Search Results

Search found 11227 results on 450 pages for 'login attempts'.

Page 195/450 | < Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202 | Next Page >

How to Store State in Silverlight WCF RIA Services

- by peter

Hi All, I am developing a silverlight 3 application using WCF RIA services. I am using the AuthenticationBase class to handle my authentication. As I understand it under the hood this uses the ASP .NET authentication libraries. When I log into the site the authentication service handles login state so that if I close the site and open it straight away I am still logged in according to the server. When the webpage is refreshed or closed and reloaded I can call the method, WebContextBase.Current.Authentication.LoadUser() And it goes back to the authentication service (running on the server) and figures out whether I am still logged into the site. If a timeout has occured the answer will be no. If that is the case I can show a login dialog. The problem I want to solve is that the authentication service consumes the password, and there is no way I can ever retrieve that password again. If the user logs into the site I want to store the password on the server, and return a token to the client side to match up with that password. I have some other services on the server side that need that password. So where should I store that password on the server? How can that be done? How does the WCF authentication store state?

Read the article
Strange unset cookie problem

- by neobie

Hi there, I have a strange problem to clear Cookie via PHP. Lets say if I have a domain neobie.net I store "remember user login" cookie name as "USER_INFO" which contains string to identify user login in the next time of revisit. now using firefox, I saw that I have 2 cookies USER_INFO with domain "www.neobie.net" and ".neobie.net" with expiration date of 1 week later. I wrote a logout.php script, which clear the cookie of different domain (.neobie.net, www.neobie.net, neobie.net) to ensure that USER_INFO cookie is completely cleared for different domain. Now is the problem. The user isn't able to clear the cookie when user visit logout.php I found out that, I have to manually delete the cookie with domain "www.neobie.net", leaving the ".neobie.net " intact, then only the cookie can be cleared. So, I have to make the php script to setcookie USER_INFO on ".neobie.net", and prevent it to set cookie on "www.neobie.net" to make the logout.php script work. But I don't understand why I couldn't clear the cookie for "www.neobie.net" (with leading www. , tested on firefox and chrome)

Read the article
Simple Prototype.js code to select multiple elements with the same classname

- by stephemurdoch

I have one link with an id of "link", and I use the javascript below to open that link up in a modalbox: #In my template I have: <a href="some/path" id="link">link</a> #Then in my application.js file I have: document.observe('dom:loaded', function() { $('login-link').observe('click', function(event) { event.stop(); Modalbox.show(this.href,{title: 'some title', width: 500}); }); }) Since id's must be unique, this javascript only works for one element per page so I use it to observe my login-link and it has served me well. Until now. I want to use the same javascript to observe multiple links which have classnames instead of id's as below: <a href="link/to/some/stuff" class="link">link 1</a> <a href="link/to/some/other/stuff" class="link">link 2</a> When I do this, I can't get any of the links to open in a modalbox. If I change the class to an id for each link, then I can get the first link in the list to open in a modalbox. I've tried to use the '$$' notation to build an array of links in my javascript (shown below) but if I do that, then none of the links open correctly #document.observe method removed for display purposes $$('link').observe('click', function(event) { event.stop(); Modalbox.show(this.href,{title: 'some title', width: 500} ); }); My javascript skills obviously suck. Does anyone know how to fix the problem?

Read the article
Django - The included urlconf doesn't have any patterns in it

- by unsorted

My website, which was working before, suddenly started breaking with the error "ImproperlyConfigured at / The included urlconf resume.urls doesn't have any patterns in it" The project base is called resume. In settings.py I have set ROOT_URLCONF = 'resume.urls' Here's my resume.urls, which sits in the project root directory. from django.conf.urls.defaults import * # Uncomment the next two lines to enable the admin: from django.contrib import admin admin.autodiscover() urlpatterns = patterns('', # Example: # (r'^resume/', include('resume.foo.urls')), # Uncomment the admin/doc line below and add 'django.contrib.admindocs' # to INSTALLED_APPS to enable admin documentation: (r'^admin/doc/', include('django.contrib.admindocs.urls')), # Uncomment the next line to enable the admin: (r'^admin/', include(admin.site.urls)), (r'^accounts/login/$', 'django.contrib.auth.views.login'), #(r'^employer/', include(students.urls)), (r'^ajax/', include('urls.ajax')), (r'^student/', include('students.urls')), (r'^club/(?P<object_id>\d+)/$', 'resume.students.views.club_detail'), (r'^company/(?P<object_id>\d+)/$', 'resume.students.views.company_detail'), (r'^program/(?P<object_id>\d+)/$', 'resume.students.views.program_detail'), (r'^course/(?P<object_id>\d+)/$', 'resume.students.views.course_detail'), (r'^career/(?P<object_id>\d+)/$', 'resume.students.views.career_detail'), (r'^site_media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': 'C:/code/django/resume/media'}), ) I have a folder called urls and a file ajax.py inside. (I also created a blank init.py in the same folder so that urls would be recognized.) This is ajax.py. from django.conf.urls.defaults import * urlpatterns = patterns('', (r'^star/(?P<object_id>\d+)$', 'resume.students.ajax-calls.star'), ) Anyone know what's wrong? This is driving me crazy. Thanks,

Read the article
Redirect parent of a page from a cfwindow

- by Ryan French

Hi All, I have a page with cfwindow that require the user to be logged in to view the content on the page. The problem at the moment is if the user logs into the site, then does nothing and the session times out, I have no way that I can think of to redirect the parent of the window to the login screen when the user opens it. So far I have tried using cflocation but that has no way of specifying the container that should be redirected (i.e. the page in the window is being redirected but not the windows parent). I have also thought about using a hidden input with a value based on the session which is then check with Body onLoad event but currently this doesnt work with how the pages have been setup. The last option I have is to check the session variable on loading the window and then closing it if the user is not logged in, which will cause the parent to refresh and redirect to login anyway. However I cant find a way to close a cfwindow without using javascript. Thanks for any help you can give.

Read the article
How to display my server's current response time to an average user

- by Jason

Sorry, I'm not really sure of the right way to ask this one so bear with me... We have a web application that runs on a set of servers at a data center (not in our offices) We want to be able to somehow 'advertise' to our clients/users that the availability or response time of our servers has met a standard throughout the day. I am being asked to come up with a standard metric that we can easily advertise on our login screen that shows current "standard response time" checked every x minutes. My thinking is that I need to capture something like the results of a traceroute from a server (either in our office, amazon, etc..) to one of the data center servers and come up with a Red/Yellow/Green type of a notifier for the login screen to let the user know that our tests are responding normally and if they are having delay issues it could be their network or connection to the internet. We have lots of clients in rural areas that have poor connectivity and we are trying to let them know any slowness might be on their end, not ours. I've got the LAMP stack to work with, but this could also be some other system all together as long as it can update the main server with the results. I already have pingdom reports that are available, but that's a bit more than people want to read sometimes. Any ideas on what I can do?

Read the article
How to properly log out of facebook

- by Gublooo

This is a repeated question and I have followed both the suggestions provided in these StackOverflow links: How to log-out users using FaceBook connect in php and zend Trouble logging out of a FaceBook connect site and destroying sessions The issue is - the code works 90% of the time. Thats the weird part. Out of the 100 times I've logged in and out - I've experienced this problem 5-6 times and 2 of my beta test users have reported the same issue. So when it works- if u click the logout link - u get the facebook popup saying - you being logged out - when it does'nt work - absolutely nothing happens - the page does not refresh - it just sits on that page doing nothing. This is the javascript code that gets called on clicking logout function logout() { FB.Connect.get_status().waitUntilReady(function(status) { switch(status) { case FB.ConnectState.connected: FB.Connect.logoutAndRedirect("http://www.example.com/login/logout"); break; case FB.ConnectState.userNotLoggedIn: window.location = "http://www.example.com/login/logout"; break; } }); return false; } This is the php code: $this-_auth-clearIdentity(); $face = Zend_Registry::get('facebook'); $fb = new Facebook($face['appapikey'], $face['appsecret']); //$fb-clear_cookie_state(); $fb-expire_session(); Anyone experienced such sporadic issues. Thanks

Read the article
Authentication using cookie key with asynchronous callback

- by greg

I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

Read the article
C# webservice async callback not getting called on HTTP 407 error.

- by Ben

Hi, I am trying to test the use-case of a customer having a proxy with login credentials, trying to use our webservice from our client. If the request is synchronous, my job is easy. Catch the WebException, check for the 407 code, and prompt the user for the login credentials. However, for async requests, I seem to be running into a problem: the callback is never getting called! I ran a wireshark trace and did indeed see that the HTTP 407 error was being passed back, so I am bewildered as to what to do. Here is the code that sets up the callback and starts the request: TravelService.TravelServiceImplService svc = new TravelService.TravelServiceImplService(); svc.Url = svcUrl; svc.CreateEventCompleted += CbkCreateEventCompleted; svc.CreateEventAsync(crReq, req); And the code that was generated when I consumed the WSDL: public void CreateEventAsync(TravelServiceCreateEventRequest CreateEventRequest, object userState) { if ((this.CreateEventOperationCompleted == null)) { this.CreateEventOperationCompleted = new System.Threading.SendOrPostCallback(this.OnCreateEventOperationCompleted); } this.InvokeAsync("CreateEvent", new object[] { CreateEventRequest}, this.CreateEventOperationCompleted, userState); } private void OnCreateEventOperationCompleted(object arg) { if ((this.CreateEventCompleted != null)) { System.Web.Services.Protocols.InvokeCompletedEventArgs invokeArgs = ((System.Web.Services.Protocols.InvokeCompletedEventArgs)(arg)); this.CreateEventCompleted(this, new CreateEventCompletedEventArgs(invokeArgs.Results, invokeArgs.Error, invokeArgs.Cancelled, invokeArgs.UserState)); } } Debugging the WS code, I found that even the SoapHttpClientProtocol.InvokeAsync method was not calling its callback as well. Am I missing some sort of configuration?

Read the article
Limiting ssh user account only to access his home directory!

- by EBAGHAKI

By reading some tutorials online I used these commands: Make a local group: net localgroup CopsshUsers /ADD Deny access to this group at top level: cacls c:\ /c /e /t /d CopsshUsers Open access to the copSSH installation directory: cacls copssh-inst-dir /c /e /t /r CopsshUsers Add Copssh user to the group above: net localgroup CopsshUsers mysshuser /add simply put these commands will try to create a usergroup that has no permission on your computer and it only have access to the copSSH Installation directory. This is not true, since you cannot change the permission on your windows directory, the third command won't remove access to windows folder (it says access denied on his log). Somehow I achieved that by taking ownership of Windows folder and then i execute the third command so CopsshUsers has no permissions on windows folder from now on. Now i tried to SSH to the server and it simply can't login! this is kind of funny because with permission on windows directory you can login and without it you can't!! So if you CAN SSH to the server somehow you know that you have access to the windows directory! (Is this really true??) Simple task: Limiting ssh user account only to access his home directory on WINDOWS and nothing else! Guys please help!

Read the article
SQL Server 2008 - db mail issue

- by Chris

Hello. I have two instances of SQL Server 2008. One was upgraded from SQL Server 2000 and one was a clean, new install. SQL Mail operates perfectly on both instances. DB Mail operates perfectly on the newly installed instance. On the upgraded instance, DB Mail does not send any mail. Of course, I am not positive that the fact this instance is upgraded has anything to do with the issue, but it might. The configuration of my db mail profile and account looks identical to my functioning instance. In the configuration of the 'alerts' tab in the SQL Agent properties i have tried selecting both DB Mail and SQL Mail to no avail. Both instances use the same SMTP server with the same authentication (domain with db engine account). All messages sent via sp_send_db mail and those sent via the 'test email' option are visible in the sysmail_allitems queue and remain there as 'unsent'. The send_status eventually changes to 'failed'. The only messages in the sysmail_event_log are 'mail queue stopped by login domain\myuser', 'mail queue started by login domain/myuser' and 'activiation successful.'. selecting from the externalmailqueue has the same number of rows as sysmail_allitems. i have tried bouncing the agent, the entire instance and moving the other functioning instance to the other node in the cluster. any thoughts? thx.

Read the article
How do I authenticate regarding EJB3 Container ?

- by FMR

I have my business classes protected by EJB3 security annotations, now I would like to call these methods from a Spring controller, how do I do it? edit I will add some information about my setup, I'm using Tomcat for the webcontainer and OpenEJB for embedding EJB into tomcat. I did not settle on any version of spring so it's more or less open to suggestions. edit current setup works this way : I have a login form + controller that puts a User pojo inside SessionContext. Each time someone access a secured part of the site, the application checks for the User pojo, if it's there check roles and then show the page, if it's not show a appropriate message or redirect to login page. Now the bussiness calls are made thanks to a call method inside User which bypass a probable security context which is a remix of this code found in openejb security examples : Caller managerBean = (Caller) context.lookup("ManagerBeanLocal"); managerBean.call(new Callable() { public Object call() throws Exception { Movies movies = (Movies) context.lookup("MoviesLocal"); movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992)); movies.addMovie(new Movie("Joel Coen", "Fargo", 1996)); movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998)); List<Movie> list = movies.getMovies(); assertEquals("List.size()", 3, list.size()); for (Movie movie : list) { movies.deleteMovie(movie); } assertEquals("Movies.getMovies()", 0, movies.getMovies().size()); return null; } });

Read the article
Devise routes to only use custom sign in page

- by eblume

I am trying to learn Devise and seem to have hit a problem that is nearly the same as many, many questions here on SO but just slightly different enough that I am not getting much traction following those questions' threads. I have a very simple application. Users can sign in and sign out (and also the devise 'forgot password' stuff is enabled - I am not concerned about it at this time) and that is it. They can't register, they can't edit their profile other than to change their password, they can't do anything except sign in and sign out. (Account creation will, for now, be handled manually at the command line.) I would vastly prefer that the only page that users can log in from was "/" (root_path). I already have it working where you can log in from "/", and that is great. The problem I am having is that if you type in your user/password combination incorrectly from the root_path login page, it automatically sends you to the Devise sign-in page to continue trying to sign in. How can I make Devise redirect to root_path on sign-in failure? Here are my routes - they are probably not optimal or correctly configured and I would appreciate pointers on fixing them: root to: "core_pages#splash" devise_for :users, skip: [:sessions] as :user do # get 'signin' => 'devise/sessions#new', as: :new_user_session post 'signin' => 'devise/sessions#create', as: :user_session delete 'signout' => 'devise/sessions#destroy', as: :destroy_user_session, via: Devise.mappings[:user].sign_out_via end match '/home' => 'core_pages#home' Note the commented-out 'get signin' line. The system works without this line but, surprisingly (to me), "GET /signin" results in a HTTP 400 (OK) response and renders the Devise login template. I would prefer it return some sort of 'invalid request' or just silently redirect the user to root_path. Running rake routes on these routes gives: root / core_pages#splash user_password POST /users/password(.:format) devise/passwords#create new_user_password GET /users/password/new(.:format) devise/passwords#new edit_user_password GET /users/password/edit(.:format) devise/passwords#edit PUT /users/password(.:format) devise/passwords#update user_session POST /signin(.:format) devise/sessions#create destroy_user_session DELETE /signout(.:format) devise/sessions#destroy home /home(.:format) core_pages#home Thanks!

Read the article
How to store multiple cookies through PHP Curl

- by Ahmad

'SOUP.IO' is not providing any api. So Iam trying to use 'PHP Curl' to login and submit data through PHP. Iam able to login the website successfully(through cUrl), but when I try to submit data through cUrl, it gives me error of 'invalid user'. When I tried to analysed the code and website, I came to know that cUrl is getting values of only 1-2 cookies. Where as when I open the same page in FireFox, it shows me 6-7 cookies related to 'SOUP.IO'. Can some one guide me how to get all these 7 cookies values. Following cookies are getable by cUrl: soup_session_id Following cookies are shown in Firefox (not through cUrl): __qca, __utma, __utmb, __utmc, __utmz Following is my cUrl code: $cookie_file_path = getcwd()."/cookie/cookie.txt"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://www.soup.io'); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_HEADER, TRUE); curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) FirePHP/0.4'); curl_setopt($ch, CURLOPT_MAXREDIRS, 10); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $result = curl_exec($ch); curl_close($ch); print_r($result); ? Can some one guide me in this regards Thanks in advance

Read the article
How to achieve high availability?

- by tanyehzheng

My boss wants to have a system that takes into concern of continent wide catastrophic event. He wants to have two servers in US and two servers in Asia (1 login server and 1 worker server in each continent). In the event that earthquake breaks the connection between the two continents, both should work alone. When the connection is revived, they should sync each other back to normal. External cloud system not allowed as he has no confidence. The system should take into account of scalability which means addition of new servers should be easy to configure. The servers should be load balanced. The connection between the servers should be very secure(encrypted and send through SSL although SSL takes care of encryption). The system should let one and only one user log in with one account. (beware of latency between continent and two users sharing account may reach both login server at the same time) Please help. I'm already at the end of my wit. Thank you in advance.

Read the article
How to share the credentials between Webform and Winform?

- by Daniel

Hi! Question: I want to make a login form at the Clickonce deployment webpage, and only allow the authenticated users to download the application. and I want the downloaded application to use the same credentials entered at the webpage, without prompting the users to enter the credentials again. Details: I have an application(Windows Client) which needs customized settings for different users. the application is deployed through ClickOnce. Currently, the users are given the ClickOnce webpage URL, then download the application from there. after download and running the application, the application prompts users with a login form. If their credentials are authenticated, the application loads the customized settings from the server's database according to the credentials given. The problem is, any unauthenticated users can download the application if they just know the ClickOnce deployement webpage's URL. Unauthenticated users won't be able to run the application anyways, because the application asks for credentials when started, but I want to prevent the unauthenticated users from downloading the application at all. Am I asking the wrong question maybe? Your help is much appreciated!

Read the article
master pages, form pages, form runat=server > all onclick methods on master page?

- by b0x0rz

the problem i have is that i have multiple nested master pages: level 1: global (header, footer, login, navigation, etc...) level 2: specific (search pages, account pages, etc...) level 3: the page itself now, since only one form can have runat=server, i put the form at global page (so i can handle things like login, feedback, etc...). now with this solution i'd have to also put the for example level 3 (see above) methods, such as search also on the level 1 master page, but this will lead to this page being heavy (for development) with code from all places, even those that are used on a single page only (change email form for example). is there any way to delegate such methods (for example: ChangeEMail) from level 1 (global masterpage) to level 3 (the single page itself). to be even more clear: i want to NOT have to have the method ChangeEMail on the global master page code behind, but would like to 'MOVE' it somehow to the only page that will actually use it. the reason why it currently has to be on the global master is that global master has form runat=server and there can be only one of those per aspx page. this way it will be easier (more logical) to structure the code. thnx (hope i explained it correctly) have searched but did not find any general info on handling this case, usualy the answer is: have all the methods on the master page, but i don't like it. so ANY way of moving it to the specific page would be awesome. thnx

Read the article
How to handle dynamic role or username changes in JSF?

- by roadrunner

I have a JSF application running on glassfish 2.1 with a EJB 3 backend. For authentication I use a custom realm. The user authenticates using the e-mail-address and password he specified on registration. Everything is working quite well. Now I have two related problems: 1) The user can edit his profile and -- naturally -- he can also change his e-mail-address. Unfortunately when I perform operations based on the current user's identity using ExternalContext.getUserPrincipal().getName(), I will receive the previous e-mail-address the user used on login. At the moment I handle this by forcing the user to reauthenticate after he changed his e-mail-address, but is there another more graceful possibility? 2) Same for user roles. E.g. I have the user roles MEMBER and PREMIUM_MEMBER. A MEMBER may become a PREMIUM_MEMBER during his current session. Unfortunately the role seems to be only determined at login. Is there any possibility, that JSF and EJB recognize the new user role without the need for the user to re-authenticated?

Read the article
log in using fitnesse

- by user1513027

This is a basic HTTP encoding and formatting question. I need to log in from a RESTFixture to a PHP web service. I need to pass in the account, username, and password, as POST variables just as a login page does. Wireshark shows that my login page formats it as accountNumber=accounttest&username=usertest&password=passtest When I do that in the test, I get a POST array of $_POST: Array ( [accountNumber] => accounttest [amp;username] => usertest [amp;password] => passtest ) That would work but the "amp;" obviously makes it so that PHP doesn't find the username. Content type is the same for both live and the test. [CONTENT_TYPE] = application/x-www-form-urlencoded Here are a few other formats I've tried with results. In all three cases, it fails to parse so all fields end up in one array entry. input: accountNumber=accounttest%amp;username=usertest%amp;password=passtest Result: $_POST: Array ( [accountNumber] = accounttest%amp;username=usertest%amp;password=passtest ) input: accountNumber=accounttest;username=usertest;password=passtest Result: $_POST: Array ( [accountNumber] => accounttest;username=usertest;password=passtest ) input: accountNumber=accounttest%26username=usertest%26password=passtest Result: $_POST: Array ( [accountNumber] = accounttest&username=usertest&password=passtest ) So the last one correctly converts the %26 to &, but doesn't break the items apart into array elements.

Read the article
Submit form using javascript, work in FF but not in IE

- by Permana

I have this code. The code below is working in Firefox, but it is not in IE <body> <?php $data = getLoginData($_SESSION['whoyouare']); ?> <form name="frm_redirect_dfr" action="<?php echo $data['url']; ?>" method="POST" id="frm_redirect_dfr" style="display: none;"> <input name="DFRNet_User" value="<?php echo $data['username']; ?>" type="hidden" /> <input name="DFRNet_Pass" value="<?php echo $data['password']; ?>" type="hidden" /> <input name="tbllogin" value="login" type="hidden" /> <input type="submit" value="submit" /> </form> <script language="javascript" type="text/javascript"> document.forms["frm_redirect_dfr"].submit(); </script> </body> What I want to do is, when user access the page, it first will try to get login data, echo it in the form, and submit the form automatically using javascript

Read the article
Question on overview of C# OOP in business WinForms application - scope of Object

- by TimR

I may have all this OO completely wrong, but here goes: Ok the scenario is a classic order entry. Customer places an Order which has OrderLineItems of StockItems. Order is entered by Employee. 1) Application starts and asks for login/password 2) Employee selects 'Orders' from Mainmenu form 3) Orders forms opens.... 4) Employee selects Customer 5) Employee selects Stock adds to OrderLineItems 6) Selects second StockItem; add to OrderLineItems 7) Order is committed, [stock decremented, order posted to DB, Order printed] 8) Employee is returned to MainMenu Now with Object scope: 1) Application starts and asks for login/password Is this the best place to make objEmployee, to be kept whilst in this whole Sales application? 2) Employee selects 'Orders' from Mainmenu form 3) Orders forms opens.... *Make objOrderHeader, is objEmployee able to be passed in or is it created here, or re-created here.* 4) Employee selects Customer - adds/edits Customer details if required... Make objCustomer 5) Employee selects Stock adds to OrderLineItems... *Make objStockItem and objOrderLineItem - add to objOrderLineItems_collection* 6) Selects second StockItem; add to OrderLineItems... *Make objStockItem and objOrderLineItem - add to objOrderLineItems_collection* 7) Order is committed, [stock decremented, order posted to DB, Order printed, Order Entered By = EmployeeID] Once posted to Db, all objects now redundant/garbage [except objEmployee?] 8) Employee is returned to MainMenu is objEmployee still valid as an object?

Read the article
How long do you keep session cookies around for?

- by user246114

Hi, I'm implementing a web app, which uses sessions. I'm using GWT and app engine as my client/server, but I don't think they're doing anything really different than I would do with PHP and apache etc. When a user logs into my web app, I am using HttpSession to start a session for them. I get the session id like this: // From my login servlet: getThreadLocalRequest().getSession(false).getId(); I return the sessionId back to the client, and they store it in a cookie. The tutorial I'm using sets this cookie to 'expire' in two weeks: Cookie.write("sid", theSessionId, 1000 * 60 * 60 * 24 * 14); // two weeks Here's where I'm confused: if the cookie expires in two weeks, then my user will go along using the webapp happily, only to one day browse to my site and be shown a login screen. What are my options? Can I just set no expiration time for this cookie? That way the user would have to explicitly log out, otherwise they could just use the app forever without having to log back in? Or is there a better way to do this? I can't remember sites like Twitter having ever asked me to log back in again. I seem to be permanently logged in. Do they just set no expiration? The webapp isn't protecting any sort of highly sensitive data, so I don't mind leaving a cookie that doesn't expire, but it seems like there must be a better way? This is the tutorial I'm referencing: http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ Thanks

Read the article
best practice - loging events (general) and changes (database)

- by b0x0rz

need help with logging all activities on a site as well as database changes. requirements: * should be in database * should be easily searchable by initiator (user name / session id), event (activity type) and event parameters i can think of a database design but either it involves a lot of tables (one per event) so i can log each of the parameters of an event in a separate field OR it involves one table with generic fields (7 int numeric and 7 text types) and log everything in one table with event type field determining what parameter got written where (and hoping that i don't need more than 7 fields of a certain type, or 8 or 9 or whatever number i choose)... example of entries (the usual things): [username] login failed @datetime [username] login successful @datetime [username] changed password @datetime, estimated security of password [low/ok/high/perfect] @datetime [username] clicked result [result number] [result id] after searching for [search string] and got [number of results] @datetime [username] clicked result [result number] [result id] after searching for [search string] and got [number of results] @datetime [username] changed profile name from [old name] to [new name] @datetime [username] verified name with [credit card type] credit card @datetime datbase table [table name] purged of old entries @datetime etc... so anyone dealt with this before? any best practices / links you can share? i've seen it done with the generic solution mentioned above, but somehow that goes against what i learned from database design, but as you can see the sheer number of events that need to be trackable (each user will be able to see this info) is giving me headaches, BUT i do LOVE the one event per table solution more than the generic one. any thoughts? edit: also, is there maybe an authoritative list of such (likely) events somewhere? thnx stack overflow says: the question you're asking appears subjective and is likely to be closed. my answer: probably is subjective, but it is directly related to my issue i have with designing a database / writing my code, so i'd welcome any help. also i tried narrowing down the ideas to 2 so hopefully one of these will prevail, unless there already is an established solution for these kinds of things.

Read the article
Best practice - logging events (general) and changes (database)

- by b0x0rz

need help with logging all activities on a site as well as database changes. requirements: * should be in database * should be easily searchable by initiator (user name / session id), event (activity type) and event parameters i can think of a database design but either it involves a lot of tables (one per event) so i can log each of the parameters of an event in a separate field OR it involves one table with generic fields (7 int numeric and 7 text types) and log everything in one table with event type field determining what parameter got written where (and hoping that i don't need more than 7 fields of a certain type, or 8 or 9 or whatever number i choose)... example of entries (the usual things): [username] login failed @datetime [username] login successful @datetime [username] changed password @datetime, estimated security of password [low/ok/high/perfect] @datetime [username] clicked result [result number] [result id] after searching for [search string] and got [number of results] @datetime [username] clicked result [result number] [result id] after searching for [search string] and got [number of results] @datetime [username] changed profile name from [old name] to [new name] @datetime [username] verified name with [credit card type] credit card @datetime datbase table [table name] purged of old entries @datetime via automated process etc... so anyone dealt with this before? any best practices / links you can share? i've seen it done with the generic solution mentioned above, but somehow that goes against what i learned from database design, but as you can see the sheer number of events that need to be trackable (each user will be able to see this info) is giving me headaches, BUT i do LOVE the one event per table solution more than the generic one. any thoughts? edit: also, is there maybe an authoritative list of such (likely) events somewhere? thnx stack overflow says: the question you're asking appears subjective and is likely to be closed. my answer: probably is subjective, but it is directly related to my issue i have with designing a database / writing my code, so i'd welcome any help. also i tried narrowing down the ideas to 2 so hopefully one of these will prevail, unless there already is an established solution for these kinds of things.

Read the article
Ant telnet is hanging on a simple task

- by Sagar

<?xml version="1.0" ?> <project name="test" default="root"> <target name="telnet"> <telnet server="10.1.1.1"> <read>login:</read> <write>root</write> <read>password:</read> <write>${PASSWORD}</write> <read>#</read> <write>ls</write> <read>#</read> </telnet> </target> </project> That is the code I have in a build.xml file. When I run ant (version 1.8, in bash) (I have downloaded and copied over the jars for commons-net-2.0 and jakarta-oro-2.0.8 already), this is the output I get: Buildfile: /home/sagar/build.xml telnet: and then it just sits there. When I do a "who" on my server, I can see "System" waiting on login. But there is no progress after this. I can telnet into the server using normal telnet means (putty, bash, etc). I even tried the full telnet command instead of read/write: <telnet server="10.1.1.1" userid="root" password="root"> Any help is much appreciated! Note: JRE 1.5, Ant 1.8, commons-net version 2.0, jakarta version 2.0.8

Read the article

< Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202 | Next Page >