Search Results

Search found 1963 results on 79 pages for 'expired cookies'.

Page 17/79 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • share the same cookie between two website using PHP cURL extension

    - by powerboy
    I want to get the contents of some emails in my gmail account. I would like to use the PHP cURL extension to do this. I followed these steps in my first try: In the PHP code, output the contents of https://www.google.com/accounts/ServiceLoginAuth. In the browser, the user input username and password to login. In the PHP code, save cookies in a file named cookie.txt. In the PHP code, send request to https://mail.google.com/ along with cookies retrieved from cookie.txt and output the contents. The following code does not work: $login_url = 'https://www.google.com/accounts/ServiceLoginAuth'; $gmail_url = 'https://mail.google.com/'; $cookie_file = dirname(__FILE__) . '/cookie.txt'; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); curl_setopt($ch, CURLOPT_URL, $login_url); $output = curl_exec($ch); echo $output; curl_setopt($ch, CURLOPT_URL, $gmail_url); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); $output = curl_exec($ch); echo $output; curl_close($ch);

    Read the article

  • How to reliably identify users across Internet?

    - by amn
    I know this is a big one. In fact, it may be used for some SO community wiki. Anyways, I am running a website that DOES NOT use explicit authentication of users. It's public as in open to everybody. However, due to the nature of the service, some users need to be locked out due to misbehavior. I am currently blocking IP addresses, but I am aware of the supposed fact that many people purposefully reset their DHCP client cache to have their ISP assign them new addresses. Is that a fact? I think it certainly is a lucrative possibility for some people who want to circumvent being denied access. So IPs turn out to be a suboptimal way of dealing with this. But there is nothing else, is it? MAC addresses don't survive on WAN (change from hop to hop?), and even if they did - these can also be spoofed, although I think less easily than IP renewal. Cookies and even Flash cookies are out of the question, because there are tons of "tutorials" how to wipe these, and those intent on wreaking havoc on Internet are well aware and well equipped against such rudimentary measures I would employ. Is there anything else to lean on? I was thinking heuristical profiling - collecting available data from client-side and forming some key with it, but have not gone as far as to implementing it - is it an option?

    Read the article

  • Rails 2.3.14 setting expire_after for sessions is ignored

    - by Sergii Shablatovych
    I have next config in my environment.rb: config.action_controller.session_store = :cookie_store config.action_controller.session = { :expire_after => 14.days, :domain => DOMAIN, :session_key => '_session', :secret => 'some_string' } Setting session_store to active_record_store or mem_cache_store didn't help. Also i've tried just setting cookie from controller (with all founded options for expire): cookies[:test] = { :value => 'test' , :expires => 3600.to_i.from_now.utc } In both ways all sessions and cookies are deleted after closing browser window - they are only for browser session. I've tried almost all variants founded in the Internet - no luck( My config is: Ubuntu 10.04 LTS, rails 2.3.14, ruby Enterprise Edition 1.8.7, Phusion Passenger version 3.0.11 and Nginx compiled by Phusion Passenger. I've an options that it's Nginx not allowing setting some headers but also didn't find any solution. Any help appreciated! Thanks UPD. i've tried to put all configs for sessions to config/initializers/session_store.rb - nothing changed. i have a feeling that it's not a rails problem. may it be phusion + nginx error? i don't even know how to check where the problem is.

    Read the article

  • $_SESSION v. $_COOKIE

    - by taeja87
    I learned about $_SESSION about several weeks ago when creating a login page. I can successfully login and use it with variables. Currently I am trying to understand $_SESSION and $_COOKIE. Please correct me if I am wrong, I can use $_SESSION when logging in and moving around pages. With $_COOKIE, it is used to remember when I last visit and preferences. Another thing involving cookies is that when websites use advertisements (for example: Google AdSense), they use the cookies to track when visitor click on a advertisement, right? I can use both ($_SESSION & $_COOKIE)? I read somewhere that you can store the session_id as value for the cookie. Also, I read about security which let to me finding this: What do I need to store in the php session when user logged in?. Is using session_regenerate_id good for when a user comes back to the site? And this: How to store a cookie with php involving uniqid. For those wanting to know about the login, I use email and password. That way the user can be able to change their username. I look forward to learning more about these two from anybody who would like to share their knowledge about it. If I asked too many question, you can just answer the one that you have more experience with. If you need more information, just ask since I might have forgotten to include something. Thank You. Found this: What risks should I be aware of before allowing advertisements being placed on my website?

    Read the article

  • Storing an encrypted cookie with Rails

    - by J. Pablo Fernández
    I need to store a small piece of data (less than 10 characters) in a cookie in Rails and I need it to be secure. I don't want anybody being able to read that piece of data or injecting their own piece of data (as that would open up the app to many kinds of attacks). I think encrypting the contents of the cookie is the way to go (should I also sign it?). What is the best way to do it? Right now I'm doing this, which looks secure, but many things looked secure to people that knew much more than I about security and then it was discovered it wasn't really secure. I'm saving the secret in this way: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) cookies[:secret] = { :value => encryptor.encrypt(secret), :domain => "example.com", :secure => !(Rails.env.test? || Rails.env.development?) } and then I'm reading it like this: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) secret = encryptor.decrypt(cookies[:secret]) Is that secure? Any better ways of doing it? Update: I know about Rails' session and how it is secure, both by signing the cookie and by optionally storing the contents of the session server side and I do use the session for what it is for. But my question here is about storing a cookie, a piece of information I do not want in the session but I still need it to be secure.

    Read the article

  • Google Chrome forgetting registration cookie immediately

    - by Ryan Giglio
    I'm having trouble with cookies on my site's registration form. When a user creates an account, PHP sets one cookie with their user id, and one cookie with a hash containing their user agent and a few other things. Both of these cookies are set to expire in an hour. This is the code that sets the cookie after creating your account $registerHash = hash( "sha512", $_SERVER['HTTP_USER_AGENT'] . $_SERVER['HTTP_HOST'] . $_SERVER['DOCUMENT_ROOT'] ); setcookie("register_user_id", $newUserID, time() + 7200, "/"); setcookie("register_hash", $registerHash, time() + 7200, "/"); The next page is a confirmation page which sends an email and then optionally lets the user go on to fill out more account information. If the user goes on to fill out more, it uses the cookie to know what account to save it to. It works correctly in Firefox and IE, but in Chrome the cookie is forgotten as soon as you go to the next page. The cookie simply doesn't exist. You can see the problem here: http://crewinyourcode.com/register/paid/ If you use Chrome, you will get a registration timeout error as soon as you try to advance past the confirmation page. However on Firefox it works fine.

    Read the article

  • How do browser cookie domains work?

    - by Vilx-
    Due to weird domain/subdomain cookie issues that I'm getting, I'd like to know how browsers handle cookies. If they do it in different ways, it would also be nice to know the differences. In other words - when a browser receives a cookie, that cookie MAY have a domain and a path attached to it. Or not, in which case the browser probably substitutes some defaults for them. Question 1: what are they? Later, when the browser is about to make a request, it checks its cookies and filters out the ones it should send for that request. It does so by matching them against the requests path and domain. Question 2: what are the matching rules? Added: The reason I'm asking this is because I'm interested in some edge cases. Like: Will a cookie for .example.com be available for www.example.com? Will a cookie for .example.com be available for example.com? Will a cookie for example.com be available for www.example.com? Will a cookie for example.com be available for anotherexample.com? Will www.example.com be able to set cookie for example.com? Will www.example.com be able to set cookie for www2.example.com? Will www.example.com be able to set cookie for .com? Etc. Added 2: Also, could someone suggest how I should set a cookie so that: It can be set by either www.example.com or example.com; It is accessible by both www.example.com and example.com.

    Read the article

  • CURL Authentication being lost?

    - by John Sloan
    I am authenticating a login via CURL just fine. I have a variable I am using to display the returned HTML, and it is returning my user control panel as if I am logged in. After authenticating, I want to communicate variables with a form on another page within the site; but for some reason the HTML from that page is returning a non-authenticated version of the header (as if the original authentication never took place.) I have a cookies.txt file with 777 permissions, and have tried just getting the contents of the same page shown when I authenticate and it is as if I am losing any associated session/cookie data somewhere along the way. Here is my curl.class file - <? class Curl { public $cookieJar = ""; // Make sure the cookies.txt file is read/write permissions public function __construct($cookieJarFile = 'cookies.txt') { $this->cookieJar = $cookieJarFile; } function setup() { $header = array(); $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; $header[] = "Cache-Control: max-age=0"; $header[] = "Connection: keep-alive"; $header[] = "Keep-Alive: 300"; $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; $header[] = "Accept-Language: en-us,en;q=0.5"; $header[] = "Pragma: "; // browsers keep this blank. curl_setopt($this->curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7'); curl_setopt($this->curl, CURLOPT_HTTPHEADER, $header); curl_setopt($this->curl, CURLOPT_COOKIEJAR, $this->cookieJar); curl_setopt($this->curl, CURLOPT_COOKIEFILE, $this->cookieJar); curl_setopt($this->curl, CURLOPT_AUTOREFERER, true); curl_setopt($this->curl, CURLOPT_COOKIESESSION, true); curl_setopt($this->curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, true); } function get($url) { $this->curl = curl_init($url); $this->setup(); return $this->request(); } function getAll($reg, $str) { preg_match_all($reg, $str, $matches); return $matches[1]; } function postForm($url, $fields, $referer = '') { $this->curl = curl_init($url); $this->setup(); curl_setopt($this->curl, CURLOPT_URL, $url); curl_setopt($this->curl, CURLOPT_POST, 1); curl_setopt($this->curl, CURLOPT_REFERER, $referer); curl_setopt($this->curl, CURLOPT_POSTFIELDS, $fields); return $this->request(); } function getInfo($info) { $info = ($info == 'lasturl') ? curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL) : curl_getinfo($this->curl, $info); return $info; } function request() { return curl_exec($this->curl); } } ?> And here is my curl.php file - <? include('curl.class.php'); // This path would change to where you store the file $curl = new Curl(); $url = "http://www.site.com/public/member/signin"; $fields = "MAX_FILE_SIZE=50000000&dado_form_3=1&member[email]=email&member[password]=pass&x=16&y=5&member[persistent]=true"; // Calling URL $referer = "http://www.site.com/public/member/signin"; $html = $curl->postForm($url, $fields, $referer); echo($html); ?> <hr style="clear:both;"/> <? $html = $curl->postForm('http://www.site.com/index.php','nid=443&sid=733005&tab=post&eval=yes&ad=&MAX_FILE_SIZE=10000000&ip=63.225.235.30','http://www.site.com/public/member/signin'); echo $html; // This will show you the HTML of the current page you and logged into ?> Any ideas?

    Read the article

  • Do not re-create session id .net cookieless sessions

    - by nLL
    Due to target audience I am using .net cookieless sessions in auto-detect mode and time to time I get visitors redirected with cookiless session url like domain.com/(S(jdhdghdghd))/default.aspx Problem is, if I call this url after session expired .net will re-create it. What I want to find out is a way to force .net to create another session id instead of using the one that came with url. Is it possible?

    Read the article

  • « Consentement explicite » obligatoire pour l'utilisation des Cookies sur les sites Web à partir du 25 mai, Bruxelles a légiféré

    « Consentement explicite » obligatoire pour l'utilisation des Cookies Sur les sites Web à partir du 25 mai, Bruxelles a légiféré Mise à jour du 09/03/2011 par Idelways À partir du 25 mai prochain, l'Union européenne imposera aux sites web d'obtenir le « consentement explicite » de l'utilisateur avant de pouvoir stocker et lire des cookies sur son ordinateur. Une démarche étonnante. Une démarche en tout cas très différente et plus radicale que les

    Read the article

  • How will we be able to produce websites without using cookies with the new law? [closed]

    - by Theresa Forster
    Possible Duplicate: How do I comply with the EU Cookie Directive? Under this new EU law we are not allowed to use any cookies without asking first, I for one need to use a cookie to register the user logged on, as if not with a cookie they can log on more than once and breach the license terms of the software. so i find myself asking what can we use instead of cookies to perform this task?

    Read the article

  • Mozilla repousse le blocage par défaut des cookies tiers de son navigateur , l'industrie publicitaire a-t-elle eu raison de son projet ?

    Mozilla repousse le blocage par défaut des cookies tiers de son navigateur , l'industrie publicitaire a-t-elle eu raison de son projet ? Au début de cette année, Mozilla annonçait sa volonté de désactiver par défaut les cookies tiers de son navigateur. Cette annonce a reçu les éloges des défenseurs de la vie privée tandis que l'industrie de la publicité n'as pas manqué de manifester sa farouche opposition. Selon les plans de Mozilla, ces changements devaient être intégrés à la version 22 de...

    Read the article

  • Request error "enable cookies" while posting app request to LinkedIn

    - by Jay
    Cookie error Hi, I am running S60 SDK 5th with Eclipse pulsar on win 7. I have oauth_token using with this Url https://www.linkedin.com/uas/oauth/authorize?oauth_token=. To get that grant access screen by LinkedIn. I am loading above Url using htmlComponent, and adding HtmlComponent to form and show it. Occasionally when I click on the "Ok I'll Allow It" button (i.e. after the button has been pressed) I get the following error message. "We’re sorry, there was a problem with your request. Please make sure you have cookies enabled and try again." but i'm receiving the response with oauth_token, oauth_token_secret, oauth_callback_confirmed = true, xoauth_request_auth_url, oauth_expires_in. Some buddy please help.

    Read the article

  • JavaScript and ASP.NET - Cookies with Key / Value Pairs

    - by user208662
    Hello, This question mixes client-side scripting with server-side parsing. In some cases, I'm writing a cookie to the user's browser using the document.cookie property. In other cases, I'm writing the same cookie to the user's browser through the ASP.NET Response object. When I'm writing the HttpCookie on the server-side, I am using the Values collection (http://msdn.microsoft.com/en-US/library/system.web.httpcookie.values%28v=VS.80%29.aspx) to store key/value pairs in the cookie. I would also like to be able to write key-value pairs to the cookie through JavaScript. How do I create cookies with Key/Value pairs via JavaScript that ASP.NET can parse? Thank you!

    Read the article

  • how use ASP.NET_SessionId cookies to check timeout for 2 different web applications

    - by user553858
    Hi All I am developing 2 web applications based on "ASP.NET_SessionId" cookies to check session timeout and also to logout : protected void Session_Start(object sender, EventArgs e) { if (Context.Session != null) { //check the IsNewSession value, this will tell us if the session has been reset if (Session.IsNewSession) { string cookie = Request.Headers["Cookie"]; // Code that runs when a new session is started if ((null != cookie) && (cookie.IndexOf("ASP.NET_SessionId") >= 0)) { if (Request.QueryString["timeout"] == null || !Request.QueryString["timeout"].ToString().Equals("yes")) Session.Abandon(); Session.Clear(); Response.Redirect("Login.aspx?timeout=yes"); } } } } This works fine for my first application. When implementing the same logic for the 2nd application when I press logout in one application, the second application is redirected to the login page. How can I fix this? Best regards

    Read the article

  • WP: redirect users to a certain category using cookies

    - by kass
    Basically like cragslist. once you select city on craigslist, nexttime when you go to the site, it redirects you to the city you selected. What I want to achieve: When a person comes to the site and selects a particular category, the next time they come to the site (returning user) - the page will open up on that category section. I would think this would be fairly easy to do via setting a cookie when the visitor clicks on the category link (or when the category page loads). When they return the following time, the cookie is read and then the page redirects accordingly. Unfortunately my knowledge of PHP and cookies is limited, (hence my search for answers) so I need to ask if anyone can help me out! Anyone have any ideas? Thanks!

    Read the article

  • PHP and Javascript cookies

    - by shummel7845
    Can I access a cookie written with jQuery's cookie plug-in with PHP? I know you can't set Javascript equal to PHP or vice versa, but IN ESSENCE is: $.cookie('var') = $_COOKIE['var']? Again, I know you can't set them equal to each other, but if I set it in jQuery and then go to another page, can PHP access it? I've read lots of posts about this, but I can't seem to find an answer to this part. Note, if I look in Firefox's preferences, I can see the cookies are there, so I know they're set.

    Read the article

  • ASP.NET AJAX, WebSeal Junctions, and Sessions

    - by powella
    I've run up across a problem with ASP.NET AJAX (hooked up to WebServices directly) and accessing our site through a WebSeal junction. Listing 11. On this page; http://www.ibm.com/developerworks/tivoli/library/t-ajaxtam/index.html explains that requests to pages which do not result in a content type of text/html are not sent with cookie data. Hence, no session. ASP.NET AJAX requests are returned with a content type of "application/json; charset=utf-8". As such, the WebSeal junction is not appending the Session Cookie to the request. This results in our WebService seeing the user as invalid, due to no session information. The Junction has been setup properly with the -J parameter (thats an uppercase J, which appends the required script for WebSeal to the bottom of the page - this prevents forcing IE into quirks mode.) and we've confirmed that the necessary script exists in the output source. I'm up for any suggestions at this point, as I'm out of ideas. FWIW, the site runs perfectly when not accessed through the WebSeal Junction.

    Read the article

  • Standard way to persist data between requests in ASP.NET-MVC

    - by Nate Bross
    What is the most standard or best way to persist data between requests? Should I use cookies or session variables? I'm interested in keeping data like sort order, sort column, and page number (for paginiation). I'm coming from a webforms background so normally this type of thing was automatically handled for me in the viewstate of the controls I was using.

    Read the article

  • Why i get Two value for ArrAffinity in my Cookie with Application Request Routing web servers setup

    - by Cédric Boivin
    Hello, I got a problem with ARR and my webfarm. I got a application develop, with a login page, when i log into my web application, i always log out. So I download fiddler to valid the affinity with my server and i see i got two value of key ArrAffinity in my cookie. Somme page got two value : ARRAffinity=2ea1e079a7e09ee9844bb1f5eca66f4f94432d3e832c073b80e0091fda6a54d4 ARRAffinity=d000ece875153770e561ea2d34d5ce85968d56e7a02104e726a25d445de25eed Other one got only have one ARRAffinity=d000ece875153770e561ea2d34d5ce85968d56e7a02104e726a25d445de25eed With this problem, i think my http request, is send to radom iis server on my farm, so the impact is i am disconnect. Anny idea ?

    Read the article

  • Cross-Domain Cookie Problem

    - by Frederick
    Hi Guys, I have a domain A.com [my website] and a remote website B.com which integrates an iframe from my domain [A.com] with a piece of javascript. I want to share cookies across these domains [within the iframe]? How would I go about doing this so it works properly? I thought A.com and B.com are in the same-origin policy ?

    Read the article

  • Can a script called by XHR reference $_COOKIE?

    - by Christian Mann
    Quick yes/no - I'm building an AJAX application and some scripts require authentication. Can I read $_COOKIE['username'] and $_COOKIE['password'] on the server if the PHP script was called via XHR, whether that be $.get() or $.post()? Side question: Can it also set cookies? Is that considered "good practice"?

    Read the article

  • Javascript to encode cookie contents into a get or post?

    - by beeky
    I want to pass cookie contents from one domain to another. I don't want to get involved with actual cross-domain cookies. I was thinking of reading the cookie on the domain that sets it and then sending it as an encrypted JSON object to the domain that wants to use it. Is there an accepted way of doing this and/or a toolkit that handles this sort of thing? Thanks for any help or advice, -=b

    Read the article

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >