Search Results

Search found 10670 results on 427 pages for 'session cookie'.

Page 23/427 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • start session on page_load in vb.net

    - by gtere
    i have 1 master page with 5 pages that call it. now on the master page, I have few dropdowns and textboxes, and the calling pages only have a small article in the corner. I want to start a session on page_load event, so that if the user chooses to select a dropdown or put data in textbox, even if he clicks on the other 4 links of other pages, the data should stay. how can this be done?

    Read the article

  • ASP Classic and JavaScript check for session status

    - by StealthRT
    I am in need of some help with trying to figure out how to go about checking the users session and seeing if they are still logged in or not. The problem being is because i have a static page that pretty much loads everything into "tabs" using jquery. So when the user navigates the page, it really never leaves that same page they started out on. Hints my problem in trying to determine if they are still logged in or not when they click on update their information on their profile or whatnot.

    Read the article

  • How do i provide a custom session ID getter/setter in asp.net

    - by Monsters
    I want to pass the sessionID as a json parameter, I can see how to override SessionIDManager and such, but this just covers custom creation/validation of sessionID's as opposed to where it actually gets the sessionID from. There is of course 'cookieless' which puts it in the url, but that doesn't work for me either. So i'd like to override the session handling so I can specify where it should look for the sessionID.

    Read the article

  • removing data from session

    - by sarah
    Hi All, i am using the following code to remove a attribute from session List l=(List) sess.getAttribute("allUserslist"); for(int ii=0;ii l1=(List) sess.getAttribute("allUserslist"); System.out.println("final size"+l1.size()); } te final size after removing is still one as before,where i am doing wrong ? }

    Read the article

  • Cookiless Session Is it a security

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user. Thanks

    Read the article

  • OpenWorld Session: Oracle Unified BPM Suite Development Best Practices

    - by Ajay Khanna
    Blog by David Read Earlier today,  Sushil Shukla, Yogeshwar Kuntawar, and I (David Read) delivered an OpenWorld  session that covered BPM development best practices.  It was well attended.  Last year we had a session that covered end-to-end lifecycle best practices for BPM.  This year we narrowed the focus to the development portion of the lifecycle.  We started with an overview of development process best practices, then focused on a few key design topics where we’ve seen common questions from customers and partners. Data Design Using EDN Multi-Instance Activity Using the Spring Component Human Task Integration We wrapped up with an overview of key concepts for effective error handling, including error handling within the process design, and using declarative fault policies. We hope you found the session useful, and as noted in the session, please be sure to try to attend Prasen’s session to see more details about approaches for testing Oracle Business Rules: CON8606  Oracle Business Rules Use Cases, 10/3/2012, 3:30PM  

    Read the article

  • One more chance to get your JDeveloper/ADF session into OOW

    - by shay.shmeltzer
    Did you miss the deadline for submitting sessions to OOW/Oracle Develop? Did you submit a session that didn't get in? Here is one more chance to get a session in - the "suggest a session" process on Oracle Mix is now open to session submissions by users. Then there will be a voting period open to the public - and the most popular sessions will be added to the OOW/Oracle Develop schedule. This is probably your last chance to get a session in this year, and get a free speaker pass to the event. So don't miss it - share your knowledge. https://mix.oracle.com/oow10/proposals More info on the process here.

    Read the article

  • Programmaticaly change lightdm autologin session type

    - by marcinpz
    I have problem with lightdm setting autologin session type (using my config tool). Lightdm logs into previously selected session. I see that autologin-session is UNIMPLEMENTED in version 1.2.1. Maybe I can somehow cheat lightdm? but it seems program writes actual state when stopping and overwrites my changes to /home/user/.dmrc and /var/cache/lightdm/user.dmrc. At the current I have two sessions: default and kiosk. in /etc/lightdm/lightdm.conf I have line: user-session=desktop but after I logged into kiosk session it starts all the time. Changing .dmrc and /var/cache/lightdm/dmrc/user.dmrc doesn't work.

    Read the article

  • Pros and Cons of Session Replication

    - by techsjs2012
    Do I really need Session Replication? I am working on a number of web projects for a firm. Most of the projects are about one or two pages of input and then doing a save to a mysql database. Very Basic projects. My SA's are pushing to try to get session replication working in JBoss but I don't really see any need for it and all of its overhead. We need load balancing and clustering so if the server does go down we can move the new requests to the backup service but I am not to big in session replication. This is very low volume projects. In my eyes what is the odds of a user being in the project as the server goes down on the one or two pages. I need to convince the SAs that session replication is an un-necessary complication in this instance. I am looking for pros and cons of session replication so that I can better structure my argument.

    Read the article

  • What is the most reliable session storage in PHP: Memcache, database or files?

    - by user1179459
    What is the best and most safest way to handle PHP sessions. Is the best way to store sessions in: Database (more reliable, but high bottleneck, slow speed, not good for high database usage websites)? Memcache (super fast, but distributed more security problems, chances of loosing data when the server restarted and chances of loosing data when the cache is full)? Files (default option, I guess slow since it reads and writes from file I/O, less security, etc). Which method is the best? What are the problems and good things of each of those approaches?

    Read the article

  • How can I get Gnome3 to remember my session?

    - by user60381
    I am running Gnome3, but I had the same problem with Unity, on Ubuntu 12.04. I have a fairly elaborate setup I enjoy using day-to-day. A LibreOffice spreadsheet with everyone's extension numbers; a window with reference data I use regularly; two mulit-tabbed Konsole/Terminal windows with several remote systems sessions, firefox with a set of open tabs, and so on. But whenever I log out, when I return, I must set up everything from scratch. I remember the good 'ol days, when I rebooted, I'd re-log in, and all my windows came back up in the same places as they were when I logged out, and my Konsole/Term would come up with the same remote logins as before.... I'd have to re -setup some of my programs, but that's better than having to move every win into place, and resize them, etc. How do I get this functionality back?

    Read the article

  • ASPXAUTH cookie is not being saved.

    - by kripto_ash
    Hi, Im working on a web project in ASP .NET MVC 2. In this project we store some info inside an ecripted cookie (the ASPXAUTH cookie) to avoid the need to query the db for every request. The thing is the code for this part has suddenly stopped working. I reviewed the changes made to the code on the source control server for anything that could be causing it, I found nothing. I even reverted to a known working copy (working on some other persons PC, same code, etc) but after debugging, it seems the .ASPXAUTH cookie is not getting saved anymore. Instead the ASP.NET_SessionId cookie is being set... (wich before wasn't) I changed the web.config file to turn off the sessionState. This eliminated the ASP.NET_SessionId cookie from being set, but it is still not saving the auth cookie. Ive recently installed some Microsoft Windows XP Updates, but the other person (whos PC runs the application just fine) also did. After googling, some info i found pointed out to a problem with the expiration date of the cookie. Ether cus the pc didnt have the right time/date (this was not the case) and others cus of the cookie expiration date being wrongly set. (I checked and it is being set correctly)... The problem persists with other browsers besides the one im using (Chrome) i tried it with IE6. Any ideas on why this is happening? Ill continue to post any helpful information i can find. Thanks in advance.

    Read the article

  • Javascript Cookie Function not working for Domain

    - by danit
    Here are the functions Im using: Set Cookie: function set_cookie ( name, value, exp_y, exp_m, exp_d, path, domain, secure ) { var cookie_string = name + "=" + escape ( value ); if ( exp_y ) { var expires = new Date ( exp_y, exp_m, exp_d ); cookie_string += "; expires=" + expires.toGMTString(); } if ( path ) cookie_string += "; path=" + escape ( path ); if ( domain ) cookie_string += "; domain=" + escape ( domain ); if ( secure ) cookie_string += "; secure"; document.cookie = cookie_string; } Read Cookie: function get_cookie ( cookie_name ) { var results = document.cookie.match ( '(^|;) ?' + cookie_name + '=([^;]*)(;|$)' ); if ( results ) return ( unescape ( results[2] ) ); else return null; } Delete Cookie: function delete_cookie ( cookie_name ) { var cookie_date = new Date ( ); // current date & time cookie_date.setTime ( cookie_date.getTime() - 1 ); document.cookie = cookie_name += "=; expires=" + cookie_date.toGMTString(); } The Jquery I use to construct the cookie: if(get_cookie('visible')== 'no') { $("#wrapper").hide(); $(".help").hide(); $("#slid .show").show(); $("#slid .hide").hide(); } else { $("#slid .show").hide(); $("#slid .hide").show(); } $("#slider").click(function() { if(get_cookie('visible')== null) { set_cookie('visible','no', 2020, 01,01, '/', 'domain.com'); } else { delete_cookie('visible'); } $(".help").slideToggle(); $("#wrapper").animate({ opacity: 1.0 },200).slideToggle(200, function() { $("#slid img").toggle(); }); }); Im trying to set the cookie for all pages that exist under domain.com with the path '/'. However using these functions and jQuery it doesn't appear to be working, any anyone give me an idea of where im going wrong?

    Read the article

  • How long do you keep session cookies around for?

    - by user246114
    Hi, I'm implementing a web app, which uses sessions. I'm using GWT and app engine as my client/server, but I don't think they're doing anything really different than I would do with PHP and apache etc. When a user logs into my web app, I am using HttpSession to start a session for them. I get the session id like this: // From my login servlet: getThreadLocalRequest().getSession(false).getId(); I return the sessionId back to the client, and they store it in a cookie. The tutorial I'm using sets this cookie to 'expire' in two weeks: Cookie.write("sid", theSessionId, 1000 * 60 * 60 * 24 * 14); // two weeks Here's where I'm confused: if the cookie expires in two weeks, then my user will go along using the webapp happily, only to one day browse to my site and be shown a login screen. What are my options? Can I just set no expiration time for this cookie? That way the user would have to explicitly log out, otherwise they could just use the app forever without having to log back in? Or is there a better way to do this? I can't remember sites like Twitter having ever asked me to log back in again. I seem to be permanently logged in. Do they just set no expiration? The webapp isn't protecting any sort of highly sensitive data, so I don't mind leaving a cookie that doesn't expire, but it seems like there must be a better way? This is the tutorial I'm referencing: http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ Thanks

    Read the article

  • In Varnish, how can I read the Set-Cookie response header?

    - by Adam Friedman
    I am trying to detect if my application has set a cookie that holds an "alert message" for the user on the next page, where the Javascript displays it if detected. In my vcl_fetch(), I need to detect if the specific cookie value "alert_message" appears anywhere in the Set-Cookie header (presumably in the VCL variable beresp.http.Set-Cookie). If detected, then I do not want to cache that next page (since Varnish strips the Set-Cookie header by default, which would obliterate the alert message before it makes it back to the browser). So here is my simple test: if(beresp.http.Set-Cookie ~ "alert_message") { set req.http.no_cache = 1; } Strangely, it fails to evaluate to true. So I throw the variable into the Server header to see what it looks like: set beresp.http.Server = " MyApp Varnish implementation - test reading set-cookie: "+beresp.http.Set-Cookie; But for some reason this only displays the FIRST Set-Cookie line in the response headers. Here are the relevant response headers: Server: MyApp Varnish implementation - test reading cookie: elstats_session=7d7279kjmsnkel31lre3s0vu24; expires=Wed, 10-Oct-2012 00:03:32 GMT; path=/; HttpOnly Set-Cookie:app_session=7d7279kjmsnkel31lre3s0vu24; expires=Wed, 10-Oct-2012 00:03:32 GMT; path=/; HttpOnly Set-Cookie:alert_message=Too+many+results.; expires=Tue, 09-Oct-2012 20:13:32 GMT; path=/; domain=.my.app.com Set-Cookie:alert_key=flash_error; expires=Tue, 09-Oct-2012 20:13:32 GMT; path=/; domain=.my.app.com Vary:Accept-Encoding How do I read and run string detection on ALL Set-Cookie header lines?

    Read the article

  • ASP C# Web Developer default login, getting user ID session value

    - by m3n
    I've used the built-in wizard in Visual Web Developer 2008 to create a simple login system. I'd like to get hold of the logged in user's ID, but I'm not sure how. Peeking in the ASPNETDB.MDF in the table aspnet_Users, the column appears to be called "UserId". I gave it a go: Response.Write("ID: " + Session["UserId"]); but it's coming up blank. How do I do this? (This is not for a live project, no need to point out the sillyness in using the wizard.) Thanks

    Read the article

  • ASP .NET Login Session How to destroy session object when logging out from Home Page??

    - by Vinodh Kumar
    I have created a website. I login with username and password and after authenticating i redirect the user to Home Page. When the user clicks Logout, they are redirected to the Login Page. But after this when i click the BACK button on the browser, it again goes back to the Home Page with that user's login credentials. I have used Session["username"]=null in the Page_Load function of Home Page. How to avoid going back to the Home Page when the BACK button is clicked by the User??

    Read the article

  • Safari Back button not honouring PHP logout session

    - by Steve Kemp
    I've got a logout.php page which ends a user's session and works well and does the following: session_start(); session_unset(); session_destroy(); I've just noticed when testing with Safari that when you logout you can click the back button to return to the previous page which requires authentication but are not prompted. You cannot navigate away from this page without entering the navigation but it should not be displaying the previous page in the first place. So far in my testing this is only an issue with Safari on Mac OS X and there are a number of other reports about this but with no resolution that I could find: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23702691.html I would love to be able to disable this behaviour with Safari's back button - surprised that this is happening in the first place. Thanks, Steve

    Read the article

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >