Search Results

Search found 6769 results on 271 pages for 'django sessions'.

Page 117/271 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >

  • web application with secured sections, sessions and related trouble

    - by spirytus
    I would like to create web application with admin/checkout sections being secured. Assuming I have SSL set up for subdomain.mydomain.com I would like to make sure that all that top-secret stuff ;) like checkout pages and admin section is transferred securely. Would it be ok to structure my application as below? subdomain.mydomain.com adminSectionFolder adminPage1.php adminPage2.php checkoutPagesFolder checkoutPage1.php checkoutPage2.php checkoutPage3.php homepage.php loginPage.php someOtherPage.php someNonSecureFolder nonSecurePage1.php nonSecurePage2.php nonSecurePage3.php imagesFolder image1.jpg image2.jpg image3.jpg Users would access my web application via http as there is no need for SSL for homepage and similar. Checkout/admin pages would have to be accessed via https though (that I would ensure via .htaccess redirects). I would also like to have login form on every page of the site, including non-secure pages. Now my questions are: if I have form on non-secure page e.g http://subdomain.mydomain.com/homepage.php and that form sends data to http://subdomain.mydomain.com/loginPage.php, is data being send encrypted as if it were sent from https://subdomain.mydomain.com/homepage.php? I do realize users will not see padlock, but browser still should encrypt it, is it right? If on secure page loginPage.php (or any other accessed via https for that instance) I created session, session ID would be assigned, and in case of my web app. something like username of the logged in user. Would I be able to access these session variable from http://subdomain.mydomain.com/homepage.php to for example display greeting message? If session ID is stored in cookies then it would be trouble I assume, but could someone clarify how it should be done? It seems important to have username and password send over SSL. Related to above question I think.. would it actually make any sense to have login secured via SSL so usenrame/password would be transferred securely, and then session ID being transferred with no SSL? I mean wouldnt it be the same really if someone caught username and password being transferred, or caught session ID? Please let me know if I make sense here cause it feels like I'm missing something important. EDIT: I came up with idea but again please let me know if that would work. Having above, so assuming that sharing session between http and https is as secure as login in user via plain http (not https), I guess on all non secure pages, like homepage etc. I could check if user is already logged in, and if so from php redirect to https version of same page. So user fills in login form from homepage.php, over ssl details are send to backend so probably https://.../homepage.php. Trying to access http://.../someOtherPage.php script would always check if session is created and if so redirect user to https version of this page so https://.../someOtherPage.php. Would that work? 4.To avoid browser popping message "this page contains non secure items..." my links to css, images and all assets, e.g. in case of http://subdomain.mydomain.com/checkoutPage1.php should be absolute so "/images/image1.jpg" or relative so "../images/image1.jpg"? I guess one of those would have to work :) wow that's long post, thanks for your patience if you got that far and any answers :) oh yeh and I use php/apache on shared hosting

    Read the article

  • Kohana Sessions data does not persist across pages in chrome and ir browsers

    - by user1062637
    Kohana Session data does not persist across pages opened in Chrome and IE browsers the same works fine in a Firefox browser Kohana version used is 2.3 session config files hold $config['driver'] = 'native'; /** * Session storage parameter, used by drivers. */ $config['storage'] = ''; /** * Session name. * It must contain only alphanumeric characters and underscores. At least one letter must be present. */ $config['name'] = 'NITWSESSID'; /** * Session parameters to validate: user_agent, ip_address, expiration. */ $config['validate'] = array(); /** * Enable or disable session encryption. * Note: this has no effect on the native session driver. * Note: the cookie driver always encrypts session data. Set to TRUE for stronger encryption. */ $config['encryption'] = FALSE; /** * Session lifetime. Number of seconds that each session will last. * A value of 0 will keep the session active until the browser is closed (with a limit of 24h). */ $config['expiration'] = 2700; /** * Number of page loads before the session id is regenerated. * A value of 0 will disable automatic session id regeneration. */ $config['regenerate'] = 0; /** * Percentage probability that the gc (garbage collection) routine is started. */ $config['gc_probability'] = 2; Help needed urgently

    Read the article

  • PHP Sessions and Passing Session ID

    - by Jason McCreary
    I have an API where I am passing the session id back and forth between calls. I set up the session like so: // start API session session_name('apikey'); session_id($data['apikey']); // required to link session session_start(); Although I named my session and am passing the session id via GET and POST using the name, PHP does not automatically resume that session. It always creates a new one unless I set the explicitly set the session id. I found some old user comments on www.php.net that said unless the session id is the first parameter PHP won't set it automatically. This seems odd, but even when I call tried it still didn't work: rest_services.php?apikey=sdr6d3subaofcav53cpf71j4v3&q=testing I have used PHP for years, but am a little confused on why I needed to explicitly set the session with session_id() when I am naming the session and passing it's key accordingly. UPDATE It seems I wasn't clear. My question is why is setting the session ID with session_id() required when I am passing the id, using the session name apikey, via $_GET or $_POST. Theoretically this is no different than PHP's SID when cookies are disabled. But for me it doesn't work unless I explicitly set the session ID. Why?

    Read the article

  • jQuery to store data for sessions

    - by Ted
    I am trying to use jQuery AJAX. What my requirement is, i wish to load user names from DB in dataset, convert it to JSON format and store it in memory or using jQuery data for use while a user is browsing my site, i.e for a session. This way I can use autocomplete or my own code to display data to user. Can anyone help me design such a scenario?

    Read the article

  • Save in Sessions to reduce database load

    - by Kovu
    at the moment I try to reduce the load on my database extremly, so I had a look in my website and think about - what database calls can I try to avoid. So is there a rule for that? Sould I save every information in a Session that is nearly never changed? e.g.: The User-Table is a 35-coloumn-table which I need so often in so different ways, that in the moment I got this user-object at nearly every PageLoad AND in the master-site-page-load (Settings, display the username for a welcome message, colors etc etc.). So is that good to avoid the database query here, save the User-Object in a Session and call it from the session - and of course destroy the session whereever the User-Object get changed (e.g. User change his settings)?

    Read the article

  • Simple mail server setup for a user-based website.

    - by Absolute0
    I am working on a simple website that has user registration. All I need to do is confirm email addresses by emailing a confirmation email and maybe send out periodic emails regarding various information. I am also considering having a [email protected] email for user questions and comments. The application is written in django and I am running it on ArchLinux on a VPS. I have no knowledge of mail servers. I tried setting up postfix and qmail but had no luck. They are complicated and require a lot of configuration to get them working properly. My use case is super simple and doesn't not require anything fancy. Is there any simple mailing setup that will enable me to quickly get emailing working with my django app with minimal work?

    Read the article

  • gnu screen: reattach all previously detached sessions

    - by Fedyashev Nikita
    I have a few windows in a single screen session and then I want to detach my session. There is no problem with that. But I can't find a way to restore all windows within my previously detached session. I can see that I can restore just one of them by ID. But how can I reattach exact the same session environment with all the windows in it?

    Read the article

  • What exactly is an invalid HTTP_HOST header

    - by rolling stone
    I've implemented Django's relatively new allowed hosts setting, which is meant to prevent attackers from submitting requests with a fake HTTP Host header. Since adding that setting, I now get anywhere from 20-100 emails a day notifying me of invalid HTTP_HOST headers. I've copied in an example of a typical error message below. I'm hosting my site on EC2, and am relatively new to setting up/maintaining a server, so my question is what exactly is happening here, and what is the best way to manage these invalid and I assume malicious requests? [Django] ERROR: Invalid HTTP_HOST header: 'www.launchastartup.com'.You may need to add u'www.launchastartup.com' to ALLOWED_HOSTS.

    Read the article

  • NHibernate / multiple sessions and nested objects

    - by bernhardrusch
    We are using NHibernate in a rich client application. It is a pretty open application (the user searches for a dataset or creates a new one, changes the data and saves the data set. We leave the session open, because sometimes we have to lazy load some properties of the object (nested object structure). This means one big problem if we leave the session open, the db (MySQL) closes the connection and we are not able to find this out and it throws an exception (socket communication error) when accessing the database (we are thinking about testing the db connection before accessing the object - but this is not really optimal neither, the other option would be to set back the timeout of the db connection , but this just doesn't seem to well). So - is it possible to reconnect the session to a new database connection ? Another problem is it possible to get an object from one session and then re-attach it to another session ? (I often hear that session.lock should work for this - but this doesn't work so well in our application - so I ended up getting a "fresh" object from the session and copy the data over manually - which is a little bit cumbersome) Any ideas for this ?

    Read the article

  • How to test soft deletion event listner without setting up NHibernate Sessions

    - by isuruceanu
    I have overridden the default NHibernate DefaultDeleteEventListener according to this source: http://nhforge.org/blogs/nhibernate/archive/2008/09/06/soft-deletes.aspx so I have protected override void DeleteEntity( IEventSource session, object entity, EntityEntry entityEntry, bool isCascadeDeleteEnabled, IEntityPersister persister, ISet transientEntities) { if (entity is ISoftDeletable) { var e = (ISoftDeletable)entity; e.DateDeleted = DateTime.Now; CascadeBeforeDelete(session, persister, entity, entityEntry, transientEntities); CascadeAfterDelete(session, persister, entity, transientEntities); } else { base.DeleteEntity(session, entity, entityEntry, isCascadeDeleteEnabled, persister, transientEntities); } } How can I test only this piece of code, without configuring an NHIbernate Session?

    Read the article

  • interactive sessions through web page

    - by Pan Chai
    Is it possible to use HTML form to start an executable in the server, and allow user to input further information into the same executable? from a web form, input executable name with one parameter missing. the executable starts, and post question for the missing parameter. user enter the value for the missing parameter, the information get passed to the executable. the executable continue its execution. Thank you, Pan

    Read the article

  • PHP Shared Sessions across Domain

    - by bigstylee
    Hi, I have seen a few answers to this on SOO but most of these are concerned with the use of subdomains, of which none have worked for me. The common one being that the use of session.cookie_domain, which from my understanding will only work with subdomains. I am interested in a solution that deals with deals with entirely different domains (and includes the possibility of subdomains). Unfortunately project deadlines being what they are, time is not on my side, so I turn to SOO's expertise and experience. The current project brief is to be able to log into one site which currently only stores the user_id in the session and then be able to retrieve this value while on a different domain within the same server enviroment. Session data is being stored/retrieved from a database where the session id is the primary key. I am hoping to find a "light wieght" and "easy" to implement solution. The system is utlising an in-house Model View Controller design pattern, so all requests (including different domains) are run through a single bootstrap script. Using the domain name as a variable, this determines what context to display to the user. One option that did look like to have potential is the use of a hidden image and using the alt tag to set the user id. My first impressions suggest this immediately seems "too easy" (if possible) and riddled with security flaws. Disscuss? Another option which I considered is using the IP and User Agent for authentication but again I feel this not going to be a reliable option due to shared networks and changing IP addresses. My third option (and preferred) which I considered and as yet not seen discussed is using htaccess to fool the user into thinking that they are on a different domain when infact apache is redirecting; something like www.foo.com/index.php?domain=bar.com&controller=news/categoires/1 but displays to the user as www.bar.com/news/categories/1 foo.com represents the "main site domain" which all requests are run through and bar.com is what the user thinks they are accessing. The controller request dictates the page and view being requested. Is this possible? Are there other options? Pros/Cons? Thanks in advanced!!!

    Read the article

  • Send nginx X-Accel-Redirect request from remote server

    - by phingage
    I have 2 server first (domain.com) is a django/apache server, second (f1.domain.com) is a file server (nginx) where some files are protected and should be allow download only to registred user, so i have setup a nginx server with a server { listen 80 default_server; server_name *.domanin.com; access_log /home/domanin/logs/access.log; location /files/ { internal; root /home/domanin; } } and from django I send a request via X-Accel-Redirect header, but dosen't work i think because come from a remote server, how can i accomplish my task? regards!

    Read the article

  • array with sessions, only prints one letter

    - by jolabero
    On login: $result = mysql_query("SELECT `id`, `username`, `email` FROM `users` WHERE `username` = '$username' AND `password` = '$passwd'"); $userdata = array('id','username','email'); $_SESSION['user'] = mysql_result($result, 0, $userdata); And when i want to print the users username echo $_SESSION['user']['username'] it only prints the first letter :/ whats wrong`?

    Read the article

  • Login system and sessions (php)

    - by Jonathan
    I've created a login page and registration page and now I want to use that to password protect pages and have pages which show information specific to that user. Would storing the user ID of the user logged in in a Session variable be a safe and correct way of doing this? How easy would it be for a user to change the session variable to a different ID and access another user's information, and not having to type the users login details in?

    Read the article

  • Persistent UDP sessions on Android

    - by Wedgeski
    I have a client-server app which requires me to maintain a persistent session over UDP. The goal is to maintain a path from the server to the mobile Android device no matter what route it has to the internet (WiFi or mobile network). This is achieved using a proprietary, well-tested session-management protocol over UDP. I need the phone to be able to maintain, say, a five-minute keep-alive with the server at all times. Ideally I would like to do this without maintaining any wake-locks on the device. I don't want the screen to light up every time I send a UDP to the server, for example, and I don't want to have a damaging effect on battery usage. Has anyone addressed this problem?

    Read the article

  • Form POST or sessions?

    - by eddienotizzard
    If you have an item where you allow users to add comments, how can you pass which item the user is replying too? I've though of using a hidden field in a form, however this can be easily changed using plugins such as firebug: <form method="post" action="blah"> <input type="hidden" name="item_id" value="<?php echo $item_id; ?>"> <!-- other form data here --> <input type="submit" name="submit"> </form> Or just simply using a session: $_SESSION['item_id'] = $item_id Is there a safe way to send the item data in a form?

    Read the article

  • Saving variables (not sessions)

    - by james.bcn
    This may be a silly question, but how do I save variables that are not specific to a particular session. An simple example of why you might want to do this would be a visitor counter - a number that increases by one each time someone visits a web page (note - I'm not actually doing that, my application is different, but that is the functionality I need). The only ways I can think of doing this are either writing the variables to a file, or putting the variables into a database. Both seem a bit inelegant. Is there a better way to to this kind of thing?

    Read the article

  • Multiple sessions or one?

    - by user1314285
    I am using a security token for a form, the form is dynamically built depending on selection through jquery. So the form is called quite a lot and different tokens created every-time. So.. if the same user calls the form 3 times the session would be rewritten? Would it help at all to check if the token exists and not create one unless its empty? or perhaps someone knows of a good way to work with form tokens? If 3 users are on then the token is created 3 times with different values, right? If I check for the token and 3 users are on then the session is created 3 times with the same values?

    Read the article

  • Use multiple WSGI mount points in Apache with an Nginx reverse proxy

    - by Thomas
    I am trying to set up multiple virtual hosts on the same server with Nginx and Apache and have run into a curious configuration issue. I have nginx is configured with a generic upstream to apache. upstream backend { server 1.1.1.1:8080; } I'm trying to set up multiple subdomains in nginx that hit different mountpoints in apache. Each would act like the following examples. server { listen 80; server_name foo.yoursite.com; location / { proxy_pass http://backend/bar/; include /etc/nginx/proxy.conf; } ... } server { listen 80; server_name delta.yoursite.com; location / { proxy_pass http://backend/gamma/; include /etc/nginx/proxy.conf; } ... } These mountpoints are pointed at django projects, however each of the url entries are coming back prepended with the apache mountpoint path. So, if I called the django url entry for foo.yoursite.com/wiki/biz/, django appears to be returning foo.yoursite.com/bar/wiki/biz/. Similarly, if I call for the url entry for delta.yoursite.com/wiki/biz/, I get delta.yoursite.com/gamma/wiki/biz/. Is there any way get rid of the prefix being returned on the url entries by django and apache?

    Read the article

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >