Search Results

Search found 1926 results on 78 pages for 'cookie monster'.

Page 17/78 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • can some hacker steal the cookie from a user and login with that name on the web site ?

    - by Aristos
    Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator. Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ? Or do you know any other automatic defense mechanism ? Thank you in advanced.

    Read the article

  • What are some best practices for cookie based web authentication?

    - by rdasxy
    I'm working on a small side project using CGI and Python (scalability is not an issue and it needs to be a VERY simple system. I was thinking of implementing authentication using cookies, and was wondering if there were any established best practices. When the user successfully authenticates, I want to use cookies to figure out who is logged on. What, according to the best practices, should be stored in such a cookie?

    Read the article

  • How much info can I store in a cookie?

    - by Artemix
    Hi guys, Im developing a flash game and I'd like to know how much info can I store in a browser cookie. The game is simple, but it needs to store several variables in order to save all the details of your current progress. The game is only one swf file, no server, no nothing. I need to know how should I use the cookies to achieve this, and if they have the posibility of doing it, of course. (several = 200 variables i.e)

    Read the article

  • Is there any way to delete an HttpOnly cookie from C# Selenium tests?

    - by BenA
    I have a set of C# Selenium tests that need to delete a cookie that has the HttpOnly flag set. Unfortunately the DefaultSelenium.GetCookie() and DefaultSelenium.DeleteCookie() commands aren't able to access the cookie, because it has that HttpOnly flag set. I've confirmed this by removing the flag by hand, and checking that subsequent calls to either of those methods are then happily able to manipulate the cookie in question. Is there any other way to do this via the Selenium .NET client driver? All ideas welcome!

    Read the article

  • How do I use a custom cookie session serializer in Rack?

    - by Damien Wilson
    Hello SO. I'm currently integrating Warden into a new Rack application I'm building. I'd like to implement a recent patch to Rack that allows me to specify how sessions are serialized; specifically, I'd like to use Rack::Session::Cookie::Identity as the session processor. Unfortunately, the documentation is a little unclear as to what syntax I should use to configure Rack::Session::Cookie in my rackup file, can anyone here tell me what I'm doing wrong? config.ru require 'my_sinatra_app' app = self use Rack::Session::Cookie.new(app, Rack::Session::Cookie::Identity.new), {:key => "auth_token"} use Warden::Manager do |warden| # Must come AFTER Rack::Session warden.default_strategies :password warden.failure_app Jelli::Auth.run! end run MySinatraApp error message from thin !! Unexpected error while processing request: undefined method `new' for #<Rack::Session::Cookie:0x00000110124128> PS: I'm using bundler to manage my gem dependencies and I've likewise included rack's master branch as the desired version. Update: As suggested in the comments below, I have read the documentation; sadly the suggested syntax in the docs is not working. Update: Still no luck on my end; offering up a bounty to whoever can help me figure this out.

    Read the article

  • How do I remove/delete/expire a cookie immediately?

    - by dsimard
    I want to remove a cookie I set. If I do this by giving it a expiration date sometime in the past it gets marked as "expires: at end of session". I've noticed that other sites manage to delete the cookie immediately somehow. For example when you logout here on stackoverflow the "user" cookie disappears right away. How?

    Read the article

  • This .NET code snippet will NOT actually create a cookie, right?

    - by Ryan
    I just realized that this cookie is not showing up like it should, and I checked the code which was not written by me but I am pretty sure that this is NOT enough to create a cookie right?? public static void CreateSSOCookies(string tokenID) { System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Domain = System.Web.HttpContext.Current.Request.ServerVariables["SERVER_NAME"].ToString().ToLower(); System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Value = tokenID.ToString(); System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Path = "~/"; System.Web.HttpContext.Current.Response.Cookies["ssocookies"].Expires = DateTime.Now.AddDays(7); } If it does work, where is the cookie then? Is the cookie name 'ssocookies' ?

    Read the article

  • L'accéléromètre : le cookie ultime pour le traçage mobile ? Des chercheurs montrent que les mouvements de votre mobile trahissent votre identité

    L'accéléromètre : le cookie ultime pour le traçage mobile ? Des chercheurs montrent que les mouvements de votre mobile trahissent votre identité Comme le souligne Adage, spécialiste de l'actualité de l'industrie publicitaire, l'une des limitations communes aux cookies est leur incapacité à suivre à la trace un smartphone. C'est cette réalité parmi tant d'autres qui à poussé des poids lourds de l'industrie de la technologie comme Microsoft, Google ou encore Apple à travailler sur des alternatives...

    Read the article

  • How to get the domain value for a cookie in Javascript?

    - by Wabbitseason
    Using Javascript I'd like to get the domain value for a specific cookie. Is this possible? If so, how? To clarify: I'm not looking for the value of the cookie. I'm on "subdomain.domain.com" and I need to remove a cookie whose name is known but its domain value is something like ".domain.com". In short: I'd like to get the value of ".domain.com".

    Read the article

  • Simple App Engine Sessions Implementation

    - by raz0r
    Here is a very basic class for handling sessions on App Engine: """Lightweight implementation of cookie-based sessions for Google App Engine. Classes: Session """ import os import random import Cookie from google.appengine.api import memcache _COOKIE_NAME = 'app-sid' _COOKIE_PATH = '/' _SESSION_EXPIRE_TIME = 180 * 60 class Session(object): """Cookie-based session implementation using Memcached.""" def __init__(self): self.sid = None self.key = None self.session = None cookie_str = os.environ.get('HTTP_COOKIE', '') self.cookie = Cookie.SimpleCookie() self.cookie.load(cookie_str) if self.cookie.get(_COOKIE_NAME): self.sid = self.cookie[_COOKIE_NAME].value self.key = 'session-' + self.sid self.session = memcache.get(self.key) if self.session: self._update_memcache() else: self.sid = str(random.random())[5:] + str(random.random())[5:] self.key = 'session-' + self.sid self.session = dict() memcache.add(self.key, self.session, _SESSION_EXPIRE_TIME) self.cookie[_COOKIE_NAME] = self.sid self.cookie[_COOKIE_NAME]['path'] = _COOKIE_PATH print self.cookie def __len__(self): return len(self.session) def __getitem__(self, key): if key in self.session: return self.session[key] raise KeyError(str(key)) def __setitem__(self, key, value): self.session[key] = value self._update_memcache() def __delitem__(self, key): if key in self.session: del self.session[key] self._update_memcache() return None raise KeyError(str(key)) def __contains__(self, item): try: i = self.__getitem__(item) except KeyError: return False return True def _update_memcache(self): memcache.replace(self.key, self.session, _SESSION_EXPIRE_TIME) I would like some advices on how to improve the code for better security. Note: In the production version it will also save a copy of the session in the datastore. Note': I know there are much more complete implementations available online though I would like to learn more about this subject so please don't answer the question with "use that" or "use the other" library.

    Read the article

  • What would be a better implementation of shared variable among subclass

    - by Churk
    So currently I have a spring unit testing application. And it requires me to get a session cookie from a foreign authentication source. Problem what that is, this authentication process is fairly expensive and time consuming, and I am trying to create a structure where I am authenticate once, by any subclass, and any subsequent subclass is created, it will reuse this session cookie without hitting the authentication process again. My problem right now is, the static cookie is null each time another subclass is created. And I been reading that using static as a global variable is a bad idea, but I couldn't think of another way to do this because of Spring framework setting things during run time and how I would set the cookie so that all other classes can use it. Another piece of information. The variable is being use, but is change able during run time. It is not a single user being signed in and used across the board. But more like a Sub1 would call login, and we have a cookie. Then multiple test will be using that login until SubX will come in and say, I am using different credential, so I need to login as something else. And repeats. Here is a outline of my code: public class Parent implements InitializingBean { protected static String BASE_URL; public static Cookie cookie; ... All default InitializingBean methods ... afterPropertiesSet() { cookie = // login process returns a cookie } } public class Sub1 extends Parent { @resource public String baseURL; @PostConstruct public void init() { // set parents with my baseURL; BASE_URL = baseURL; } public void doSomething() { // Do something with cookie, because it should have been set by parent class } } public class Sub2 extends Parent { @resource public String baseURL; @PostConstruct public void init() { // set parents with my baseURL; BASE_URL = baseURL; } public void doSomethingElse() { // Do something with cookie, because it should have been set by parent class } }

    Read the article

  • Login Script for PostGreSQL and PHP not working =[

    - by MrEnder
    Ok I'm quite new at logins what not so bare with me here lol but I gota learn so don't discourage me. I tried this so far <?php $error = ""; $conn = pg_connect("host=localhost dbname=brittains_db user=brittains password=XXXX" ); $sql = "SELECT * FROM logins"; $result = pg_query($conn, $sql); if($_SERVER["REQUEST_METHOD"] == "GET") { $userName=""; $password=""; } else if($_SERVER["REQUEST_METHOD"] == "POST") { $userName=trim($_POST["userNameLogin"]); $password=trim($_POST["passwordLogin"]); if(pg_fetch_result($results, $userName, "userName")==true && pg_fetch_result($results, $password, "userName")==true) { setcookie("userIDforDV", $userName, time()+43200); } else { $error = "Your username and or password is incorrect"; } } $userName = $_COOKIE['userIDforDV']; if(isset($userName) && $userName!="") { echo "Welcome " . $userName; } echo $error; ?> <form> <table> <tr> <td class="signupTd"> User Name:&nbsp; </td> <td> <input type="text" name="userNameLogin" value="" size="20" /> </td> </tr> <tr> <td class="signupTd"> Password:&nbsp; </td> <td> <input type="password" name="passwordLogin" value="" size="20" /> </td> </tr> <tr> <td class="signupTd" colspan="2"> <input type="submit" name="submit" value="Submit"/> </td> </tr> </table> </form> that was the idea I came up with... but its prolly a really bad idea and it doesn't work... how might I go about this properly? I need really detailed descriptions please. Thanks a tun Shelby

    Read the article

  • Scriptable testing/debugging HTTP/HTTPS cookies and redirects

    - by Peter Boughton
    I need to setup some automated testing of HTTP requests, to check cookies are doing the right thing, with (manual) debugging when there is a problem. So far I've been muddling along with Firebug, but it's quite a bit of effort using that, and I would prefer some form of scriptable tool, both to make it easier for me and to allow an automated regression test. Any recommendations?

    Read the article

  • php - track down premature headers leak

    - by user151841
    I'm using set_cookie() on a site. After adding some functionality, I'm getting Warning: Cannot modify header information - headers already sent by... error. The line number it references as to where the headers initiated from is the very line where set_cookie() is! And I checked, it's not being called twice. How can I track down these premature headers? I looked at the source code and didn't see any stray characters or anything before the error message starts ( I'm using xdebug, so the first thing is a , which I thought was me, but is actually the beginning of the xdebug message ). I've grepped my code for extra echo and so forth -- nothing. Can PHP tell me when and where the headers are starting? Or are they really starting on the set_cookie line, and if so, how have I gotten myself into this situation, and how do I get out?

    Read the article

  • Perl - WWW::Mechanize Cookie Session Id is being reset with every get(), how to make it stop?

    - by Phill Pafford
    So I'm scraping a site that I have access to via HTTPS, I can login and start the process but each time I hit a new page (URL) the cookie Session Id changes. How do I keep the logged in Cookie Session Id? #!/usr/bin/perl -w use strict; use warnings; use WWW::Mechanize; use HTTP::Cookies; use LWP::Debug qw(+); use HTTP::Request; use LWP::UserAgent; use HTTP::Request::Common; my $un = 'username'; my $pw = 'password'; my $url = 'https://subdomain.url.com/index.do'; my $agent = WWW::Mechanize->new(cookie_jar => {}, autocheck => 0); $agent->{onerror}=\&WWW::Mechanize::_warn; $agent->agent('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100407 Ubuntu/9.10 (karmic) Firefox/3.6.3'); $agent->get($url); $agent->form_name('form'); $agent->field(username => $un); $agent->field(password => $pw); $agent->click("Log In"); print "After Login Cookie: "; print $agent->cookie_jar->as_string(); print "\n\n"; my $searchURL='https://subdomain.url.com/search.do'; $agent->get($searchURL); print "After Search Cookie: "; print $agent->cookie_jar->as_string(); print "\n"; The output: After Login Cookie: Set-Cookie3: JSESSIONID=367C6D; path="/thepath"; domain=subdomina.url.com; path_spec; secure; discard; version=0 After Search Cookie: Set-Cookie3: JSESSIONID=855402; path="/thepath"; domain=subdomain.com.com; path_spec; secure; discard; version=0 Also I think the site requires a CERT (Well in the browser it does), would this be the correct way to add it? $ENV{HTTPS_CERT_FILE} = 'SUBDOMAIN.URL.COM'; ## Insert this after the use HTTP::Request... Also for the CERT In using the first option in this list, is this correct? X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)

    Read the article

  • Persisting Session Between Different Browser Instances

    - by imran_ku07
        Introduction:          By default inproc session's identifier cookie is saved in browser memory. This cookie is known as non persistent cookie identifier. This simply means that if the user closes his browser then the cookie is immediately removed. On the other hand cookies which stored on the user’s hard drive and can be reused for later visits are called persistent cookies. Persistent cookies are less used than nonpersistent cookies because of security. Simply because nonpersistent cookies makes session hijacking attacks more difficult and more limited. If you are using shared computer then there are lot of chances that your persistent session will be used by other shared members. However this is not always the case, lot of users desired that their session will remain persisted even they open two instances of same browser or when they close and open a new browser. So in this article i will provide a very simple way to persist your session even the browser is closed.   Description:          Let's create a simple ASP.NET Web Application. In this article i will use Web Form but it also works in MVC. Open Default.aspx.cs and add the following code in Page_Load.    protected void Page_Load(object sender, EventArgs e)        {            if (Session["Message"] != null)                Response.Write(Session["Message"].ToString());            Session["Message"] = "Hello, Imran";        }          This page simply shows a message if a session exist previously and set the session.          Now just run the application, you will just see an empty page on first try. After refreshing the page you will see the Message "Hello, Imran". Now just close the browser and reopen it or just open another browser instance, you will get the exactly same behavior when you run your application first time . Why the session is not persisted between browser instances. The simple reason is non persistent session cookie identifier. The session cookie identifier is not shared between browser instances. Now let's make it persistent.          To make your application share session between different browser instances just add the following code in global.asax.    protected void Application_PostMapRequestHandler(object sender, EventArgs e)           {               if (Request.Cookies["ASP.NET_SessionIdTemp"] != null)               {                   if (Request.Cookies["ASP.NET_SessionId"] == null)                       Request.Cookies.Add(new HttpCookie("ASP.NET_SessionId", Request.Cookies["ASP.NET_SessionIdTemp"].Value));                   else                       Request.Cookies["ASP.NET_SessionId"].Value = Request.Cookies["ASP.NET_SessionIdTemp"].Value;               }           }          protected void Application_PostRequestHandlerExecute(object sender, EventArgs e)        {             HttpCookie cookie = new HttpCookie("ASP.NET_SessionIdTemp", Session.SessionID);               cookie.Expires = DateTime.Now.AddMinutes(Session.Timeout);               Response.Cookies.Add(cookie);         }          This code simply state that during Application_PostRequestHandlerExecute(which is executed after HttpHandler) just add a persistent cookie ASP.NET_SessionIdTemp which contains the value of current user SessionID and sets the timeout to current user session timeout.          In Application_PostMapRequestHandler(which is executed just before th session is restored) we just check whether the Request cookie contains ASP.NET_SessionIdTemp. If yes then just add or update ASP.NET_SessionId cookie with ASP.NET_SessionIdTemp. So when a new browser instance is open, then a check will made that if ASP.NET_SessionIdTemp exist then simply add or update ASP.NET_SessionId cookie with ASP.NET_SessionIdTemp.          So run your application again, you will get the last closed browser session(if it is not expired).   Summary:          Persistence session is great way to increase the user usability. But always beware the security before doing this. However there are some cases in which you might need persistence session. In this article i just go through how to do this simply. So hopefully you will again enjoy this simple article too.

    Read the article

  • Top 10 collection completion - a monster in-query formula in MySQL?

    - by Andrew Heath
    I've got the following tables: User Basic Data (unique) [userid] [name] [etc] User Collection (one to one) [userid] [game] User Recorded Plays (many to many) [userid] [game] [scenario] [etc] Game Basic Data (unique) [game] [total_scenarios] I would like to output a table that shows the collection play completion percentage for the Top 10 users in descending order of %: Output Table [userid] [collection_completion] 3 95% 1 81% 24 68% etc etc In my mind, the calculation sequence for ONE USER is: grab user's total owned scenarios from User Collection joined with Game Basic Data and COUNT(gbd.total_scenarios) grab all recorded plays by COUNT(DISTINCT scenario) for that user Divide all recorded plays by total owned scenarios So that's 2 queries and a little PHP massage at the end. For a list of users sorted by completion percentage things get a little more complicated. I figure I could grab all users' collection totals in one query, and all users recorded plays in another, and then do the calcs and sort the final array in PHP, but it seems like overkill to potentially be doing all that for 1000+ users when I only ever want the Top 10. Is there a wicked monster query in MySQL that could do all that and LIMIT 10? Or is sticking with PHP handling the bulk of the work the way to go in this case?

    Read the article

  • How do I check the value of a cooke in other places in my iPhone app?

    - by squeezemylime
    I am setting a cookie to whether a user is logged in or not in my iPhone app. I set it using the following: // Build the cookie. NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:cookieDictionary]; // Store the cookie. [[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:cookie]; // Log the Cookie and display it for (cookie in [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies]) { NSLog(@"%@", cookie.value); } However, if I run this loop in other parts of the app (the 'for' loop), it isn't recognized...Is there a simple way I can find the value in other views of the app?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. I works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Doubt related to PHP Cookies

    - by Richa
    Hey guys! I have a doubt, I will appreciate if you can clear it . COOKIES What are cookies? When described as entities, which is how cookies are often referenced in conversation, you can be easily misled. Cookies are actually just an extension of the HTTP protocol. Specifically, there are two additional HTTP headers: Set-Cookie and Cookie.The operation of these cookies is best described by the following series of events: Client sends an HTTP request to server. Server sends an HTTP response with Set-Cookie: foo=bar to client. Client sends an HTTP request with Cookie: foo=bar to server. Server sends an HTTP response to client. Thus, the typical scenario involves two complete HTTP transactions. In step 2, the server is asking the client to return a particular cookie in future requests. In step 3, if the user’s preferences are set to allow cookies, and if the cookie is valid for this particular request, the browser requests the resource again but includes the cookie. Now my question is....... why you cannot determine whether a user’s preferences are set to allow cookies during the first request????

    Read the article

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >