Web Storage API: More Security, Efficiency and Capacity than Cookies
The Web Storage API not only allows storing larger data in browsers but also in a more secure and efficient way.
Search Results
Search found 1491 results on 60 pages for 'tea with cookies'.
Page 11/60 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18 | Next Page >
-
-
Save and Restore Form Cookies using JavaScript
In this article we will see how to persist info in cookie across multiple pages using JavaScript.Read the article
-
Convert cookies from HTMLUnit to HTTPBuilder?
- by Misha Koshelev
Dear All: I am doing this (in Groovy): def cookies=webClient.cookieManager.cookies def http=new HTTPBuilder("myurl") http.request(POST) { def headersCookie='' cookies.eachWithIndex() { cookie,i-> if (i>0) { headersCookie+='; ' } headersCookie+=cookie.getName()+"="+cookie.getValue() } headers.'Cookie'=headersCookie ... } Is there a better/less hacky way? Thank you MishaRead the article
-
Cross Domain Cookies Problem (ASP.NET)
- by Laserson
Hi guys, i have a problem with cross-domain cookies. I read a lot of documentation about sharing cookies between subdomains. The main idea of all articles is set Domain property to something like ".mydomain.com". I've created two domains on local IIS server - test1.local.boo and test2.local.boo. They works great and visible with browser. I have the following code: Site test1 - Writes cookie: HttpCookie myCookie = new HttpCookie("TestCookie"); myCookie.Domain = ".local.boo"; myCookie["msg"] = "Welcome from Cookie"; Response.Cookies.Add(myCookie); Site test2 - Reads cookie: HttpCookie cookie = Request.Cookies["TestCookie"]; if (cookie != null) { Response.Write(cookie["msg"]); } else { Response.Write("FAILED"); } This code always shows FAILED message. So it means that second site can't read cookie from the same subdomain. Where is my mistake??Read the article
-
Where can I report an issue with IIS?
- by Nathan Taylor
While working with an ASP.NET application on Chrome for Android I discovered that Request.Browser.Cookies returns False for that browser (despite the browser supporting cookies). Based on what I've read, this indicates a problem with the database which ASP.NET (and, I assume, IIS) uses to look up information about different UserAgents. The fact that it returns False means that the database is either missing Chrome for Android, or has invalid data for it. What is the a proper place to report IIS issues like this?Read the article
-
possible SYN flooding on port 80. Sending cookies
- by Sparsh Gupta
I recently had a server downtime. I looked everywhere and the only thing I found in my log files is: Feb 17 18:58:04 localhost kernel: possible SYN flooding on port 80. Sending cookies. Feb 17 18:59:33 localhost kernel: possible SYN flooding on port 80. Sending cookies. Can someone give me more information about it. WHat is it, How can I debug the cause and how can I fix the same. I also posted ipconntrack suddenly became toooo large which has another data point I found unusual, wondering if the two things is connected as they occured exactly at the same time but at different servers. One at reverse proxy and other at actual backend Varnish server) ThanksRead the article
-
How to delete Chrome temp data (history, cookies, cache) using command line
- by Dio Phung
On Windows 7, I tried running this script but still cannot clear Chrome temp data. Can someone figure out what's wrong with the script? Where do Chrome store history and cache ? Thanks ECHO -------------------------------------- ECHO **** Clearing Chrome cache taskkill /F /IM "chrome.exe">nul 2>&1 set ChromeDataDir=C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default set ChromeCache=%ChromeDataDir%\Cache>nul 2>&1 del /q /s /f "%ChromeCache%\*.*">nul 2>&1 del /q /f "%ChromeDataDir%\*Cookies*.*">nul 2>&1 del /q /f "%ChromeDataDir%\*History*.*">nul 2>&1 set ChromeDataDir=C:\Users\%USERNAME%\Local Settings\Application Data\Google\Chrome\User Data\Default set ChromeCache=%ChromeDataDir%\Cache>nul 2>&1 del /q /s /f "%ChromeCache%\*.*">nul 2>&1 del /q /f "%ChromeDataDir%\*Cookies*.*">nul 2>&1 del /q /f "%ChromeDataDir%\*History*.*">nul 2>&1 ECHO **** Clearing Chrome cache DONERead the article
-
Understanding NSHTTPCookieStorage for the iPhone
- by psychotik
Maybe I'm missing something, but from Apple's documentation for NSHTTPCookieStorage, I can't help but wonder how this is safe to use. Does this mean that cookie storage is shared across all apps on the iPhone? If my app makes an Http call that results in some cookies being saved, do all apps now have access to these cookies? Methods like: cookiesForURL: Returns all the receiver's cookies that will be sent to a specified URL. make it look even more suspicious. Can someone explain how this is OK, and what the class does? Also, assuming my understanding is flawed and this is indeed sandboxed per-app, do calls made using NSURLRequest automatically save/retrieve cookies from this store or is it the developers responsibility to set request headers before dispatching the request?Read the article
-
ASP.NET FormsAuthentication Cookie Problem
- by Niels Bosma
We use FormAuthentication to manage logins and I have a case where a customer complains where he can login from one computer but to from another. I can see in my logs that his authentican is successfull but he gets bumped back to the login page. I can reproduce the symptons by disabling cookies so I asked the customer to test if cookies are enabled on http://www.tempesttech.com/cookies/cookietest1.asp, but this came out positive. What have I missed? Is there any antivirus/security software that can mess up (ASP.NET) cookies? The user is using IE7 and claims to have F-secure installed.Read the article
-
PHP: Cookie only sent to http://www.xxx.com and NOT http://xxx.com
- by Axel
Hi, I have a php login which sets 2 cookies once some one login. the problem is that if you login from : http://www.mydomain.com and you go to http://mydomain.com you will find your self not logged in, I think that's because the browser only send the cookies to the first syntax. It's only one domain, the difference is the www. before the domain name, so how to set cookies to the whole domain whatever there is www. or not ? ThanksRead the article
-
How to identify unique user?
- by smotchkkiss
How can you determine if a user is unique or not? I understand there are many ways to do this using cookies, but what about methods that don't use cookies? For example, go to Urban Dictionary and click one of the up/down vote buttons. Even if you delete your cookies and come back to the page, you will not be allowed to cast a vote on the same definition. How do they do this?Read the article
-
Developing a php system that tracks other websites analytics
- by CodeCrack
I want to develop a PHP website feature where users sign up, get a javascript snippet code that display an image on their site, and let's me track the number of visitors, unique hits, clicks and average visitor duration on their page. Is that something that should be done with some open source analytic software such as http://piwik.org/ or it's pretty doable on your own? If I had to do it myself from scratch, I would use image/pixel as a way to track the visit, drop a cookie with javascript snippet to track uniques, track clicks based on image click and redirect, and not sure about the bounce rate. Any thoughts or opinions are welcome.Read the article
-
How do I assign a non-persistent (in-memory) cookie in ASP.NET?
- by Jørn Schou-Rode
The following code will send a cookie to the user as part of the response: var cookie = new HttpCookie("theAnswer", "42"); cookie.Expires = DateTime.Now.AddDays(7); Response.Cookies.Add(cookie); The cookie is of the persistent type, which by most browsers will be written to disk and used across sessions. That is, the cookie is still on the client's PC tomorrow, even if the browser and the PC has been closed in between. After a week, the cookie will be deleted (due to line #2). Non-persistent/in-memory cookies are another bread of cookies, which have a lifespan determined by the duration of the client's browsing session. Usually, such cookies are held in memory, and they are discarded when the browser is closed. How do I assign an in-memory cookie from ASP.NET?Read the article
-
How to implement a no-login authentication system
- by mrwooster
I am looking to build a very loose authentication system that can track a user and link submitted data/comments to a specific user. The submissions are essentially anonymous, but a user may want to edit his submission/comment at a later date. I want the experience to be as smooth as possible so do not want to ask users to sign up for an account and then login each time. There is no point as their submissions are not in their name and to another user browsing the site, there is no way of linking a submission to a specific user (think anonymous comments on a blog post or pastie). However, the user should have the ability to edit (at least in the short term) the content they have posted. The way I imagine doing this would be to place a unique identifier in a cookie on the users machine. This would enable me to link a submission to a user, and while that cookie remained on the users machine, I would allow them to edit their content. Of course, if the cookie is lost, or the user accesses the site from a different browser, then they would not be able to edit their content, but this is not really an issue, they can always resubmit a new piece of content. Is there a better way of doing this? How can I implement this so that the user can edit their data for the longest possible amount of time.Read the article
-
Why is it that sometimes my web application does not work on the iPhone?
- by alex
I have a web application that uses login and sessions (cookies). Why is it that sometimes, when the iPhone is going slow with the 3G network (super super slow), the iphone doesn't see the cookies? Cookies don't work when the iPhone network is slow!!!Read the article
-
How can I print the cookie_jar values in Perl's WWW::Mechanize?
- by Phill Pafford
How can I print the values of the cookie/cookie_jar being set? Trying: ##my $cookie_jar=HTTP::Cookies->new(file => "cookie.jar",autosave=>1,ignore_discard=>1); my $cookie_jar=HTTP::Cookies->new(); ## Would like it to be in memory my $agent = WWW::Mechanize->new(cookie_jar => $cookie_jar); ##my $agent = WWW::Mechanize->new(); ##my $agent = WWW::Mechanize->new(autocheck => 1); ##$agent->cookie_jar( {} ); # we need cookies ##$agent->cookie_jar(HTTP::Cookies->new); print "Set Cookie Jar?\n"; print $agent->cookie_jar->as_string(); print "\n"; $agent->get($url); // url is a https site Not too much luck with any of these, what am I doing wrong?Read the article
-
This .NET code snippet will NOT actually create a cookie, right?
- by Ryan
I just realized that this cookie is not showing up like it should, and I checked the code which was not written by me but I am pretty sure that this is NOT enough to create a cookie right?? public static void CreateSSOCookies(string tokenID) { System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Domain = System.Web.HttpContext.Current.Request.ServerVariables["SERVER_NAME"].ToString().ToLower(); System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Value = tokenID.ToString(); System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Path = "~/"; System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Expires = DateTime.Now.AddDays(7); } If it does work, where is the cookie then? Is the cookie name 'ssocookies' ?Read the article
-
Perl Cookie not working
- by grosseskino
Hi! I already spent all day looking for an answer for this: I am using Perl with LWP::UserAgent and HTTP::Cookies. My problem is that I can't get past an cookie-base age-check. In Perl I use this code: my $browser = LWP::UserAgent->new; my $resp = $browser->get( $url, 'User-Agent' => 'MySpider/1.0' ); #Cookie Setup my $cookies = HTTP::Cookies->new(); $cookies->set_cookie(1,'age_check', '1','/','.example.com/', 80, ,0,3354512128, 0); $browser->cookie_jar($cookies); The Site is setting the Cookie with JavaScript function saveSplash(domain) { var expDate = new Date(); expDate.setTime(expDate.getTime()+(1*24*3600*1000)); setCookie("age_check", 1, expDate, '/', domain); setCookie("screen_width", getScreenWidth(), expDate, '/', domain); } This is the Cookie saved by my browser: age_check 1 example.com/ 1088 3354512128 30140182 2646218624 30139981 Any idea what I am doing wrong? Thanks in advance guys!Read the article
-
Google App Engine - Secure Cookies
- by tponthieux
I'd been searching for a way to do cookie based authentication/sessions in Google App Engine because I don't like the idea of memcache based sessions, and I also don't like the idea of forcing users to create google accounts just to use a website. I stumbled across someone's posting that mentioned some signed cookie functions from the Tornado framework and it looks like what I need. What I have in mind is storing a user's id in a tamper proof cookie, and maybe using a decorator for the request handlers to test the authentication status of the user, and as a side benefit the user id will be available to the request handler for datastore work and such. The concept would be similar to forms authentication in ASP.NET. This code comes from the web.py module of the Tornado framework. According to the docstrings, it "Signs and timestamps a cookie so it cannot be forged" and "Returns the given signed cookie if it validates, or None." I've tried to use it in an App Engine Project, but I don't understand the nuances of trying to get these methods to work in the context of the request handler. Can someone show me the right way to do this without losing the functionality that the FriendFeed developers put into it? The set_secure_cookie, and get_secure_cookie portions are the most important, but it would be nice to be able to use the other methods as well. #!/usr/bin/env python import Cookie import base64 import time import hashlib import hmac import datetime import re import calendar import email.utils import logging def _utf8(s): if isinstance(s, unicode): return s.encode("utf-8") assert isinstance(s, str) return s def _unicode(s): if isinstance(s, str): try: return s.decode("utf-8") except UnicodeDecodeError: raise HTTPError(400, "Non-utf8 argument") assert isinstance(s, unicode) return s def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 def cookies(self): """A dictionary of Cookie.Morsel objects.""" if not hasattr(self,"_cookies"): self._cookies = Cookie.BaseCookie() if "Cookie" in self.request.headers: try: self._cookies.load(self.request.headers["Cookie"]) except: self.clear_all_cookies() return self._cookies def _cookie_signature(self,*parts): self.require_setting("cookie_secret","secure cookies") hash = hmac.new(self.application.settings["cookie_secret"], digestmod=hashlib.sha1) for part in parts:hash.update(part) return hash.hexdigest() def get_cookie(self,name,default=None): """Gets the value of the cookie with the given name,else default.""" if name in self.cookies: return self.cookies[name].value return default def set_cookie(self,name,value,domain=None,expires=None,path="/", expires_days=None): """Sets the given cookie name/value with the given options.""" name = _utf8(name) value = _utf8(value) if re.search(r"[\x00-\x20]",name + value): # Don't let us accidentally inject bad stuff raise ValueError("Invalid cookie %r:%r" % (name,value)) if not hasattr(self,"_new_cookies"): self._new_cookies = [] new_cookie = Cookie.BaseCookie() self._new_cookies.append(new_cookie) new_cookie[name] = value if domain: new_cookie[name]["domain"] = domain if expires_days is not None and not expires: expires = datetime.datetime.utcnow() + datetime.timedelta( days=expires_days) if expires: timestamp = calendar.timegm(expires.utctimetuple()) new_cookie[name]["expires"] = email.utils.formatdate( timestamp,localtime=False,usegmt=True) if path: new_cookie[name]["path"] = path def clear_cookie(self,name,path="/",domain=None): """Deletes the cookie with the given name.""" expires = datetime.datetime.utcnow() - datetime.timedelta(days=365) self.set_cookie(name,value="",path=path,expires=expires, domain=domain) def clear_all_cookies(self): """Deletes all the cookies the user sent with this request.""" for name in self.cookies.iterkeys(): self.clear_cookie(name) def set_secure_cookie(self,name,value,expires_days=30,**kwargs): """Signs and timestamps a cookie so it cannot be forged""" timestamp = str(int(time.time())) value = base64.b64encode(value) signature = self._cookie_signature(name,value,timestamp) value = "|".join([value,timestamp,signature]) self.set_cookie(name,value,expires_days=expires_days,**kwargs) def get_secure_cookie(self,name,include_name=True,value=None): """Returns the given signed cookie if it validates,or None""" if value is None:value = self.get_cookie(name) if not value:return None parts = value.split("|") if len(parts) != 3:return None if include_name: signature = self._cookie_signature(name,parts[0],parts[1]) else: signature = self._cookie_signature(parts[0],parts[1]) if not _time_independent_equals(parts[2],signature): logging.warning("Invalid cookie signature %r",value) return None timestamp = int(parts[1]) if timestamp < time.time() - 31 * 86400: logging.warning("Expired cookie %r",value) return None try: return base64.b64decode(parts[0]) except: return None uid=1234|1234567890|d32b9e9c67274fa062e2599fd659cc14 Parts: 1. uid is the name of the key 2. 1234 is your value in clear 3. 1234567890 is the timestamp 4. d32b9e9c67274fa062e2599fd659cc14 is the signature made from the value and the timestampRead the article
-
[grails] setting cookies when render type is "contentType: text/json"
- by Robin Jamieson
Is it possible to set cookies on response when the return render type is set as json? I can set cookies on the response object when returning with a standard render type and later on, I'm able to get it back on the subsequent request. However, if I were to set the cookies while rendering the return values as json, I can't seem to get back the cookie on the next request object. What's happening here? These two actions work as expected with 'basicForm' performing a regular form post to the action, 'withRegularSubmit', when the user clicks submit. // first action set the cookie and second action yields the originally set cookie def regularAction = { // using cookie plugin response.setCookie("username-regular", "regularCookieUser123",604800); return render(view: "basicForm"); } // called by form post def withRegularSubmit = { def myCookie = request.getCookie("username-regular"); // returns the value 'regularCookieUser123' return render(view: "resultView"); } When I switch to setting the cookie just before returning from the response with json, I don't get the cookie back with the post. The request starts by getting an html document that contains a form and when doc load event is fired, the following request is invoked via javascript with jQuery like this: var someUrl = "http://localhost/jsonAction"; $.get(someUrl, function(jsonData) { // do some work with javascript} The controller work: // this action is called initially and returns an html doc with a form. def loadJsonForm = { return render(view: "jsonForm"); } // called via javascript when the document load event is fired def jsonAction = { response.setCookie("username-json", "jsonCookieUser456",604800); // using cookie plugin return render(contentType:'text/json') { 'pair'('myKey': "someValue") }; } // called by form post def withJsonSubmit = { def myCookie = request.getCookie("username-json"); // got null value, expecting: jsonCookieUser456 return render(view: "resultView"); } The data is returned to the server as a result of the user pressing the 'submit' button and not through a script. Prior to the submit of both 'withRegularSubmit' and 'withJsonSubmit', I see the cookies stored in the browser (Firefox) so I know they reached the client.Read the article
-
How to configure cookieless virtual host in Apache2?
- by xzyfer
We run over a hundred web applications (growing daily) on a LAMP stack using Apache2 on Ubuntu 10.04. We've would like all requests to static content to be cookieless. We host applications on many different domains, a majority of which as SaSS applications. Many of the domains host instances of the applications on sub domains, ie. myapp.example.com, myapp2.example.com myapp.otherexample.com etc.. At the moment all static content is server relative to the (sub)domain requesting it. As far as I understand the process, I would need to setup a new domain, eg. staticexample.com. In this case is special configuration in the virtual host for this domain required to ensure no cookies are served? Also, would it be possible to instead use static.example.com? In this case what configurations would I need in my virtual host for this subdomain to ensure no cookies are served?Read the article
-
Mitigating the 'firesheep' attack at the network layer?
- by pobk
What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage? Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on the network and looking for session cookies from known sites. It is relatively easy to write plugins for the extension to listen for cookies from additional sites. From a systems/network perspective, we've discussed the possibility of encrypting the whole site, but this introduces additional load on servers and screws with site-indexing, assets and general performance. One option we've investigated is to use our firewalls to do SSL Offload, but as I mentioned earlier, this would require all of the site to be encrypted. What's the general thoughts on protecting against this attack vector? I've asked a similar question on StackOverflow, however, it would be interesting to see what the systems engineers thought.Read the article
-
How can I generate a texture that looks like left-over tea leaves?
- by Jedidja
We are working on a project for iPhone and Windows Phone 7 where we'd like to be able to generate tea leaves at the bottom of a cup. It doesn't have to look photo-realistic, and actually cartoon-y is ok. What sort of techniques should we research to accomplish this? Are there any libraries (preferably in C, but we can translate) that would be helpful? Here are some samples pulled from a Google Image searchRead the article
-
Storing cookielib cookies in a database
- by Mridang Agarwalla
Hi, I'm using the cookielib module to handle HTTP cookies when using the urllib2 module in Python 2.6 in a way similar to this snippet: import cookielib, urllib2 cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) r = opener.open("http://example.com/") I'd like to store the cookies in a database. I don't know whats better - serialize the CookieJar object and store it or extract the cookies from the CookieJar and store that. I don't know which one's better or how to implement either of them. I should be also be able to recreate the CookieJar object. Could someone help me out with the above? Thanks in advance.Read the article
-
No Cookies at second Webrequest
- by Collin Peters
Hello, I write a little Tool in C# with Visual Studio 2008. My Problem: I login to a website by HTTP-webrequest, I get an authentification cookie, thats all ok. Than I make a new HTTP-webrequest and add the cookies from the first request to call the next page where i can see my personal data. I see that the cookies will associated with the second request if I debug it but if I check the network traffic I see that are no Cookies transmitted at the second request. I tried many possibilities to see why i dont work but i found nothing. Does somebody have the same problem or know a solution? (Sorry for bad english)Read the article
