Or should I store both in sessions and cookies? I am not storing any sensitive data in cookies such as password, etc.

Read the article
Implicit OAuth2 endpoint vs. cookies

- by Jamie

I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

Read the article
My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

- by Cyril Gupta

I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

Read the article
Why Illegal cookies are send by Browser and received by web servers (rfc 2109, 2965)?

- by Artyom

Hello, According to RFC 2109, 2965 cookie's value can be either HTTP token or quoted string, and token can't include non-ASCII characters. Cookie's RFC 2109 and RFC2965 HTTP's RFC 2068 token definition: http://tools.ietf.org/html/rfc2068#page-16 However I had found that Firefox browser (3.0.6) sends cookies with utf-8 string as-is and three web servers I tested (apache2, lighttpd, nginx) pass this string as-is to the application. For example, raw request from browser: $ nc -l -p 8080 GET /hello HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.9) Gecko/2009050519 Firefox/2.0.0.13 (Debian-3.0.6-1) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: windows-1255,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: wikipp=1234; wikipp_username=?????? Cache-Control: max-age=0 And raw response of apache, nginx and lighttpd HTTP_COOKIE CGI variable: wikipp=1234; wikipp_username=?????? What do I miss? Can somebody explain me?

Read the article
[php] Cookies only changing value every two page refreshes?

- by Gazillion

Hello, I'm trying to implement some pixel tracking where I will save certain values in a cookie to then forward users to another page. If users purchase a product after being forwarded to the online store by us the store adds an image tag in the page with our php script included. With the values set in the cookie we would like to track conversions. I understand this tracking technique has some limitations (like if a user has cookies turned off or if they do not load images but that's the direction my client wanted to go in). The problem I'm having is that the cookie's behaviour is extremely... random. I've been trying to track their values (with a var_dump so I don't have to wait for a page reload to view the cookie's value) but it seems the value for one field only gets refreshed every two page reloads. setcookie("tracking[cn]", $cn, time()+3600*24*7,'/','mydomain.com'); setcookie("tracking[t]", $t, time()+3600*24*7,'/','mydomain.com'); setcookie("tracking[kid]", $kid, time()+3600*24*7,'/','mydomain.com'); redirectTo($redirect_url); the values of cn, t are fine but for some reason kid is always wrong (having taken the value of the previous kid) Any help would be extremely appreciated I've been at this all evening! :)

Read the article
Why Illegal cookies are send by Browser and received by web servers (rfc2109)?

- by Artyom

Hello, According to RFC 2109 cookie's value can be either HTTP token or quoted string, and token can't include non-ASCII characters. Cookie's RFC 2109: http://tools.ietf.org/html/rfc2109#page-3 HTTP's RFC 2068 token definition: http://tools.ietf.org/html/rfc2068#page-16 However I had found that Firefox browser (3.0.6) sends cookies with utf-8 string as-is and three web servers I tested (apache2, lighttpd, nginx) pass this string as-is to the application. For example, raw request from browser: $ nc -l -p 8080 GET /hello HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.9) Gecko/2009050519 Firefox/2.0.0.13 (Debian-3.0.6-1) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: windows-1255,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: wikipp=1234; wikipp_username=?????? Cache-Control: max-age=0 And raw response of apache, nginx and lighttpd HTTP_COOKIE CGI variable: wikipp=1234; wikipp_username=?????? What do I miss? Can somebody explain me?

Read the article
Protecting Cookies: Once and For All

- by Your DisplayName here!

Every once in a while you run into a situation where you need to temporarily store data for a user in a web app. You typically have two options here – either store server-side or put the data into a cookie (if size permits). When you need web farm compatibility in addition – things become a little bit more complicated because the data needs to be available on all nodes. In my case I went for a cookie – but I had some requirements Cookie must be protected from eavesdropping (sent only over SSL) and client script Cookie must be encrypted and signed to be protected from tampering with Cookie might become bigger than 4KB – some sort of overflow mechanism would be nice I really didn’t want to implement another cookie protection mechanism – this feels wrong and btw can go wrong as well. WIF to the rescue. The session management feature already implements the above requirements but is built around de/serializing IClaimsPrincipals into cookies and back. But if you go one level deeper you will find the CookieHandler and CookieTransform classes which contain all the needed functionality. public class ProtectedCookie { private List<CookieTransform> _transforms; private ChunkedCookieHandler _handler = new ChunkedCookieHandler(); // DPAPI protection (single server) public ProtectedCookie() { _transforms = new List<CookieTransform> { new DeflateCookieTransform(), new ProtectedDataCookieTransform() }; } // RSA protection (load balanced) public ProtectedCookie(X509Certificate2 protectionCertificate) { _transforms = new List<CookieTransform> { new DeflateCookieTransform(), new RsaSignatureCookieTransform(protectionCertificate), new RsaEncryptionCookieTransform(protectionCertificate) }; } // custom transform pipeline public ProtectedCookie(List<CookieTransform> transforms) { _transforms = transforms; } public void Write(string name, string value, DateTime expirationTime) { byte[] encodedBytes = EncodeCookieValue(value); _handler.Write(encodedBytes, name, expirationTime); } public void Write(string name, string value, DateTime expirationTime, string domain, string path) { byte[] encodedBytes = EncodeCookieValue(value); _handler.Write(encodedBytes, name, path, domain, expirationTime, true, true, HttpContext.Current); } public string Read(string name) { var bytes = _handler.Read(name); if (bytes == null || bytes.Length == 0) { return null; } return DecodeCookieValue(bytes); } public void Delete(string name) { _handler.Delete(name); } protected virtual byte[] EncodeCookieValue(string value) { var bytes = Encoding.UTF8.GetBytes(value); byte[] buffer = bytes; foreach (var transform in _transforms) { buffer = transform.Encode(buffer); } return buffer; } protected virtual string DecodeCookieValue(byte[] bytes) { var buffer = bytes; for (int i = _transforms.Count; i > 0; i—) { buffer = _transforms[i - 1].Decode(buffer); } return Encoding.UTF8.GetString(buffer); } } HTH

Read the article
Change cookies when doing jQuery.ajax requests in Chrome Extensions

- by haskellguy

I have wrote a plugin for facebook that sends data to testing-fb.local. The request goes through if the user is logged in. Here is the workflow: User logs in from testing-fb.local Cookies are stored When $.ajax() are fired from the Chrome extension Chrome extension listen with chrome.webRequest.onBeforeSendHeaders Chrome extension checks for cookies from chrome.cookies.get Chrome changes the Set-Cookies header to be sent And the request goes through. I wrote this part of code that shoud be this: function getCookies (callback) { chrome.cookies.get({url:"https://testing-fb.local", name: "connect.sid"}, function(a){ return callback(a) }) } chrome.webRequest.onBeforeSendHeaders.addListener( function(details) { getCookies(function(a){ // Here something happens }) }, {urls: ["https://testing-fb.local/*"]}, ['blocking']); Here is my manifest.json: { "name": "test-fb", "version": "1.0", "manifest_version": 1, "description": "testing", "permissions": [ "cookies", "webRequest", "tabs", "http://*/*", "https://*/*" ], "background": { "scripts": ["background.js"] }, "content_scripts": [ { "matches": ["http://*.facebook.com/*", "https://*.facebook.com/*"], "exclude_matches" : [ "*://*.facebook.com/ajax/*", "*://*.channel.facebook.tld/*", "*://*.facebook.tld/pagelet/generic.php/pagelet/home/morestories.php*", "*://*.facebook.tld/ai.php*" ], "js": ["jquery-1.8.3.min.js", "allthefunctions.js"] } ] } In allthefunction.js I have the $.ajax calls, and in background.js is where I put the code above which however looks not to run.. In summary, I have not clear: What I should write in Here something happens If this strategy is going to work Where should I put this code?

Read the article
Weird behavior when debugging ASP.NET Web application: cookie expires (1/1/0001 12:00AM) by itself on next breakpoint hit.

- by evovision

I'm working on ajaxified (Telerik AJAX Manager) ASP.NET application using Visual Studio 2010 (runs with admin privileges) and IIS 7.5. Basically, everything on the page is inside update panels. As for cookies I have custom encrypted "settings" cookie which is added to Response if it's not there on session start. Application runs smoothly, problem was arising when I started the debugging it: Actions: no breakpoints set, F5 - application has started in debug mode, browser window loaded. I login to site, click on controls, all is fine. Next I set *any* breakpoint somewhere in code, break on it then let it continue running, but once I break again (immediately after first break) and check cookie: it has expired date 1/1/0001 12:00AM and no data in value property. I was storing current language there, which was used inside Page's InitializeCulture event and obviously exception was being raised. I spent several hours trying deleting browser cache, temporary ASP.NET files etc, nothing seemed to work. Same application has been tested on exactly same environment on another PC and no problems with debugging there. After all I've found the solution: visual studio generates for every solution additional .suo file where additional settings are stored, like UI state, breakpoints info, etc, so I deleted it and loaded project again, tried debugging - everything is ok now.

Read the article
using Cookie-free Domains for Components

- by JPro

I was looking at the post here which says When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. Although I tend not to use cookies at all, my doubt is I used to think that the server creates the cookies to store the session varialbles etc and sends to the client. But this statement says the reverse of that. I don't quiet understand what is the need for the browser to create and send cookies with the request, to me it doesn't make any sense?. Can anyone please correct me? Thanks/.

Read the article
setting cross-subdomain cookies accessible to a sub-subdomain?

- by ceejayoz

I've set a cookie with domain of .example.com. It is available for every first-level subdomain on my site, as it should be. It is not, however, available on nth level subdomains, i.e. sub.subdomain.example.com doesn't see the cross-subdomain cookie while subdomain.example.com does. Is there any fix for this?

Read the article
How do I check if the browser supports cookies, in javascript?

- by alex

Especially for the iPhone

Read the article
Setting up a "cookieless domain" to improve site performance

- by Django Reinhardt

I was reading in Google's documentation about improving site speed. One of their recommendations is serving static content (images, css, js, etc.) from a "cookieless domain": Static content, such as images, JS and CSS files, don't need to be accompanied by cookies, as there is no user interaction with these resources. You can decrease request latency by serving static resources from a domain that doesn't serve cookies. Google then says that the best way to do this is to buy a new domain and set it to point to your current one: To reserve a cookieless domain for serving static content, register a new domain name and configure your DNS database with a CNAME record that points the new domain to your existing domain A record. Configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain. In your web pages, reference the domain name in the URLs for the static resources. This is pretty straight forward stuff, except for the bit where it says to "configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain". From what I've read, there's no setting in IIS that allows you to say "serve static resources", so how do I prevent ASP.NET from setting cookies on this new domain? At present, even if I'm just requesting a .jpg from the new domain, it sets a cookie on my browser, even though our application's cookies are set to our old domain. For example, ASP.NET sets an ".ASPXANONYMOUS" cookie that (as far as I'm aware) we're not telling it to do. Apologies if this is a real newb question, I'm new at this! Thanks.

Read the article
How can I download a phpbb forum with wget including password protected sections?

- by Rocky84

I want to make a download of a forum I moderate, before it closes for good. There's some useful info on it I want to save for myself and I don't want to export the data to another webserver, I just want the pages. Mind you, I'm a user at the forum, not the admin. Now, I googled this and found it can be easily done with wget: How can I download an entire (active) phpbb forum? I used: wget -k -m -E -p -np -R viewtopic.php*p=*,memberlist.php*,faq.php*,posting.php*,search.php*,ucp.php*,viewonline.php*,*sid*,*view=print*,*start=0* -o log.txt http://www.example.com/forum/ I experimented with this, but I can only achieve downloading the publicly visible sections, not the sections you have to log in for. I tried to achieve this by using a Firefox plugin to make a cookies.txt (while my session is logged into the forum) and add --load-cookies file cookies.txt to the command, but still I only get the publicly visible sections. Any suggestions to make this work?

Read the article
Where can you see the data that's been recorded by a tracking cookie?

- by frenchglen

I've always read that cookies can, and do, store sensitive information such as OTHER websites that you've visited outside the one to which the cookie belongs. I've started to read up about it and can see that it's persistent cookies which typically do this - and well I've started to look through cookie files on my computer - but I can't see any telling info in them! Just a few jumbled lines and not the scary urls of other sites that I'm looking for. How do I view them? Or is the raw data of visited urls only ever stored on the server end of the site that's tracking me? I'm on Win7 and can look at cookies from FF 12, Chrome 18, IE9 and Safari 5.1. Thanks for illuminating this once and for all.

Read the article
Chrome logs me out of everything when I exit--tried cookie-related stuff already

- by GreatBigBore

I've been using Chrome very successfully for a long time. It has always kept me logged in to all my sites even after exiting the app. Recently it started logging me out of everything when I exit Chrome. I've fooled around with all the various advanced cookie settings, and I've cycled through the options hoping that Chrome just needed a wakeup call or a reset or something. I've also deleted all the cookies in case a corrupted one is confusing Chrome. Nothing works! I see cookies when I log in, but they all go away when I exit Chrome. I've searched all over the place and seen only the standard answers relating to resetting cookies, local data, sessions, that sort of thing. Any Chrome gurus out there, please send a telepathic message to my browser asking it to resume its previous excellent behavior. Alternatively, you could suggest other possible solutions.

Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17 | Next Page >