Search Results

Search found 1397 results on 56 pages for 'cookies'.

Page 2/56 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Using cookies with lynx

    - by XXL
    lynx -cfg=cfg.file $URL this works with the following contents of the .cfg file: SET_COOKIES:TRUE ACCEPT_ALL_COOKIES:TRUE PERSISTENT_COOKIES:TRUE COOKIE_FILE:cookie.file however, this does not: lynx -cookies=1 -accept_all_cookies=1 -cookie_file=cookie.file $URL if it's going to be of any help - here's the trace: parse_arg(arg_name=-cookies=1, mask=1, count=2) parse_arg lookup(cookies=1) ...skip (mask 1/4) parse_arg(arg_name=-accept_all_cookies=1, mask=1, count=3) parse_arg lookup(accept_all_cookies=1) ...skip (mask 1/4) parse_arg(arg_name=-cookie_file=cookie.file, mask=1, count=4) parse_arg lookup(cookie_file=cookie.file) ...skip (mask 1/4) parse_arg(arg_name=$URL, mask=1, count=5) parse_arg startfile:$URL obvious question, why? the actual difference, from what i see, is the inability to trigger "PERSISTENT_COOKIES:TRUE" by command-line options in lynx. or, maybe, i have overlooked/misunderstood something?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. I works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • How do HttpOnly cookies work with AJAX requests?

    - by Shawn Simon
    JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly cookies work on an AJAX site? Edit: Microsoft created a way to prevent XSS attacks by disallowing JavaScript access to cookies if HttpOnly is specified. FireFox later adopted this. So my question is: If you are using AJAX on a site, like StackOverflow, are Http-Only cookies an option? Edit 2: Question 2. If the purpose of HttpOnly is to prevent JavaScript access to cookies, and you can still retrieve the cookies via JavaScript through the XmlHttpRequest Object, what is the point of HttpOnly? Edit 3: Here is a quote from Wikipedia: When the browser receives such a cookie, it is supposed to use it as usual in the following HTTP exchanges, but not to make it visible to client-side scripts.[32] The HttpOnly flag is not part of any standard, and is not implemented in all browsers. Note that there is currently no prevention of reading or writing the session cookie via a XMLHTTPRequest. [33]. I understand that document.cookie is blocked when you use HttpOnly. But it seems that you can still read cookie values in the XMLHttpRequest object, allowing for XSS. How does HttpOnly make you any safer than? By making cookies essentially read only? In your example, I cannot write to your document.cookie, but I can still steal your cookie and post it to my domain using the XMLHttpRequest object. <script type="text/javascript"> var req = null; try { req = new XMLHttpRequest(); } catch(e) {} if (!req) try { req = new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {} if (!req) try { req = new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {} req.open('GET', 'http://beta.stackoverflow.com/', false); req.send(null); alert(req.getAllResponseHeaders()); </script> Edit 4: Sorry, I meant that you could send the XMLHttpRequest to the StackOverflow domain, and then save the result of getAllResponseHeaders() to a string, regex out the cookie, and then post that to an external domain. It appears that Wikipedia and ha.ckers concur with me on this one, but I would love be re-educated... Final Edit: Ahh, apparently both sites are wrong, this is actually a bug in FireFox. IE6 & 7 are actually the only browsers that currently fully support HttpOnly. To reiterate everything I've learned: HttpOnly restricts all access to document.cookie in IE7 & and FireFox (not sure about other browsers) HttpOnly removes cookie information from the response headers in XMLHttpObject.getAllResponseHeaders() in IE7. XMLHttpObjects may only be submitted to the domain they originated from, so there is no cross-domain posting of the cookies. edit: This information is likely no longer up to date.

    Read the article

  • Webbrowser control and cookies

    - by Mike
    Hello! I have a webbrowser control in my program and what I want to do is to delete all the cookies stored in my computer. The problem is that for example I'm in some site, and then I decide I want to delete all the cookies, so I do it by the command "Kill()" but the problem is that the cookies remain and this site still can recognize me, and to complete the kill command I need to close my program and enter it again. The webbrowser control uses Internet Explorer, and I think when you enter IE it somehow loads all the cookies into it so if you delete your cookies, they remain there. So I'm wondering how can I delete my cookies, completely delete them without the need to close my program and enter it once again. Any help will be appreciated!

    Read the article

  • IE8 losing session cookies in popup windows.

    - by HackedByChinese
    We have an ASP.NET application that uses Forms Auth. When users log in, a session ID cookie and a Forms Auth ticket (stored as a cookie) are generated. These are session cookies, not permanent cookies. It is intentional and desirable that when the browser closes, the user is effectively logged out. Once a user logs in, a new window is popped up using window.open('location here');. The page that is opened is effectively the workspace the user works in throughout the rest of their session. From this page, other pop-ups are also used. Lately, we've had a number of customers (all using latest versions of IE8) complaining that the when they log in, the initial pop-up takes them back to the log in screen rather than their homepage. Alternately, users can sometimes log in, get to the homepage (which again, is in a new pop up window), and it all seems fine, until any additional pop-ups are created, where it starts redirecting them to the log in screen again. In attempting to troubleshoot the issue, I've used good old Fiddler. When the problem starts manifesting, I've noticed that the browser is not sending up the ASP.NET session ID session cookie OR the Forms Auth ticket session cookie, even though the response to the log in POST clearly pushes down those cookies. What's more strange is if I CTRL+N to open a new window from the popped-up window that is missing the session cookies, then manually type in the URL to the home page, those cookies magically appear again. However, subsequent window.open(); calls will continue to be broken, not sending the session cookies and taking the user to the log in screen. It's important to note that sometimes, for seemingly no good reason, those same users can suddenly log in and work normally for a while, then it goes back to broken. Now, I've ensured that there are no browser add-ons, plug-ins, toolbars, etc. are running. I've added our site as a trusted site and dropped the security settings to Low, I've modified the Cookie Privacy policy to "accept all" and even disabled automatic policy settings, manually forcing it to accept everything and include session cookies. Nothing appears to affect it. Also note the web application resides on a single server. There is no load balancing, web gardens, server farms, clusters, etc. The server does reside behind an ISA server, but other than that it's pretty straight forward. I've been searching around for days and haven't found anything actionable. Heck, sometimes I can't even reproduce it reliably. I have found a few references to people having this same problem, but they seem to be referencing an issue that was allegedly fixed in a beta or RC release (example: http://stackoverflow.com/questions/179260/ie8-loses-cookies-when-opening-a-new-window-after-a-redirect). These are release versions of IE, with up-to-date patches. I'm aware that I can try to set permanent cookies instead of session cookies. However, this has drastic security implications for our application. Update It seems that the problem automagically goes away when the user is added as a Local Administrator on the machine. Only time will tell if this change permanently (and positively) affects this problem. Time to bust out ProcMon and see if there is a resource access problem.

    Read the article

  • Accept All Cookies via HttpClient

    - by Vinay
    So this is currently how my app is set up: 1.) Login Activity. 2.) Once logged in, other activities may be fired up that use PHP scripts that require the cookies sent from logging in. I am using one HttpClient across my app to ensure that the same cookies are used, but my problem is that I am getting 2 of the 3 cookies rejected. I do not care about the validity of the cookies, but I do need them to be accepted. I tried setting the CookiePolicy, but that hasn't worked either. This is what logcat is saying: 11-26 10:33:57.613: WARN/ResponseProcessCookies(271): Cookie rejected: "[version: 0] [name: cookie_user_id][value: 1][domain: www.trackallthethings.com][path: trackallthethings][expiry: Sun Nov 25 11:33:00 CST 2012]". Illegal path attribute "trackallthethings". Path of origin: "/mobile-api/login.php" 11-26 10:33:57.593: WARN/ResponseProcessCookies(271): Cookie rejected: "[version: 0][name: cookie_session_id][value: 1985208971][domain: www.trackallthethings.com][path: trackallthethings][expiry: Sun Nov 25 11:33:00 CST 2012]". Illegal path attribute "trackallthethings". Path of origin: "/mobile-api/login.php" I am sure that my actual code is correct (my app still logs in correctly, just doesn't accept the aforementioned cookies), but here it is anyway: HttpGet httpget = new HttpGet(//MY URL); HttpResponse response; response = Main.httpclient.execute(httpget); HttpEntity entity = response.getEntity(); InputStream in = entity.getContent(); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuilder sb = new StringBuilder(); From here I use the StringBuilder to simply get the String of the response. Nothing fancy. I understand that the reason my cookies are being rejected is because of an "Illegal path attribute" (I am running a script at /mobile-api/login.php whereas the cookie will return with a path of just "/" for trackallthethings), but I would like to accept the cookies anyhow. Is there a way to do this?

    Read the article

  • Internet Explorer 8 Loses Cookies

    - by Mikeon
    I'm running Windows 7 for some time now and use Internet Explorer 8 as my main browser. What I've noticed is that it "loses" cookies A LOT! I mean it! Typical situation: I log in into a side checking the remember me checkbox. I reboot the computer/restart the browser, go to the site, get logged in automatically - I'm happy. From time to time however, I'm asked for the credentials. Normal situation you would say. So would I if it didn't happen few times a week. Come on! On Internet Explorer 7 I didn't notice this as much. Cookies were lost once a quarter or so. Note that i was using IE7Pro with my IE - dunno however if it has anything to do with my current problem. Anyway I wonder if this behavior is "normal" or is it only me? more info for people that suggest it may be normal - cookie expiring and stuff. When it happens I loose all auth cookies - gmail, bloglines and whatnot!

    Read the article

  • Are cookies enough for storing login data?

    - by jpjp
    I am reading the Head First PHP/Mysql book and they say to store both the user's username, email into cookies and sessions. Is it safe to assume that everyone nowadays accepts cookies? Or should I store both in sessions and cookies? I am not storing any sensitive data in cookies such as password, etc.

    Read the article

  • Rails 3 and encrypted cookies with IE9

    - by user1832686
    I am using encrypted cookies to pass data to my rails app. Once these cookies get set, they are being passed just fine to Chrome, Firefox, Safari (iOS and OSX version), etc. However, the cookie isn't being passed back on Win7/IE9. I'm using Ruby 1.9 and Rails 3, and using the cookies.permanent.encrypted method of setting the cookie. E.g: cookies.permanent.encrypted[:some_data] = object.some_data Any ideas about what's going on?

    Read the article

  • Maximum number of cookies allowed

    - by Nouveau
    As far as Google searches tell me, the maximum allowed number of cookies depends very much on the browser, however I cannot find any recent data as to how much cookies are allowed on modern browsers. I need to store a somewhat large number of user preferences in cookies (for not-yet-registered users), so what would be the best way of doing that? (Also, those cookies would be accessed both via javascript client-side and php server-side)

    Read the article

  • What cookies are allowed from Internet Explorer using this option?

    - by kiamlaluno
    When I look at the options used from Internet Explorer for the cookies, I read the following description: Blocca i cookie di terze party privi di una versione compatta dell'informativa sulla privacy. Its translation is roughtly: Blocks the cookies without a compact version of the privacy's informative. I don't get which cookies are blocked. From that description, it seems the cookies should include a compact description of the privacy informative, but I don't get how cookies can contain that information, or what happens with cookies set from sites outside the European Union. What cookies are blocked? The screenshot has been taken from Internet Explorer 9, but that words were used also from previous versions. The settings are the ones shown for the "Privacy" tab; I don't recall if the English version calls that tab the same way. EDIT, English screenshot .

    Read the article

  • How can I keep persistent cookies from certain domains only?

    - by Mike L.
    This question is similar this one which covers Firefox, but I want to know how to do it in Chrome: I want Chrome to clear cookies from all sites accept those from certain domains. In the Cookies section of the *Content Settings I've made following selections: (*) Allow local data to be set (recommended) ( ) Allow local data to be set for the current session only ( ) Block sites from setting any data [ ] Block third-party cookies and site data [x] Clear cookies and other sites and plug-in data when I close my browser After logged in to my preferred website(s), I find the required domains listed when I click at All cookies and site data. Let's say, I find some cookies for mysite.comand www.mysite.com. Now I click at Manage exceptions and enter these items: Hostname Pattern Behavior ------------------------------------------- mysite.com Allow www.mysite.com Allow Unfortunately, this does not seem to work, because when I close Chrome and reopen it, all cookies are gone, even those from the configured mysite.com hosts.

    Read the article

  • php session not working (as with cookies disabled), but cookies are enabled for the domain. What oth

    - by SWilk
    Hi, I have a problem with a client, who cannot log in to our system. We have PHP-based B2B system, which uses cookies to store session-id. The client cannot log in and is redirected to the login page, without any error message. He claims he have cookies enabled in his Firefox. Also, if he had cookies disabled, my javascript would detect this and would show him an red, very descriptive error info. He does not seen anything like this. What else could have same effect on sessions like disabled cookies in browser? Are there any proxies which filters cookies? Any AV software, etc? What to look for? Our login form works for any other user without problems.

    Read the article

  • Stopping cookies being set from a domain (aka "cookieless domain") to increase site performance

    - by Django Reinhardt
    I was reading in Google's documentation about improving site speed. One of their recommendations is serving static content (images, css, js, etc.) from a "cookieless domain": Static content, such as images, JS and CSS files, don't need to be accompanied by cookies, as there is no user interaction with these resources. You can decrease request latency by serving static resources from a domain that doesn't serve cookies. Google then says that the best way to do this is to buy a new domain and set it to point to your current one: To reserve a cookieless domain for serving static content, register a new domain name and configure your DNS database with a CNAME record that points the new domain to your existing domain A record. Configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain. In your web pages, reference the domain name in the URLs for the static resources. This is pretty straight forward stuff, except for the bit where it says to "configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain". From what I've read, there's no setting in IIS that allows you to say "serve static resources", so how do I prevent ASP.NET from setting cookies on this new domain? At present, even if I'm just requesting a .jpg from the new domain, it sets a cookie on my browser, even though our application's cookies are set to our old domain. For example, ASP.NET sets an ".ASPXANONYMOUS" cookie that (as far as I'm aware) we're not telling it to do. Apologies if this is a real newb question, I'm new at this! Thanks.

    Read the article

  • Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

    - by Phil
    I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows: I would like to learn more about: User registration User Log-ins User Log-outs User auto-logins I have successfully handled items 1 and 3 due to their simple nature. However, I am confused with item 2 (log-ins) and item 4 (auto-logins). When a user enters username and password, and after hashing with salts and matching it in the DB; What information should I store in the cookies in order to keep the user logged in during the session? Do I keep username+password but encrypt them? Both or just password? Do I keep username and a generated key matching their password? If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies? I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is. I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process. Some information: I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

    Read the article

  • Internet explorer rejects cookies in kerberos protected intranet sites

    - by remix_tj
    I'm trying to build an intranet site using joomla. The webserver is using HTTP Kerberos authentication with mod_kerb_auth. Everything works fine, the users get authenticated and so on. But if i try to login to the administrator panel i can't because IE does not accept the needed cookies. No such problem with firefox. The intranet site is called "intranet_new" and is hosted by webintranet04, under the directory /var/www/vhosts/joomla/intranet_new/. I have my virtualhost for intranet_new containing this: <Location /> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms PROV.TV.LOCAL Krb5KeyTab /etc/apache2/HTTP.keytab require valid-user </Location> The same is for webintranet04 virtualhost, which is the default pointing to /var/www and contains: <Location /vhosts/joomla/> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms PROV.TV.LOCAL Krb5KeyTab /etc/apache2/HTTP.keytab require valid-user </Location> the very strange problem i have is that if i open http:// webintranet04/vhosts/joomla/intranet_new/administrator IE allows me to login, accepting cookie. If i open http:// intranet_new/administrator, instead, i loop on the login page. Last, intranet_new is a CNAME record of webintranet04. This is only an IE problem. I need: - the admin interface to work with IE - the "kerberized" zone to accept cookie, because i am deploying other programs requiring cookies.

    Read the article

  • Google Analytics - Goals - Advanced Segments - Does it keep cookies for tracking visitors?

    - by Kuko
    Hi there, I am working with Google Analytics - Goals and Funnels for quite sometime, but one thing is is not clear for me. I would very much appreciate if you could help me. We are advertising on several sites rotating several different ads. Our main goal is to collect as many sign-ups (new users) as possible for as low price as possible. We use to advertise the way, that each ad has the same URL where to land, but contains different parameter (e.g. http://www.brautpunkt.de/?ref=fb01 or ..... .de/?ref=adw03). My question is: If I am looking at the goals (Goals Overview), filtering it through Advanced Segments (Landing Page contains /?ref=fb01) is this subset of goals done only by the users who registered in the same session after they came on our site directly from the ad? or also by those users who came first time through this ad (/?ref=fb01), didn't register in the same session but came directly for example on the other day and register than? Thank you very much in advance for your advice. Peter

    Read the article

  • Disable cookies for selected sites

    - by acidzombie24
    So far all sites have played nice but recently i ran into a site which aggressively tries to get users to sign up and pretty much puts the site on lockdown after 10 pageviews without signing up. What firefox extension can i use to either freeze or disable cookies for this one specific site? I dont want to whitelist every site i visit because one site is giving me trouble.

    Read the article

  • Internet Explorer 8 remembering me (keeping cookies) in "New Session"

    - by GJ
    From what I gather (e.g. http://tutorialfeed.blogspot.com/2009/06/ie-8-perk-access-multiple-gmail.html ) one can get a new IE8 window clean from older cookies and independent of what's going on in other windows. Alas, when I try that web sites still remember me in the window of the new session. Any ideas what's wrong in my setup? Thanks!

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >