Search Results

Search found 1926 results on 78 pages for 'cookie monster'.

Page 16/78 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >

  • Different users get the same cookie - value in .ASPXANONYMOUS

    - by Malcolm Frexner
    My site allows anonymous users. I saw that under heavy load user get sometimes profile values from other users. This happens for anonymous users. I logged the access to profile data: /// <summary> /// /// </summary> /// <param name="controller"></param> /// <returns></returns> public static string ProfileID(this Controller controller ) { if (ApplicationConfiguration.LogProfileAccess) { StringBuilder sb = new StringBuilder(); (from header in controller.Request.Headers.ToPairs() select string.Concat(header.Key, ":", header.Value, ";")).ToList().ForEach(x => sb.Append(x)); string log = string.Format("ip:{0} url:{1} IsAuthenticated:{2} Name:{3} AnonId:{4} header:{5}", controller.Request.UserHostAddress, controller.Request.Url.ToString(), controller.Request.IsAuthenticated, controller.User.Identity.Name, controller.Request.AnonymousID, sb); _log.Debug(log); } return controller.Request.IsAuthenticated ? controller.User.Identity.Name : controller.Request.AnonymousID; } I can see in the log that user realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP. Just to be safe I removed dependency injection for the FormsAuthentication. I dont use OutputCaching. My web.config has this setting for authentication: <anonymousIdentification enabled="true" cookieless="UseCookies" cookieName=".ASPXANONYMOUS" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" /> <authentication mode="Forms"> <forms loginUrl="~/de/Account/Login" /> </authentication> Does anybody have an idea what else I could log or what I should have a look at?

    Read the article

  • Security Token/Cross Domain Cookie in Classic ASP?

    - by jlrolin
    I have an interesting conundrum. We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time. The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com. Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

    Read the article

  • Posting within PHP and receiving only cookie

    - by faya
    Hello I have a question. It might be sound ridiculous, but let me explain what I want to accomplish. Right now I try to embed open source forum to by site and I want to leave forum and my site databases split. When my site users are logging in I want them also automatically be logged in to the forum system. For that I want to login within my PHP code after receiving username and password in post, but I don't know how I can get only cookies in response. I have found out that I can use curl_init(), curl_exec(), curl_close() functionality, but response from curl_exec returns whole response(page content, cookies, headers). Is there a way to receive only cookies? P.S. - If my design is totally wrong please give an advise how I can embed this functionality! I would be very thankful!

    Read the article

  • What's your favorite cross domain cookie sharing approach?

    - by Haoest
    I see iframe/p3p trick is the most popular one around, but I personally don't like it because javascript + hidden fields + frame really make it look like a hack job. I've also come across a master-slave approach using web service to communicate (http://www.15seconds.com/issue/971108.htm) and it seems better because it's transparent to the user and it's robust against different browsers. Is there any better approaches, and what are the pros and cons of each?

    Read the article

  • using Cookie-free Domains for Components

    - by JPro
    I was looking at the post here which says When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. Although I tend not to use cookies at all, my doubt is I used to think that the server creates the cookies to store the session varialbles etc and sends to the client. But this statement says the reverse of that. I don't quiet understand what is the need for the browser to create and send cookies with the request, to me it doesn't make any sense?. Can anyone please correct me? Thanks/.

    Read the article

  • CakePHP 1.3.0 Cookie value not encrypting

    - by Jason McCreary
    I noticed in Firefox when viewing the cookies that the values I am saving are not encrypted. The CakePHP Book states that values are encrypted by default on write(). I can't seem to find any gotchas in the doc Anyone else experience this problem? I am sure I am missing something.. Would it matter that the value being set is a integer?

    Read the article

  • Confusion with cookie session token and oauth2.0 don't know where to go anymore

    - by byte_slave
    Hi guys, I'm completely confused, frustrated and nothing seems to make sense and work any more. I' dev some iframe fb app and i've been using the javascript sdk (FB.Init()) to get the access_token, but doesn't always work, sometimes i'm already logged into FB and doesn't works... Did some reading, and read also that there is problems using cookies in iframes in Opera and IE, so I was thinking in use the OAuth 2.0 but i'm not sure how via facebook sdk c# and now I'm now completely lost, don't know if i still need to use the javascript FB.Init(). Documentation out there is poor and unclear, a lot of stuff refers to old code, and after hours of reading, jumping on examples, i'm completely messed up and confused. Can some, please, point/explain/enlightening me about this? Thanks a lot guys, appreciated! Merry christmas!

    Read the article

  • Rails - Dynamic cookie domains using Rack

    - by Tim B.
    I'm fairly new to Rails and Rack, but this guy had a seemingly straightforward write-up about using Rack to implement dynamic session domain middleware. The code looks good to and I've implemented it here on my local machine, but I'm still not able to transcend top level domains on a single login. Here's the middleware code: class SetCookieDomain def initialize(app, default_domain) @app = app @default_domain = default_domain end def call(env) host = env["HTTP_HOST"].split(':').first env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}" @app.call(env) end def custom_domain?(host) domain = @default_domain.sub(/^\./, '') host !~ Regexp.new("#{domain}$", Regexp::IGNORECASE) end end And then in environment.db: config.load_paths += %W(#{RAILS_ROOT}/app/middlewares) Lastly in production.db (and development.db): config.middleware.use "SetCookieDomain", ".example.org" Any help is greatly appreciated. EDIT: I'm running Rails 2.3.3 and Rack 1.0

    Read the article

  • php help hiding navigation with cookie

    - by user342391
    I have these tabs on my navigation: <li<?php if ($thisPage=="Customers") echo " class=\"current\""; ?>><a href="/customers/">Customers</a></li> <li<?php if ($thisPage=="Trunks") echo " class=\"current\""; ?>><a href="/trunks/">Trunks</a></li> <li<?php if ($thisPage=="Settings") echo " class=\"current\""; ?>><a href="/settings/">Settings</a></li> and I only want to show them when admin is logged in: if ($_COOKIE['custid'] == "admin") { echo "Customers"; echo "Trunks"; echo "Settings"; } How can I combine the two of these scripts???

    Read the article

  • Upgrading to IIS7 stopped Firefox from receiving cookies?

    - by Ted Spence
    Our website has been using IIS6 for a long time. We test on IE8, Firefox, and Chrome. All browsers worked fine. We recently did an upgrade to IIS7, and Chrome and IE8 continue to work normally, but Firefox appears to be unable to get the ASP session cookie. As a result, when our code checks the Session[] object, we see nothing, we think the user has logged out, and the site resets your session. Does anyone know why upgrading to IIS7 would cause this behavior in Firefox? We've: 1) Reverted our application pool back to classic mode (no change); 2) Added a dummy value in the Global.asax object (no change); and 3) changed the web.config file from "authentication cookieless=autodetect" to "cookieless=usercookie" and back (no change).

    Read the article

  • How do I pass a cookie to a Sinatra app using curl?

    - by Brandon Toone
    I'm using the code from the example titled "A Slightly Bigger Example" from this tutorial http://rubylearning.com/blog/2009/09/30/cookie-based-sessions-in-sinatra/ to figure out how to send a cookie to a Sinatra application but I can't figure out how to set the values correctly When I set the name to be "brandon" in the application it creates a cookie with a value of BAh7BiIJdXNlciIMYnJhbmRvbg%3D%3D%0A which is a url encoding (http://ostermiller.org/calc/encode.html) of the value BAh7BiIJdXNlciIMYnJhbmRvbg== Using that value I can send a cookie to the app correctly curl -b "rack.session=BAh7BiIJdXNlciIMYnJhbmRvbg==" localhost:9393 I'm pretty sure that value is a base64 encoding of the ruby hash for the session since the docs (http://rack.rubyforge.org/doc/classes/Rack/Session/Cookie.html) say The session is a Ruby Hash stored as base64 encoded marshalled data set to :key (default: rack.session). I thought that meant all I had to do was base64 encode {"user"=>"brandon"} and use it in the curl command. Unfortunately that creates a different value than BAh7BiIJdXNlciIMYnJhbmRvbg==. Next I tried taking the base64 encoded value and decoding it at various base64 decoders online but that results in strange characters (a box symbol and others) so I don't know how to recreate the value to even encode it. So my question is do you know what characters/format I need to get the proper base64 encoding and/or do you know of another way to pass a value using curl such that it will register as a proper cookie for a Sinatra app?

    Read the article

  • Reading cookies across different hosts

    - by Thinker
    I have two sites - both are my projects. On site two, I need to check if the user is logged in on site one. I suppose to do this I should just create a script that puts a cookie into the body of an iframe and then read the iframe contents on site two. But I can't. Here is a code I made for testing purposes: http://jsbin.com/oqaza/edit I got an error, that says: "Permission denied for <http://jsbin.com to get property HTMLDocument.nodeType from <http://www.google.com."

    Read the article

  • No Cookies at second Webrequest

    - by Collin Peters
    Hello, I write a little Tool in C# with Visual Studio 2008. My Problem: I login to a website by HTTP-webrequest, I get an authentification cookie, thats all ok. Than I make a new HTTP-webrequest and add the cookies from the first request to call the next page where i can see my personal data. I see that the cookies will associated with the second request if I debug it but if I check the network traffic I see that are no Cookies transmitted at the second request. I tried many possibilities to see why i dont work but i found nothing. Does somebody have the same problem or know a solution? (Sorry for bad english)

    Read the article

  • Cant access NString after callback in [NSURLConnection sendSynchronousRequest]

    - by John ClearZ
    Hi I am trying to get a cookie from a site which I can do no problem. The problem arises when I try and save the cookie to a NSString in a holder class or anywhere else for that matter and try and access it outside the delegate method where it is first created. - (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { int i; NSString* c; NSArray* all = [NSHTTPCookie cookiesWithResponseHeaderFields:[response allHeaderFields] forURL:[NSURL URLWithString:@"http://johncleary.net"]]; //NSLog(@"RESPONSE HEADERS: \n%@", [response allHeaderFields]); for (i=0;i<[all count];i++) { NSHTTPCookie* cc = [all objectAtIndex: i]; c = [NSString stringWithFormat: @"%@=%@", [cc name], [cc value]]; [Cookie setCookie: c]; NSLog([Cookie cookie]) // Prints the cookie fine. } [receivedData setLength:0]; } I can see and print the cookie when I am in the method but I cant when trying to access it form anywhere else even though it gets stored in the holder class @interface Cookie : NSObject { NSString* cookie; } + (NSString*) cookie; + (void) setCookie: (NSString*) cookieValue; @end int main (void) { NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; JCLogin* login; login = [JCLogin new]; [login DoLogin]; NSLog([Cookie cookie]); // Crashes the program [pool drain]; return 0; }

    Read the article

  • How to add multiple cookies to Response in WCF / REST service

    - by Sumtraveller
    I have access to WebOperationContext and can add one cookie by doing this: WebOperationContext.Current.OutgoingResponse.Headers.Add("Set-Cookie: foo_a=bar_a"); However if I call that several times, e.g.: WebOperationContext.Current.OutgoingResponse.Headers.Add("Set-Cookie: foo_a=bar_a"); WebOperationContext.Current.OutgoingResponse.Headers.Add("Set-Cookie: foo_b=bar_b"); I should get the following in my header (2 cookies): Set-Cookie: foo_a=bar_a Set-Cookie: foo_b=bar_b But instead get: Set-Cookie: foo_a=bar_a, foo_b=bar_b How do I set multiple cookies? Thx

    Read the article

  • Is this a legitimate implementation of a 'remember me' function for my web app?

    - by user246114
    Hi, I'm trying to add a "remember me" feature to my web app to let a user stay logged in between browser restarts. I think I got the bulk of it. I'm using google app engine for the backend which lets me use java servlets. Here is some pseudo-code to demo: public class MyServlet { public void handleRequest() { if (getThreadLocalRequest().getSession().getAttribute("user") != null) { // User already has session running for them. } else { // No session, but check if they chose 'remember me' during // their initial login, if so we can have them 'auto log in' // now. Cookie[] cookies = getThreadLocalRequest().getCookies(); if (cookies.find("rememberMePlz").exists()) { // The value of this cookie is the cookie id, which is a // unique string that is in no way based upon the user's // name/email/id, and is hard to randomly generate. String cookieid = cookies.find("rememberMePlz").value(); // Get the user object associated with this cookie id from // the data store, would probably be a two-step process like: // // select * from cookies where cookieid = 'cookieid'; // select * from users where userid = 'userid fetched from above select'; User user = DataStore.getUserByCookieId(cookieid); if (user != null) { // Start session for them. getThreadLocalRequest().getSession() .setAttribute("user", user); } else { // Either couldn't find a matching cookie with the // supplied id, or maybe we expired the cookie on // our side or blocked it. } } } } } // On first login, if user wanted us to remember them, we'd generate // an instance of this object for them in the data store. We send the // cookieid value down to the client and they persist it on their side // in the "rememberMePlz" cookie. public class CookieLong { private String mCookieId; private String mUserId; private long mExpirationDate; } Alright, this all makes sense. The only frightening thing is what happens if someone finds out the value of the cookie? A malicious individual could set that cookie in their browser and access my site, and essentially be logged in as the user associated with it! On the same note, I guess this is why the cookie ids must be difficult to randomly generate, because a malicious user doesn't have to steal someone's cookie - they could just randomly assign cookie values and start logging in as whichever user happens to be associated with that cookie, if any, right? Scary stuff, I feel like I should at least include the username in the client cookie such that when it presents itself to the server, I won't auto-login unless the username+cookieid match in the DataStore. Any comments would be great, I'm new to this and trying to figure out a best practice. I'm not writing a site which contains any sensitive personal information, but I'd like to minimize any potential for abuse all the same, Thanks

    Read the article

  • Weird behavior when debugging ASP.NET Web application: cookie expires (1/1/0001 12:00AM) by itself on next breakpoint hit.

    - by evovision
    I'm working on ajaxified (Telerik AJAX Manager) ASP.NET application using Visual Studio 2010 (runs with admin privileges) and IIS 7.5. Basically, everything on the page is inside update panels. As for cookies I have custom encrypted "settings" cookie which is added to Response if it's not there on session start. Application runs smoothly, problem was arising when I started the debugging it: Actions:  no breakpoints set, F5 - application has started in debug mode, browser window loaded. I login to site, click on controls, all is fine. Next I set *any* breakpoint somewhere in code, break on it then let it continue running, but once I break again (immediately after first break) and check cookie: it has expired date 1/1/0001 12:00AM and no data in value property. I was storing current language there, which was used inside Page's InitializeCulture event and obviously exception was being raised. I spent several hours trying deleting browser cache, temporary ASP.NET files etc, nothing seemed to work. Same application has been tested on exactly same environment on another PC and no problems with debugging there. After all I've found the solution: visual studio generates for every solution additional .suo file where additional settings are stored, like UI state, breakpoints info, etc, so I deleted it and loaded project again, tried debugging - everything is ok now.

    Read the article

  • Accessing the JSESSIONID from JSF

    - by Frank Nimphius
    The following code attempts to access and print the user session ID from ADF Faces, using the session cookie that is automatically set by the server and the Http Session object itself. FacesContext fctx = FacesContext.getCurrentInstance(); ExternalContext ectx = fctx.getExternalContext(); HttpSession session = (HttpSession) ectx.getSession(false); String sessionId = session.getId(); System.out.println("Session Id = "+ sessionId); Cookie[] cookies = ((HttpServletRequest)ectx.getRequest()).getCookies(); //reset session string sessionId = null; if (cookies != null) { for (Cookie brezel : cookies) {     if (brezel.getName().equalsIgnoreCase("JSESSIONID")) {        sessionId = brezel.getValue();        break;      }   } } System.out.println("JSESSIONID cookie = "+sessionId); Though apparently both approaches to the same thing, they are different in the value they return and the condition under which they work. The getId method, for example returns a session value as shown below grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692!1322120041091 Reading the cookie, returns a value like this grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692 Though both seem to be identical, the difference is within "!1322120041091" added to the id when reading it directly from the Http Session object. Dependent on the use case the session Id is looked up for, the difference may not be important. Another difference however, is of importance. The cookie reading only works if the session Id is added as a cookie to the request, which is configurable for applications in the weblogic-application.xml file. If cookies are disabled, then the server adds the session ID to the request URL (actually it appends it to the end of the URI, so right after the view Id reference). In this case however no cookie is set so that the lookup returns empty. In both cases however, the getId variant works.

    Read the article

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >