Search Results

Search found 22880 results on 916 pages for 'session cookie domain'.

Page 100/916 | < Previous Page | 96 97 98 99 100 101 102 103 104 105 106 107  | Next Page >

  • NHibernate, transactions and TransactionScope

    - by Erik
    I'm trying to find the best solution to handle transaction in a web application that uses NHibernate. We use a IHttpModule and at HttpApplication.BeginRequest we open a new session and we bind it to the HttpContext with ManagedWebSessionContext.Bind(context, session); We close and unbind the session on HttpApplication.EndRequest. In our Repository base class, we always wrapped a transaction around our SaveOrUpdate, Delete, Get methods like, according to best practice: public virtual void Save(T entity) { var session = DependencyManager.Resolve<ISession>(); using (var transaction = session.BeginTransaction()) { session.SaveOrUpdate(entity); transaction.Commit(); } } But then this doesn't work, if you need to put a transaction somewhere in e.g. a Application service to include several repository calls to Save, Delete, etc.. So what we tried is to use TransactionScope (I didn't want to write my own transactionmanager). To test that this worked, I use an outer TransactionScope that doesn't call .Complete() to force a rollback: Repository Save(): public virtual void Save(T entity) { using (TransactionScope scope = new TransactionScope()) { var session = Depe.ndencyManager.Resolve<ISession>(); session.SaveOrUpdate(entity); scope.Complete(); } } The block that uses the repository: TestEntity testEntity = new TestEntity { Text = "Test1" }; ITestRepository testRepository = DependencyManager.Resolve<ITestRepository>(); testRepository.Save(testEntity); using (var scope = new TransactionScope()) { TestEntity entityToChange = testRepository.GetById(testEntity.Id); entityToChange.Text = "TestChanged"; testRepository.Save(entityToChange); } TestEntity entityChanged = testRepository.GetById(testEntity.Id); Assert.That(entityChanged.Text, Is.EqualTo("Test1")); This doesn't work. But to me if NHibernate supports TransactionScope it would! What happens is that there is no ROLLBACK at all in the database but when the testRepository.GetById(testEntity.Id); statement is executed a UPDATE with SET Text = "TestCahgned" is fired instead (It should have been fired between BEGIN TRAN and ROLLBACK TRAN). NHibernate reads the value from the level1 cache and fires a UPDATE to the database. Not expected behaviour!? From what I understand whenever a rollback is done in the scope of NHibernate you also need to close and unbind the current session. My question is: Does anyone know of a good way to do this using TransactionScope and ManagedWebSessionContext?

    Read the article

  • Verify my form workflow

    - by Shackrock
    I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

    Read the article

  • Session management with OpenID, in ASP.NET

    - by Andreas Grech
    I am currently playing with DotNetOpenAuth to make an ASP.NET (C#) website use OpenID instead of the normal login-password routine for user and session handling. Up till now, I have added the DotNetOpenAuth.dll into my project and tried a test login page with the following: <rp:OpenIdLogin ID="OpenIdLogin1" runat="server" /> When I run the page, I enter a valid myopenid url and the website redirects to the myopenid page, where I enter my password, and upon success, it returns back to my default.aspx, due to the following in my web.config: <authentication mode="Forms"> <forms defaultUrl="/Default.aspx" loginUrl="~/Login.aspx"/> </authentication> Now that the user is "logged in", how can handle my session? At the moment, I don't know how I can, for example, check if the session is still alive or how to terminate the session. My basic question is, how can I manage the session once the user is authenticated with OpenID ?

    Read the article

  • Lazy loading in Hibernate

    - by Steve
    My Java Web application uses Hibernate to perform ORM. In some of my objects, I use lazy loading to avoid getting data until I absolutely need it. The problem is that I load the initial object in a session, and then that session is destroyed. When I later attempt to resolve the lazy-loaded collections in my object I get the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: common.model.impl.User.groups, no session or session was closed I tried associating a new session with the collection and then resolving, but this gives the same results. Does anyone know how I can resolve the lazy collections once the original session is gone? Thanks... --Steve

    Read the article

  • CrossDomain error

    - by Jayesh
    Hi, I have hosted my Silverlight application in IIS, now when I try to access the application I get the following error System.ServiceModel.CommunicationException: an error occured while trying to make request to URI This could be due to attempting to access a service in a cross-domain way without proper cross-domain policy in place, or policy that is unsuitable for SOAP services..... I have placed the cross-domain policy properly in wwwroot as well as in the virtual directory. <?xml version="1.0"?> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy> Please help! Thanks

    Read the article

  • Wrong sessionID being used in callback, but only on one particular computer

    - by user210119
    I am writing a Python/Django web application that uses OAuth (for the TwitterAPI, not that it should matter). I am storing a session ID in my login function, and then after using OAuth to get the user's token, I try to retrieve the sessionID in my callback function. The callback function then always fails(throws an exception) because it can't find the OAuth token in the session. Through the debugger, I am able to determine that the session ID that the server is using is incorrect - it does not match the session ID that was stored in the login function. It's therefore unsurprising that the Oauth tokens were not there. The session that appears in the callback was the same one each time (until I tried deleting it - see "things I've tried below"), and it started out as an old session, with some data in it that is from a different django app running on the same server that I hadn't touched in a couple weeks. Here's the kicker: everything I described is an issue only on our production server, and only when connecting to it from my computer. Let me clarify: this only happens with my particular laptop. I can connect to the app just fine from someone else's computer. Other people cannot connect with their accounts on my computer. Furthmore, I can connect just fine to the app when it is running on my localhost using the built-in django webserver, just not to the production server. My setup: my server and local box are running= Django 1.2.0 and Python 2.6.5. My local box is running Snow Leopard and the Django webserver, the server is running Ubuntu, Apache2, and mod-wsgi. For sessions, I am using Django's default session backend (DB). Things I have tried, all to no avail: logging in with a different account, including new accounts that have never OAuthed to this app before Clearing cookies, using incognito mode, using a different web browser on my same computer. Each time, upon inspecting my cookies, the sessionID matched the sessionID in the login function and was different from the sessionID in the callback. deleting the session in the database that appears in the callback function, (the one that appeared to be old data). The callback function still fails, and the sessionID it appears to be using is now a new one using a different session backend (DB-cache, flat file, etc...) restarting the server, my computer, etc. My first question on StackOverflow, so bear with me if I didn't quite follow local conventions. I am just at a loss as to what to even look for - what are the things that could possibly be causing sessions to not work on my particular computer, and (so far!) only my particular computer?

    Read the article

  • Using a JMS Session from different threads

    - by Evan
    From the javadoc for Session it states: A Session object is a single-threaded context for producing and consuming messages. So I understand that you shouldn't use a Session object from two different threads at the same time. What I'm unclear on is if you could use the Session object (or children such as a Queue) from a different thread than the one it created. In the case I'm working on, I'm considering putting my Session objects into a pool of available sessions that any thread could borrow from, use, and return to the pool when it is finished with it. Is this kosher? (Using ActiveMQ BTW, if that impacts the answer at all.)

    Read the article

  • tomcat 6 - Cluster / BackupManager

    - by Kevin
    Hi, I have a question regarding Clustering (session replication/failover) in tomcat 6 using BackupManager. Reason I chose BackupManager, is because it replicates the session to only one other server. I am going to run through the example below to try and explain my question. I have 6 nodes setup in a tomcat 6 cluster with BackupManager. The front end is one Apache server using mod_jk with sticky session enabled Each node has 1 session each. node1 has a session from client1 node2 has a session from client2 .. .. Now lets say node1 goes down ; assuming node2 is the backup, node2 now has two sessions (for client2 and client1) The next time client1 makes a request, what exactly happens ? Does Apache "know" that node1 is down and does it send the request directly to node2 ? =OR= does it try each of the 6 instances and find out the hard way who the backup is ?

    Read the article

  • Django: accessing session variables from within a template?

    - by AP257
    Hi all If I set a session variable in Django, like: request.session["name"] = "name" Is there a way I can access it from within a template, or do I have to retrieve it from within a view, and then pass it to a template? Asking because I have around 10 little session variables that I'd like to access within a template, and passing all 10 from the view to the template could get a bit messy. (I have to use session variables because it's a HttpResponseRedirect, but storing the variables in a database is overkill for my purposes.) So - any way to grab session variables directly within a template?

    Read the article

  • Issue using Session in MVC Actions with [authorice]

    - by Pablo Gonzalez
    Hi all, first of all sorry for my poor English! When I use the [Authorice` attribute i can't get Session data that i stored before. For example: public ViewResult Index() { // do some stuffs Session["Test"] = "Hi stackoverflow!"; } And then i try to get it in another action, but with the [Authorize] attibute [Authorize] public ViewResult Test() { // do some stuffs if(Session["Test"] == null) { //do some stuffs } } Session["Test"] is always null, but if i remove the attribute it's work, may anyone help me?, thanks a lot!!! P.S: I instance Session["Test"] in Session_Start

    Read the article

  • ASP.NET Webforms site using HTTPCookie with 100 year timeout times out after 20 minutes

    - by Rob
    I have a site that is using Forms Auth. The client does not want the site session to expire at all for users. In the login page codebehind, the following code is used: // user passed validation FormsAuthentication.Initialize(); // grab the user's roles out of the database String strRole = AssignRoles(UserName.Text); // creates forms auth ticket with expiration date of 100 years from now and make it persistent FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, UserName.Text, DateTime.Now, DateTime.Now.AddYears(100), true, strRole, FormsAuthentication.FormsCookiePath); // create a cookie and throw the ticket in there, set expiration date to 100 years from now HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat)) { Expires = DateTime.Now.AddYears(100) }; // add the cookie to the response queue Response.Cookies.Add(cookie); Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false)); The web.config file auth section looks like this: <authentication mode="Forms"> <forms name="APLOnlineCompliance" loginUrl="~/Login.aspx" defaultUrl="~/Course/CourseViewer.aspx" /> </authentication> When I log into the site I do see the cookie correctly being sent to the browser and passed back up: However, when I walk away for 20 minutes or so, come back and try to do anything on the site, the login window reappears. This solution was working for a while on our servers - now it's back. The problem doesn't occur on my local dev box running Cassini in VS2008. Any ideas on how to fix this?

    Read the article

  • Approach for authentication and storing user details.

    - by cappuccino
    Hey folks, I am using the Zend Framework but my question is broadly about sessions / databases / auth (PHP MySQL). Currently this is my approach to authentication: 1) User signs in, the details are checked in database. - Standard stuff really. 2) If the details are correct only the user's unique ID is stored in the session and a security token (user unique ID + IP + Browser info + salt). The session in written to the filesystem. I've been reading around and many are saying that storing stuff in sessions is not a good idea, and that you should really only write a unique ID which refers back to the user's details and a security token to prevent session hijacking. So this is the approach i've taken, i use to write the user's details in session, but i've moved that out. Wanted to know your opinions on this. I'm keeping sessions in the filesystem since i don't run on multiple servers, and since i'm only writting a tiny tiny bit of data to sessions, i thought that performance would be greater keeping sessions in the filesystem to reduce load on the database. Once the session is written on authentication, it really is only read-only from then on. 3) The rest of the user's details (like subscription details, permissions, account info etc) are cached in the filesystem (this can always be easily moved to memory if i wanted even more performance). So rather than keeping the user's details in session, the user's details are cached in the file system. I'm using Zend_Cache and the unique cache id is something like md5(/cache/auth/2892), the number is the unique id of the user. I guess the benefit of this method is that once the user is logged in, there is essentially not database queries being run to get the user's details. Just wonder if this approach is better than keeping the whole lot in session... 4) As the user moves throughout the site the only thing that is checked is the ID in the session and the security token. So, overall the first question is 1) is the filesystem more efficient than a database for this purpose 2) have i taken enough security precautions 3) is separating user detail's from the session into a cached file a pointless task? Thanks.

    Read the article

  • Hibernate configuration - session factory scanning?

    - by Marcus
    We have this hibernate.cfg.xml file. Is there a way to tell Hibernate to just scan a directory instead of having to add an entry here for each class? <hibernate-configuration> <session-factory> <mapping class="com.abc.domain.model.A" /> <mapping class="com.abc.domain.model.B" /> <mapping class="com.abc.domain.model.C" /> <mapping class="com.abc.domain.model.D" /> <mapping class="com.abc.domain.model.E" /> </session-factory> </hibernate-configuration>

    Read the article

  • Updating a session variable on a page that uses enablesessionstate=readonly attribute doesn't fail f

    - by chandmk
    Asp.Net allows you you set the session state to readonly at individual page level or in the web.config for all pages. But it doesn't prevent you from creating a brand new session variable on that page or modify an existing session variable. But when you try to use that session variable it is either not available or its value is not modified. Why wouldn't the asp.net framework throw a run time error, if not compile time error, when a write attempt is made to a session on the pages where that is not allowed?

    Read the article

  • How are a session identifiers generated?

    - by Asaf R
    Most web applications depend on some kind of session with the user (for instance, to retain login status). The session id is kept as a cookie in the user's browser and sent with every request. To make it hard to guess the next user's session these session-ids need to be sparse and somewhat random. The also have to be unique. The question is - how to efficiently generate session ids that are sparse and unique? This question has a good answer for unique random numbers, but it seems not scalable for a large range of numbers, simply because the array will end up taking a lot of memory.

    Read the article

  • What are some ways to identify a logged in user on the web?

    - by farinspace
    Here is the scenario: There are 5 websites (different domain names) that need to share a session. I am using a bit of code on each site which returns a "blank.gif" image and at the same time sets the session (syncing it up to the current session). Each of the sites calls a session-img from each of the other sites. Also, all sites have access to the same database (where the session is stored). This works great on FF and Chrome, but not on IE (or Safari PC)... I need to come up with an alternative method to keep a session active? The app is a small custom CMS, so really only 2-3 people will be using it. I can probably identify user logins by IP and then continue to check for the IP accross all sites... Is there something more granular such as a computer uuid that i can check for?

    Read the article

  • Way around ASP.NET session being shared across multiple tab windows

    - by ace
    I'm storing some value in an asp.net session on the first page. On the next page, this session value is being read. However if multiple tabs are opened and there are multiple page 1-page 2 navigation going on, the value stored in session gets mixed up since the session is shared between the browser tabs. I'm wondering what are the options around this : Query String: Passing value between the pages using query string, I don't want to take this approach since there can be multiple anchor tags on page 1 linking to page 2 and I can not rewrite the URLs of each tag since they are dynamic. Cookies??? In-memory cookies are shared across browser tabs too, same as the session cookie, rite ? Any other option?

    Read the article

  • JSP::Confused with the session objects

    - by Legend
    I just started exploring Java Servlets and JSP and am a little confused about the sessions object. Inside a servlet I have this: public class SampleServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(true); session.setAttribute("_session", "_value"); response.sendRedirect("page2.jsp"); } } Now, inside page2.jsp, there is a session object as well, but when I do this <% out.print(session.getAttribute("_session")) %> it gives me an error. Can someone tell me the right way of doing this? As to what I am trying to do, I want to share some session variables.

    Read the article

  • Initializing a value through a Session variable

    - by William Calleja
    I need to Initialize a value in a Javascript by using a c# literal that makes reference to a Session Variable. I am using the following code <script type="text/javascript" language="javascript" > var myIndex = <%= !((Session["myIndex"]).Equals(null)||(Session["myIndex"]).Equals("")) ? Session["backgroundIndex"] : "1" %>; However the code above is giving me a classic Object reference not set to an instance of an object. error. Why? Shouldn't (Session["myIndex"]).Equals(null) capture this particular error?

    Read the article

  • How Google is managing authentication between multiple domains?

    - by vaibhav
    I think everyone here would be knowing that, if I am logged in any of the google's website(i.e www.orkut.com), I don't need to authenticate again for www.gmail.com. How google is managing this. I think, it would be a cookie stored on user's browser. But, if it is a cookie, how different domains are able to read this cookie. What do you say.

    Read the article

  • How to tell the Session to throw the error query[NHibernate]?

    - by xandy
    I made a test class against the repository methods shown below: public void AddFile<TFileType>(TFileType FileToAdd) where TFileType : File { try { _session.Save(FileToAdd); _session.Flush(); } catch (Exception e) { if (e.InnerException.Message.Contains("Violation of UNIQUE KEY")) throw new ArgumentException("Unique Name must be unique"); else throw e; } } public void RemoveFile(File FileToRemove) { _session.Delete(FileToRemove); _session.Flush(); } And the test class: try { Data.File crashFile = new Data.File(); crashFile.UniqueName = "NonUniqueFileNameTest"; crashFile.Extension = ".abc"; repo.AddFile(crashFile); Assert.Fail(); } catch (Exception e) { Assert.IsInstanceOfType(e, typeof(ArgumentException)); } // Clean up the file Data.File removeFile = repo.GetFiles().Where(f => f.UniqueName == "NonUniqueFileNameTest").FirstOrDefault(); repo.RemoveFile(removeFile); The test fails. When I step in to trace the problem, I found out that when I do the _session.flush() right after _session.delete(), it throws the exception, and if I look at the sql it does, it is actually submitting a "INSERT INTO" statement, which is exactly the sql that cause UNIQUE CONSTRAINT error. I tried to encapsulate both in transaction but still same problem happens. Anyone know the reason?

    Read the article

< Previous Page | 96 97 98 99 100 101 102 103 104 105 106 107  | Next Page >