Search Results

Search found 1701 results on 69 pages for 'cookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 25/69 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >

  • HTTP Builder/Groovy - lost 302 (redirect) handling?

    - by Misha Koshelev
    Dear All: I am reading here http://groovy.codehaus.org/modules/http-builder/doc/handlers.html "In cases where a response sends a redirect status code, this is handled internally by Apache HttpClient, which by default will simply follow the redirect by re-sending the request to the new URL. You do not need to do anything special in order to follow 302 responses." This seems to work fine when I simply use the get() or post() methods without a closure. However, when I use a closure, I seem to lose 302 handling. Is there some way I can handle this myself? Thank you p.s. Here is my log output showing it is a 302 response [java] FINER: resp.statusLine: "HTTP/1.1 302 Found" Here is the relevant code: // Copyright (C) 2010 Misha Koshelev. All Rights Reserved. package com.mksoft.fbbday.main import groovyx.net.http.ContentType import java.util.logging.Level import java.util.logging.Logger class HTTPBuilder { def dataDirectory HTTPBuilder(dataDirectory) { this.dataDirectory=dataDirectory } // Main logic def logger=Logger.getLogger(this.class.name) def closure={resp,reader-> logger.finer("resp.statusLine: \"${resp.statusLine}\"") if (logger.isLoggable(Level.FINEST)) { def respHeadersString='Headers:'; resp.headers.each() { header->respHeadersString+="\n\t${header.name}=\"${header.value}\"" } logger.finest(respHeadersString) } def text=reader.text def lastHtml=new File("${dataDirectory}${File.separator}last.html") if (lastHtml.exists()) { lastHtml.delete() } lastHtml<<text new XmlSlurper(new org.cyberneko.html.parsers.SAXParser()).parseText(text) } def processArgs(args) { if (logger.isLoggable(Level.FINER)) { def argsString='Args:'; args.each() { arg->argsString+="\n\t${arg.key}=\"${arg.value}\"" } logger.finer(argsString) } args.contentType=groovyx.net.http.ContentType.TEXT args } // HTTPBuilder methods def httpBuilder=new groovyx.net.http.HTTPBuilder () def get(args) { httpBuilder.get(processArgs(args),closure) } def post(args) { args.contentType=groovyx.net.http.ContentType.TEXT httpBuilder.post(processArgs(args),closure) } } Here is a specific tester: #!/usr/bin/env groovy import groovyx.net.http.HTTPBuilder import groovyx.net.http.Method import static groovyx.net.http.ContentType.URLENC import java.util.logging.ConsoleHandler import java.util.logging.Level import java.util.logging.Logger // MUST ENTER VALID FACEBOOK EMAIL AND PASSWORD BELOW !!! def email='' def pass='' // Remove default loggers def logger=Logger.getLogger('') def handlers=logger.handlers handlers.each() { handler->logger.removeHandler(handler) } // Log ALL to Console logger.setLevel Level.ALL def consoleHandler=new ConsoleHandler() consoleHandler.setLevel Level.ALL logger.addHandler(consoleHandler) // Facebook - need to get main page to capture cookies def http = new HTTPBuilder() http.get(uri:'http://www.facebook.com') // Login def html=http.post(uri:'https://login.facebook.com/login.php?login_attempt=1',body:[email:email,pass:pass]) assert html==null // Why null? html=http.post(uri:'https://login.facebook.com/login.php?login_attempt=1',body:[email:email,pass:pass]) { resp,reader-> assert resp.statusLine.statusCode==302 // Shouldn't we be redirected??? // http://groovy.codehaus.org/modules/http-builder/doc/handlers.html // "In cases where a response sends a redirect status code, this is handled internally by Apache HttpClient, which by default will simply follow the redirect by re-sending the request to the new URL. You do not need to do anything special in order to follow 302 responses. " } Here are relevant logs: FINE: Receiving response: HTTP/1.1 302 Found Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << HTTP/1.1 302 Found Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Expires: Sat, 01 Jan 2000 00:00:00 GMT Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Location: http://www.facebook.com/home.php? Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << P3P: CP="DSP LAW" Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Pragma: no-cache Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Set-Cookie: datr=1275687438-9ff6ae60a89d444d0fd9917abf56e085d370277a6e9ed50c1ba79; expires=Sun, 03-Jun-2012 21:37:24 GMT; path=/; domain=.facebook.com Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Set-Cookie: lxe=koshelev%40post.harvard.edu; expires=Tue, 28-Sep-2010 15:24:04 GMT; path=/; domain=.facebook.com; httponly Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Set-Cookie: lxr=deleted; expires=Thu, 04-Jun-2009 21:37:23 GMT; path=/; domain=.facebook.com; httponly Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Set-Cookie: pk=183883c0a9afab1608e95d59164cc7dd; path=/; domain=.facebook.com; httponly Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Content-Type: text/html; charset=utf-8 Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << X-Cnection: close Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Date: Fri, 04 Jun 2010 21:37:24 GMT Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.DefaultClientConnection receiveResponseHeader FINE: << Content-Length: 0 Jun 4, 2010 4:37:22 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies FINE: Cookie accepted: "[version: 0][name: datr][value: 1275687438-9ff6ae60a89d444d0fd9917abf56e085d370277a6e9ed50c1ba79][domain: .facebook.com][path: /][expiry: Sun Jun 03 16:37:24 CDT 2012]". Jun 4, 2010 4:37:22 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies FINE: Cookie accepted: "[version: 0][name: lxe][value: koshelev%40post.harvard.edu][domain: .facebook.com][path: /][expiry: Tue Sep 28 10:24:04 CDT 2010]". Jun 4, 2010 4:37:22 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies FINE: Cookie accepted: "[version: 0][name: lxr][value: deleted][domain: .facebook.com][path: /][expiry: Thu Jun 04 16:37:23 CDT 2009]". Jun 4, 2010 4:37:22 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies FINE: Cookie accepted: "[version: 0][name: pk][value: 183883c0a9afab1608e95d59164cc7dd][domain: .facebook.com][path: /][expiry: null]". Jun 4, 2010 4:37:22 PM org.apache.http.impl.client.DefaultRequestDirector execute FINE: Connection can be kept alive indefinitely Jun 4, 2010 4:37:22 PM groovyx.net.http.HTTPBuilder doRequest FINE: Response code: 302; found handler: post302$_run_closure2@7023d08b Jun 4, 2010 4:37:22 PM groovyx.net.http.HTTPBuilder doRequest FINEST: response handler result: null Jun 4, 2010 4:37:22 PM org.apache.http.impl.conn.SingleClientConnManager releaseConnection FINE: Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@605b28c9 You can see there is clearly a location argument. Thank you Misha

    Read the article

  • Cookies blocked by router?

    - by Martin wiboe
    Hello, My friend has a D-Link DI-524 router that she uses for her home broadband. It's a pretty vanilla setup with the standard firewall settings, DHCP enabled etc. However, recently she has experienced something strange - cookies are not working on every computer on her LAN, whether using FF3.5 or IE8. I tried viewing the HTTP traffic using Fiddler2, and the requests come through fine (mind you, Internet browsing still works flawlessly) but whenever a website tries to set a cookie using the "Set-Cookie:" header, my computer sees that line as "Set-*ookie:" with the cookie contents removed. I have never seen anything like this - do you have any idea? Regards, Martin

    Read the article

  • making cookies persistent in IE8

    - by Jamie Stevens
    There's a website I sign into frequently, and I'm getting sick of entering my username and password every time. The website can remember who I am so long as I don't close my browser (Internet Explorer 8), but when I do it forgets me, and asks me to login again. I'm guessing this is because it's using a cookie (and perhaps a session) that expires when I close my browser. Is there anyway to make this information persistent across each time I load my browser? (I tried exporting the cookies to a file, and then importing them as soon as the browser was reloaded, but that didn't work either... I'm thinking the cookie text file needs to be modified somehow.) (FYI The website is http://blackboard.unh.edu, but you won't have access unless you happen to be a student there :-) NOTE: I'm not interested in using any password remembering features in the browser. The only solution I'm open to is making the cookie / session persistent somehow!

    Read the article

  • HAproxy to web host sub directory?

    - by daemonza
    Hi for reasons outside my control, I need to load balance two servers, that run a non-virtual host enabled app on IIS. Normally in HAProxy I would load balance servers(apache, tomcat, etc) like this : acl is_www_example_com hdr_end(host) -i www.example.com use_backend www_example_com if is_www_example_com backend www_example_com balance roundrobin cookie SERVERID insert nocache indirect option httpchk HEAD / HTTP/1.0 option httpclose option forwardfor server node1 192.168.1.1:80 cookie node1 server node1 192.168.1.2:80 cookie node1 Which will route to the node 1 and node 2 server and serve up the virtual host site. if I need to route to www.example.com/application/data How would I be able to do it, with the above example, if at all even possible?

    Read the article

  • Firefox: how to block cookies by name, not by site?

    - by deepc
    Firefox allows to block all cookies on a site-by-site level. This is ok for the most part. However, it does not help with blocking only Google Analytics cookies. The GA cookie names start with __ut. Is there a Firefox add-on which can block all __ut* cookies? I know there are many cookie related add-ons for Firefox - but apparently all of them simply fine tune cookie site-by-site blocking, according to their descriptions. Hopefully I missed the one who can do this... I also know about Google's plugin to opt out of analytics. Installing a specific plug-in for that purpose (as opposed to an add-on) seems a bit overdone. Plus, I would have to trust Google with that and that is exactly what I don't.

    Read the article

  • ASP.NET Membership API not working on Win2008 server/IIS7

    - by Program.X
    I have a very odd problem. I have a web app that uses the .NET Membership API to provide login functionality. This works fine on my local dev machine, using WebDev 4.0 server. I'm using .NET 4.0 with some URL Rewriting, but not on the pages where login is required. I have a Windows Server 2008 with IIS7 However, the Membership API seemingly does not work on the server. I have set up remote debugging and the LoginUser.LoggedIn event of the LoginUser control gets fired okay, but the MembershipUser is null. I get no answer about the username/password being invalid so it seems to be recognising it. If I enter an invalid username/password, I get an invalid username/password response. Some code, if it helps: <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="validation-error-list" ValidationGroup="LoginUserValidationGroup"/> <div class="accountInfo"> <fieldset class="login"> <legend>Account Information</legend> <p> <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label> <asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox> <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" CssClass="validation-error" Display="Dynamic" ErrorMessage="User Name is required." ToolTip="User Name is required." ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator> </p> <p> <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label> <asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox> <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" CssClass="validation-error" Display="Dynamic" ErrorMessage="Password is required." ToolTip="Password is required." ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator> </p> <p> <asp:CheckBox ID="RememberMe" runat="server"/> <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label> </p> </fieldset> <p class="login-action"> <asp:Button ID="LoginButton" runat="server" CommandName="Login" CssClass="submitButton" Text="Log In" ValidationGroup="LoginUserValidationGroup"/> </p> and the code behind: protected void Page_Load(object sender, EventArgs e) { LoginUser.LoginError += new EventHandler(LoginUser_LoginError); LoginUser.LoggedIn += new EventHandler(LoginUser_LoggedIn); } void LoginUser_LoggedIn(object sender, EventArgs e) { // this code gets run so it appears logins work Roles.DeleteCookie(); // this behaviour has been removed for testing - no difference } void LoginUser_LoginError(object sender, EventArgs e) { HtmlGenericControl htmlGenericControl = LoginUser.FindControl("errorMessageSpan") as HtmlGenericControl; if (htmlGenericControl != null) htmlGenericControl.Visible = true; } I have "Fiddled" with the Login form reponse and I get the following Cookie-Set headers: Set-Cookie: ASP.NET_SessionId=lpyyiyjw45jjtuav1gdu4jmg; path=/; HttpOnly Set-Cookie: .ASPXAUTH=A7AE08E071DD20872D6BBBAD9167A709DEE55B352283A7F91E1066FFB1529E5C61FCEDC86E558CEA1A837E79640BE88D1F65F14FA8434AA86407DA3AEED575E0649A1AC319752FBCD39B2A4669B0F869; path=/; HttpOnly Set-Cookie: .ASPXROLES=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly I don't know what is useful here because it is obviously encrypted but I find the .APXROLES cookie having no value interesting. It seems to fail to register the cookie, but passes authentication

    Read the article

  • Android: HttpURLConnection not working properly

    - by giorgiline
    I'm trying to get the cookies from a website after sending user credentials through a POST Request an it seems that it doesn't work in android this way. ¿Am I doing something bad?. Please help. I've searched here in different posts but there's no useful answer. It's curious that this run in a desktop Java implementation it works perfect but it crashes in Android platform. And it is exactly the same code, specifically when calling HttpURLConnection.getHeaderFields(), it also happens with other member methods. It's a simple code and I don't know why the hell isn't working. DESKTOP CODE: This goes just in the main() HttpURLConnection connection = null; OutputStream out = null; try { URL url = new URL("http://www.XXXXXXXX.php"); String charset = "UTF-8"; String postback = "1"; String user = "XXXXXXXXX"; String password = "XXXXXXXX"; String rememberme = "on"; String query = String.format("postback=%s&user=%s&password=%s&rememberme=%s" , URLEncoder.encode(postback, charset) , URLEncoder.encode(user,charset) , URLEncoder.encode(password, charset) , URLEncoder.encode(rememberme, charset)); connection = (HttpURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Accept-Charset", charset); connection.setDoOutput(true); connection.setFixedLengthStreamingMode(query.length()); out = connection.getOutputStream (); out.write(query.getBytes(charset)); if (connection.getHeaderFields() == null){ System.out.println("Header null"); }else{ for (String cookie: connection.getHeaderFields().get("Set-Cookie")){ System.out.println(cookie.split(";", 2)[0]); } } } catch (IOException e){ e.printStackTrace(); } finally { try { out.close();} catch (IOException e) { e.printStackTrace();} connection.disconnect(); } So the output is: login_key=20ad8177db4eca3f057c14a64bafc2c9 FASID=cabf20cc471fcacacdc7dc7e83768880 track=30c8183e4ebbe8b3a57b583166326c77 client-data=%7B%22ism%22%3Afalse%2C%22showm%22%3Afalse%2C%22ts%22%3A1349189669%7D ANDROID CODE: This goes inside doInBackground AsyncTask body HttpURLConnection connection = null; OutputStream out = null; try { URL url = new URL("http://www.XXXXXXXXXXXXXX.php"); String charset = "UTF-8"; String postback = "1"; String user = "XXXXXXXXX"; String password = "XXXXXXXX"; String rememberme = "on"; String query = String.format("postback=%s&user=%s&password=%s&rememberme=%s" , URLEncoder.encode(postback, charset) , URLEncoder.encode(user,charset) , URLEncoder.encode(password, charset) , URLEncoder.encode(rememberme, charset)); connection = (HttpURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Accept-Charset", charset); connection.setDoOutput(true); connection.setFixedLengthStreamingMode(query.length()); out = connection.getOutputStream (); out.write(query.getBytes(charset)); if (connection.getHeaderFields() == null){ Log.v(TAG, "Header null"); }else{ for (String cookie: connection.getHeaderFields().get("Set-Cookie")){ Log.v(TAG, cookie.split(";", 2)[0]); } } } catch (IOException e){ e.printStackTrace(); } finally { try { out.close();} catch (IOException e) { e.printStackTrace();} connection.disconnect(); } And here there is no output, it seems that connection.getHeaderFields() doesn't return result. It takes al least 30 seconds to show the Log: 10-02 16:56:25.918: V/class com.giorgi.myproject.activities.HomeActivity(2596): Header null

    Read the article

  • Why am I getting a new session ID on every page fetch in my Perl WWW::Mechanize script?

    - by Phill Pafford
    So I'm scraping a site that I have access to via HTTPS, I can login and start the process but each time I hit a new page (URL) the cookie Session Id changes. How do I keep the logged in Cookie Session Id? #!/usr/bin/perl -w use strict; use warnings; use WWW::Mechanize; use HTTP::Cookies; use LWP::Debug qw(+); use HTTP::Request; use LWP::UserAgent; use HTTP::Request::Common; my $un = 'username'; my $pw = 'password'; my $url = 'https://subdomain.url.com/index.do'; my $agent = WWW::Mechanize->new(cookie_jar => {}, autocheck => 0); $agent->{onerror}=\&WWW::Mechanize::_warn; $agent->agent('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100407 Ubuntu/9.10 (karmic) Firefox/3.6.3'); $agent->get($url); $agent->form_name('form'); $agent->field(username => $un); $agent->field(password => $pw); $agent->click("Log In"); print "After Login Cookie: "; print $agent->cookie_jar->as_string(); print "\n\n"; my $searchURL='https://subdomain.url.com/search.do'; $agent->get($searchURL); print "After Search Cookie: "; print $agent->cookie_jar->as_string(); print "\n"; The output: After Login Cookie: Set-Cookie3: JSESSIONID=367C6D; path="/thepath"; domain=subdomina.url.com; path_spec; secure; discard; version=0 After Search Cookie: Set-Cookie3: JSESSIONID=855402; path="/thepath"; domain=subdomain.com.com; path_spec; secure; discard; version=0 Also I think the site requires a CERT (Well in the browser it does), would this be the correct way to add it? $ENV{HTTPS_CERT_FILE} = 'SUBDOMAIN.URL.COM'; ## Insert this after the use HTTP::Request... Also for the CERT In using the first option in this list, is this correct? X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)

    Read the article

  • What is a “pretty and proper OO” way for handling sessions and authentication?

    - by asdfqwer
    Is coupling these two concepts a bad approach? As of right now I'm delegating all session handling and whether or not a user desires to logout in my config.inc file. As I was writing my Auth class I started wondering whether or not my Auth class should be taking care of most of the logic in my config.inc. Regardless, I'm sure there's a more elegant way of handling this... Here is what I have in my config.inc (also a large chunk of this code is based on a reply I found on SO except I can't find the source ._.): ini_set('session.name', 'SID'); # session management session_set_cookie_params(24*60*60); // set SID cookie lifetime session_start(); if(isset($_SESSION['LOGOUT']) { session_destroy(); // destroy session data $_SESSION = array(); // destroy session data sanity check setcookie('SID', '', time() - 24*60*60); // destroy session cookie data #header('Location: '.DOCROOT); } elseif(isset($_SESSION['SID_AUTH'])) { // verify user has authenticated if (!isset($_SESSION['SID_CREATED'])) { $_SESSION['SID_CREATED'] = time(); } elseif (time() - $_SESSION['SID_CREATED'] > 6*60*60) { // session started more than 6 hours ago session_regenerate_id(); // reset SID value $_SESSION['SID_CREATED'] = time(); // update creation time } if (isset($_SESSION['SID_MODIFIED']) && (time() - $_SESSION['SID_MODIFIED'] > 12*60*60)) { // last request was more than 12 hours ago session_destroy(); // destroy session data $_SESSION = array(); // destroy session data sanity check setcookie('SID', '', time() - 24*60*60); // destroy session cookie data } $_SESSION['SID_MODIFIED'] = time(); // update last activity time stamp }

    Read the article

  • Understanding HTTP Cookies in Indy 10 for Delphi XE2

    - by Jerry Dodge
    I have been working with Indy 10 HTTP Servers / Clients lately in Delphi XE2, and I need to make sure I'm understanding session management correctly. In the server, I have a "bucket" of sessions, which is a list of objects which each represent a unique session. I don't use username and password to authenticate users, but I rather use a unique API key which is issued to a client, and has an expiration. When a client wishes to connect to the server, it first logs in by calling the "login" command, which is a path like this: http://localhost:1234/login?APIKey=abcdefghij. The server checks this API Key against the database, and if it's valid, it creates a new session in the bucket, issues a new cookie (unique string), and sets the response cookies with Success=Y and Cookie=abcdefghij. This is where I have the question. Assuming the client end has its own method of cookie management, the client will receive this login response back from the server and automatically save the cookies as necessary. Any future request from the client to the server shall automatically send along these cookies, and the client side doesn't have to necessarily worry about setting these cookies when sending requests to the server. Right? PS - I'm asking this question here on programmers.stackexchange.com because I didn't see it fit to ask on stackoverflow.com. If anyone thinks this is appropriate enough for stackoverflow.com, please let me know.

    Read the article

  • session management: verifying a user's log-in state

    - by good_computer
    I am storing sessions in my database. Everytime a user logs in, I create a new row corresponding to the new session, generate a new session id and send it as a cookie to the browser. My session data looks something like this: { 'user_id': 1234 'user_name': 'Sam' ... } When a request comes, I check whether a cookie with a session id is sent. If it is, I fetch session data from my database (or memcache) corresponding to that session id. When the user logs out, I remove the session data from my database (and memcache), and delete the cookie from the user's browser too. Notice that in my session data, I don't have something like logged_in: true. This is because if I find a session record in the database (or memcache) I deduce that the user is logged in, and if there is no session record found, the user is not logged in. My question is: is this the right approach? Should I have a logged_in key in my session data? Is there any possibility that a session record may be present on the server where the corresponding user is actually NOT logged in? Are there any security implications in having or not having such a key?

    Read the article

  • How to implement a no-login authentication system

    - by mrwooster
    I am looking to build a very loose authentication system that can track a user and link submitted data/comments to a specific user. The submissions are essentially anonymous, but a user may want to edit his submission/comment at a later date. I want the experience to be as smooth as possible so do not want to ask users to sign up for an account and then login each time. There is no point as their submissions are not in their name and to another user browsing the site, there is no way of linking a submission to a specific user (think anonymous comments on a blog post or pastie). However, the user should have the ability to edit (at least in the short term) the content they have posted. The way I imagine doing this would be to place a unique identifier in a cookie on the users machine. This would enable me to link a submission to a user, and while that cookie remained on the users machine, I would allow them to edit their content. Of course, if the cookie is lost, or the user accesses the site from a different browser, then they would not be able to edit their content, but this is not really an issue, they can always resubmit a new piece of content. Is there a better way of doing this? How can I implement this so that the user can edit their data for the longest possible amount of time.

    Read the article

  • Apache, Nginx, WSGI, django cookies get lost.

    - by Jack M.
    I'm running into a problem trying to get a Django application running in my staging environment. I'm running nginx as a reverse proxy with Apache 2.2/mod_wsgi as the target, and my Django app behind that. The problem is that the cookies are getting lost somewhere between nginx and Apache. My nginx.conf (ripped out a few locations to keep it small): http { gzip on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; upstream django { server 127.0.0.1:8080; } server { listen 80; server_name encendio.iigins.com; location / { proxy_pass http://django; } } } My Apache vhosts file: <VirtualHost *:8080> ServerName encendio.test.com ServerAdmin [email protected] DocumentRoot "/usr/local/www/apache22/data" WSGIScriptAlias / /usr/local/www/apache22/data/sasquatch/wsgi_handler.py </VirtualHost> If I directly to http://encendio.test.com:8080/ the cookies work and I can log into the admin area. If I log into http://encendio.test.com/, the admin area tells me my browser isn't using cookies. Now things get kind of weird. I went so far as to look at the environ being passed into my wsgi_handler.py: _application = django.core.handlers.wsgi.WSGIHandler() def application(environ, start_response): print >> sys.stderr, environ.get('HTTP_COOKIE', "No Cookie") return _application(environ, start_response) It shows the cookie existing in the environment: [Mon Mar 22 12:15:50 2010] [error] csrftoken=9f2569elkj67984242f0e7a6dea0b791; sessionid=4e5432hjkds8603f26d5ffa02b10cd27 And this cookie matches up with what I see in nginx's log if I plug in $http_cookie on the end of the log. So Apache is getting the cookie in some form, but it's not ending up where Django can see it. I'm at my wit's end for why this isn't working, so any help is greatly appreciated. Ninja Edit: I forgot to mention that Firefox is seeing the cookies. The oddity is that every time I attempt to log in, I get a new sessionid.

    Read the article

  • When does the .NET FormAuthentication ticket get checked and how do I tap into this event?

    - by Mustafakidd
    Hello everyone - We are attempting to integrate an ASP.NET MVC site with our client's SSO system using PingFederate. I would like to use the built in FormsAuthentication framework to do this. The way I've gone about it so far is: Set up my Web.config so that my FormsAuthentication LoginURL goes to my site's "BeginAuthentication" action on a "Security" controller. From this action, I set up some session variables (what URL was being accessed, for example, since Ping won't send this info back to me), and then redirect to our client's login page on an external site (www.client.com/Login for example). From here, the authentication takes place and a cookie is generated on the same domain as the one that our application is running on which contains the unique identifier of the authenticated user, I've set it up so that once this happens, the Ping server will redirect to my "EndAuthentication" action on my "Security" controller. In this action, I call my membership class's "ValidateUser" method which takes this unique identifier from the cookie and loads in the user on our application that this ID refers to. I save that logged in user in our Session (Session["LoggedInAs"], for example) and expire the cookie that contains the id of the authenticated user that the SSO system provided for me. All of this works well. The issue I'm wondering about is what happens after our user has already authenticated and manually goes back to our client's login page (www.client.com/login) and logs in as another user. If they do that, then the flow from #2 above to number 3 happens as normal - but since there already exists an authenticated user on our site, it seems as though the FormsAuthentication system doesn't bother kicking off anything so I don't get a chance to check for the cookie I'm looking for to login as this new user. What I'd like to do is, somewhere in my Global.asax file (probably FormsAuthenticate_OnAuthenticate), check to see if the cookie that the SSO system sends to me exists, and if so, sign out of the application using FormsAuthentication.SignOut(). Another issue that seems to be related is that if I let my Session expire, the FormsAuthentication still seems to think I am authenticated and it lets me access a page even though no currently logged in user exists in my Session, so the page doesn't render correctly. Should I tap into the Session_End event and do FormsAuthentication.SignOut() here as well? Basically, I want to know when the authentication ticket created by System.Web.Security.FormsAuthentication.SetAuthCookie(..) gets checked in the flow of a request so that I can determine whether I need to SignOut() and force revalidation or not. Thanks for any help. Sorry for the length of this message, trying to be as detailed as possible. Mustafa

    Read the article

  • python getelementbyid from string

    - by matthewgall
    Hey, I have the following program, that is trying to upload a file (or files) to an image upload site, however I am struggling to find out how to parse the returned HTML to grab the direct link (contained in a ). I have the code below: #!/usr/bin/python # -*- coding: utf-8 -*- import pycurl import urllib import urlparse import xml.dom.minidom import StringIO import sys import gtk import os import imghdr import locale import gettext try: import pynotify except: print "Please install pynotify." APP="Uploadir Uploader" DIR="locale" locale.setlocale(locale.LC_ALL, '') gettext.bindtextdomain(APP, DIR) gettext.textdomain(APP) _ = gettext.gettext ##STRINGS uploading = _("Uploading image to Uploadir.") oneimage = _("1 image has been successfully uploaded.") multimages = _("images have been successfully uploaded.") uploadfailed = _("Unable to upload to Uploadir.") class Uploadir: def __init__(self, args): self.images = [] self.urls = [] self.broadcasts = [] self.username="" self.password="" if len(args) == 1: return else: for file in args: if file == args[0] or file == "": continue if file.startswith("-u"): self.username = file.split("-u")[1] #print self.username continue if file.startswith("-p"): self.password = file.split("-p")[1] #print self.password continue self.type = imghdr.what(file) self.images.append(file) for file in self.images: self.upload(file) self.setClipBoard() self.broadcast(self.broadcasts) def broadcast(self, l): try: str = '\n'.join(l) n = pynotify.Notification(str) n.set_urgency(pynotify.URGENCY_LOW) n.show() except: for line in l: print line def upload(self, file): #Try to login cookie_file_name = "/tmp/uploadircookie" if ( self.username!="" and self.password!=""): print "Uploadir authentication in progress" l=pycurl.Curl() loginData = [ ("username",self.username),("password", self.password), ("login", "Login") ] l.setopt(l.URL, "http://uploadir.com/user/login") l.setopt(l.HTTPPOST, loginData) l.setopt(l.USERAGENT,"User-Agent: Uploadir (Python Image Uploader)") l.setopt(l.FOLLOWLOCATION,1) l.setopt(l.COOKIEFILE,cookie_file_name) l.setopt(l.COOKIEJAR,cookie_file_name) l.setopt(l.HEADER,1) loginDataReturnedBuffer = StringIO.StringIO() l.setopt( l.WRITEFUNCTION, loginDataReturnedBuffer.write ) if l.perform(): self.broadcasts.append("Login failed. Please check connection.") l.close() return loginDataReturned = loginDataReturnedBuffer.getvalue() l.close() #print loginDataReturned if loginDataReturned.find("<li>Your supplied username or password is invalid.</li>")!=-1: self.broadcasts.append("Uploadir authentication failed. Username/password invalid.") return else: self.broadcasts.append("Uploadir authentication successful.") #cookie = loginDataReturned.split("Set-Cookie: ")[1] #cookie = cookie.split(";",0) #print cookie c = pycurl.Curl() values = [ ("file", (c.FORM_FILE, file)) ] buf = StringIO.StringIO() c.setopt(c.URL, "http://uploadir.com/file/upload") c.setopt(c.HTTPPOST, values) c.setopt(c.COOKIEFILE, cookie_file_name) c.setopt(c.COOKIEJAR, cookie_file_name) c.setopt(c.WRITEFUNCTION, buf.write) if c.perform(): self.broadcasts.append(uploadfailed+" "+file+".") c.close() return self.result = buf.getvalue() #print self.result c.close() doc = urlparse.urlparse(self.result) self.urls.append(doc.getElementsByTagName("download")[0].childNodes[0].nodeValue) def setClipBoard(self): c = gtk.Clipboard() c.set_text('\n'.join(self.urls)) c.store() if len(self.urls) == 1: self.broadcasts.append(oneimage) elif len(self.urls) != 0: self.broadcasts.append(str(len(self.urls))+" "+multimages) if __name__ == '__main__': uploadir = Uploadir(sys.argv) Any help would be gratefully appreciated. Warm regards,

    Read the article

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • Why is .NET Post different from CURL? broken?

    - by ironnailpiercethesky
    I dont understand this. I ran this code below and the result json string was the link is expired (meaning invalid). However the curl code does the exact same thing and works. I either get the expected string with the url or it says i need to wait (for a few seconds to 1 minute). Why? whats the difference between the two? It looks very F%^&*ed up that it is behaving differently (its been causing me HOURS of problems). NOTE: the only cookie required by the site is SID (tested). It holds your session id. The first post activates it and the 2nd command checks the status with the returning json string. Feel free to set the CookieContainer to only use SID if you like. WARNING: you may want to change SID to a different value so other people arent activating it. Your may want to run the 2nd url to ensure the session id is not used and says expired/invalid before you start. additional note: with curl or in your browser if you do the POST command you can stick the sid in .NET cookie container and the 2nd command will work. But doing the first command (the POST data) will not work. This post function i have used for many other sites that require post and so far it has worked. Obviously checking the Method is a big deal and i see it is indeed POST when doing the first command. static void Main(string[] args) { var cookie = new CookieContainer(); PostData("http://uploading.com/files/get/37e36ed8/", "action=second_page&file_id=9134949&code=37e36ed8", cookie); Thread.Sleep(4000); var res = PostData("http://uploading.com/files/get/?JsHttpRequest=12719362769080-xml&action=get_link&file_id=9134949&code=37e36ed8&pass=undefined", null/*this makes it GET*/, cookie); Console.WriteLine(res); /* curl -b "SID=37468830" -A "DUMMY_User_Aggent" -d "action=second_page&file_id=9134949&code=37e36ed8" "http://uploading.com/files/get/37e36ed8/" curl -b "SID=37468830" -A "DUMMY_User_Aggent" "http://uploading.com/files/get/?JsHttpRequest=12719362769080-xml&action=get_link&file_id=9134949&code=37e36ed8&pass=undefined" */ }

    Read the article

  • Logging in to a website cURL!

    - by uknowho_freeman
    I am using cURL for the first time. I need to login to a site. I have problem with setting cookie file and to retrive, so that i can acces that page not just one time, but several times. I found the code on the web, for logging in to a site and Scrap a page for some detailed info, cause to get that page it takes to much time. so i just want to know if it is OK! the code belove(it is just for login in the code for Scraping its not ready) <?php curl_login('http://mywantedsite.com/login.php','user=******&pass=******','','off'); echo curl_grab_page('http://mywantedsite.com/somepage.php','','off'); function curl_login($url,$data,$proxy,$proxystatus){ $fp = fopen("cookie.txt", "w"); fclose($fp); $login = curl_init(); curl_setopt($login, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($login, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($login, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($login, CURLOPT_TIMEOUT, 40); curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'on') { curl_setopt($login, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($login, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($login, CURLOPT_PROXY, $proxy); } curl_setopt($login, CURLOPT_URL, $url); curl_setopt($login, CURLOPT_HEADER, TRUE); curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($login, CURLOPT_POST, TRUE); curl_setopt($login, CURLOPT_POSTFIELDS, $data); ob_start(); // prevent any output return curl_exec ($login); // execute the curl command ob_end_clean(); // stop preventing output curl_close ($login); unset($login); } function curl_grab_page($site,$proxy,$proxystatus){ $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'on') { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($ch, CURLOPT_PROXY, $proxy); } curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_URL, $site); ob_start(); // prevent any output return curl_exec ($ch); // execute the curl command ob_end_clean(); // stop preventing output curl_close ($ch); }

    Read the article

  • x11vnc working in Ubuntu 10.10

    - by pablorc
    I'm trying to start x11vnc in a Ubuntu 10.10 (my server is in Amazon EC2), but I have the next error $ sudo x11vnc -forever -usepw -httpdir /usr/share/vnc-java/ -httpport 5900 -auth /usr/sbin/gdm 25/11/2010 13:29:51 passing arg to libvncserver: -httpport 25/11/2010 13:29:51 passing arg to libvncserver: 5900 25/11/2010 13:29:51 -usepw: found /home/ubuntu/.vnc/passwd 25/11/2010 13:29:51 x11vnc version: 0.9.10 lastmod: 2010-04-28 pid: 3504 25/11/2010 13:29:51 XOpenDisplay(":0.0") failed. 25/11/2010 13:29:51 Trying again with XAUTHLOCALHOSTNAME=localhost ... 25/11/2010 13:29:51 *************************************** 25/11/2010 13:29:51 *** XOpenDisplay failed (:0.0) *** x11vnc was unable to open the X DISPLAY: ":0.0", it cannot continue. *** There may be "Xlib:" error messages above with details about the failure. Some tips and guidelines: ** An X server (the one you wish to view) must be running before x11vnc is started: x11vnc does not start the X server. (however, see the -create option if that is what you really want). ** You must use -display <disp>, -OR- set and export your $DISPLAY environment variable to refer to the display of the desired X server. - Usually the display is simply ":0" (in fact x11vnc uses this if you forget to specify it), but in some multi-user situations it could be ":1", ":2", or even ":137". Ask your administrator or a guru if you are having difficulty determining what your X DISPLAY is. ** Next, you need to have sufficient permissions (Xauthority) to connect to the X DISPLAY. Here are some Tips: - Often, you just need to run x11vnc as the user logged into the X session. So make sure to be that user when you type x11vnc. - Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE file may be accessed. The cookie file contains the secret key that allows x11vnc to connect to the desired X DISPLAY. - You can explicitly indicate which MIT-MAGIC-COOKIE file should be used by the -auth option, e.g.: x11vnc -auth /home/someuser/.Xauthority -display :0 x11vnc -auth /tmp/.gdmzndVlR -display :0 you must have read permission for the auth file. See also '-auth guess' and '-findauth' discussed below. ** If NO ONE is logged into an X session yet, but there is a greeter login program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need to find and use the raw display manager MIT-MAGIC-COOKIE file. Some examples for various display managers: gdm: -auth /var/gdm/:0.Xauth -auth /var/lib/gdm/:0.Xauth kdm: -auth /var/lib/kdm/A:0-crWk72 -auth /var/run/xauth/A:0-crWk72 xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk dtlogin: -auth /var/dt/A:0-UgaaXa Sometimes the command "ps wwwwaux | grep auth" can reveal the file location. Starting with x11vnc 0.9.9 you can have it try to guess by using: -auth guess (see also the x11vnc -findauth option.) Only root will have read permission for the file, and so x11vnc must be run as root (or copy it). The random characters in the filenames will of course change and the directory the cookie file resides in is system dependent. See also: http://www.karlrunge.com/x11vnc/faq.html I've already tried with some -auth options but the error persist. I have gdm running. Thank you in advance

    Read the article

  • Getting the JSESSIONID from the response Headers in C#

    - by acadia
    Hello, In my C# Windows application I am building a web request and getting the response back Uri uri = null; string workplaceURL = "http://filenet:9081/WorkPlaceXT"; uri = new Uri(workplaceURL + "/setCredentials?op=getUserToken&userId=" + encodeLabel(userName) + "&password=" + encodeLabel(pwd) + "&verify=true"); System.Net.WebRequest webRequest = System.Net.WebRequest.Create(uri); System.Net.WebResponse webResponse = webRequest.GetResponse(); StreamReader streamReader = new StreamReader(webResponse.GetResponseStream()); and I am getting the headers back as shown below ?webResponse.Headers {ResultXml: <?xml version="1.0"?><response><errorcode>0</errorcode><description>Success.</description></response> Content-Language: en-US Content-Length: 201 Cache-Control: no-cache="set-cookie, set-cookie2" Date: Thu, 03 Jun 2010 16:10:12 GMT Expires: Thu, 01 Dec 1994 16:00:00 GMT Set-Cookie: JSESSIONID=0000GiPPR9PPceZSv6d0FC4-vcT:-1; Path=/ Server: WebSphere Application Server/6.1 } base {System.Collections.Specialized.NameValueCollection}: {ResultXml: <?xml version="1.0"?><response><errorcode>0</errorcode><description>Success.</description></response> Content-Language: en-US Content-Length: 201 Cache-Control: no-cache="set-cookie, set-cookie2" Date: Thu, 03 Jun 2010 16:10:12 GMT Expires: Thu, 01 Dec 1994 16:00:00 GMT Set-Cookie: JSESSIONID=0000GiPPR9PPceZSv6d0FC4-vcT:-1; Path=/ Server: WebSphere Application Server/6.1 How do I fetch just the JSESSIONID? as I need to pass the JSESSIOID to a different URL. Please help

    Read the article

  • SmartGWT TreeGrid Selection

    - by wonderbread988
    I have a SmartGWT webapp that uses a TreeGrid with a dataSource. I would like this treeGrid to preselect values saved in a cookie. I have gotten the value to be saved in the cookie correctly, however I have tried several different methods of getting the treeGrid to select these values and I can not get it to work. I am attempting to do this in the onmoduleLoad method in my entry point. I have tried: Cookies.setCookie( "selectedUnit", TreeGrid.getSelectedPaths() ) to set the cookie and then when the page is reloaded: TreeGrid.setSelectedPaths( Cookies.getCookie("selectedUnit" ) When I could not get that to work, I tried storing just the id of the item selected: Cookies.setCookies( "selectedUnit", TreeGrid.getSelected().getAttribute("id") ) and then onLoad attempting to find that record and select it: TreeGrid.selectRecord( TreeGrid.getTree().find("id", Cookies.getCookie("selectedUnit") ) ) This did not work either, so finally I tried storing TreeGrid.getSelectedState() and upon retrieving that value form the cookie onLoad, passing it to TreeGrid.setSelectedState() similar to my first attempt, but passing state instead of path. I could not get any of these things to work. Can I not tell the TreeGrid to select an item in the 'OnmoduleLoad' method? Is this action only valid after the TreeGrid has been drawn? If that is the case where and how can I do this? Thank you in advance for any help you can give.

    Read the article

  • PHP session_write_close() causes empty response

    - by Xeoncross
    When using session_write_close() in a shutdown function at the end of my script - PHP just dies. There is no error logged, response headers (firebug), or data (even whitespace!) returned. I have full PHP error reporting on with STRICT enabled and PHP 5.2.1. My guess is that since session_write_close() is being called after shutdown - some fatal error is being encountered that crashes PHP before it has a chance to send the output or log anything. This only happens on the logout page where I first: ... //If there is no session to delete (not started) if ( ! session_id()) { return; } // Get the session name $name = session_name(); // Delete the session cookie (if exists) if ( ! empty($_COOKIE[$name])) { //Get the current cookie config $params = session_get_cookie_params(); // Delete the cookie from globals unset($_COOKIE[$name], $_SESSION); //Delete the cookie on the user_agent setcookie($name, '', time()-43200, $params['path'], $params['domain'], $params['secure']); } // Destroy the session session_destroy(); ... then 2) do some more stuff 3) issue a redirect and 4) finally, after the whole page is done the register_shutdown_function(); I placed earlier runs and calls session_write_close() which saves the session to the database. The end. Since this blank response only occurs on logout I'm guessing that I'm not restarting the session properly which is causing session_write_close() to die fatally at the end of the script.

    Read the article

  • Using HttpClient with the RightScale API

    - by Ameer Deen
    I'm trying to use the WCF Rest Starter Kit with the RightScale's Login API which seems fairly simple to use. Edit - Here's a blog entry I wrote on using Powershell to consume the API. Edit - Created a generic .NET wrapper for the RightScale API - NRightAPI It's exactly as simple as it looks while using CURL. In order for me to obtain a login cookie all I need to do is: curl -v -c rightcookie -u username:password "https://my.rightscale.com/api/acct/accountid/login?api_version=1.0" And I receive the following cookie: HTTP/1.1 204 No Content Date: Fri, 25 Dec 2009 12:29:24 GMT Server: Mongrel 1.1.3 Status: 204 No Content X-Runtime: 0.06121 Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Added cookie _session_id="488a8d9493579b9473fbcfb94b3a7b8e5e3" for domain my.rightscale.com, path /, expire 0 Set-Cookie: _session_id=488a8d9493579b9473fbcfb94b3a7b8e5e3; path=/; secure Vary: Accept-Encoding However, when I use the following C# code: HttpClient http = new HttpClient("https://my.rightscale.com/api/accountid/login?api_version=1.0"); http.TransportSettings.UseDefaultCredentials = false; http.TransportSettings.MaximumAutomaticRedirections = 0; http.TransportSettings.Credentials = new NetworkCredential("username", "password"); Console.WriteLine(http.Get().Content.ReadAsString()); Instead of a HTTP 204, I get a redirect: You are being <a> href="https://my.rightscale.com/dashboard"redirected <a> How do I get the WCF REST starter kit working with the RighScale API ?

    Read the article

  • Page.User.Identity.Name is blank on pages of subdomains

    - by sparks
    I have multiple subdomains trying to use a single subdomain for authentiction using forms authentication all running on windows server 2008 r2. All of the forms authentication pages are setup to use the same name, and on the authentication page the cookie is added with the following snippet: FormsAuthentication.SetAuthCookie(txtUserName.Text, false); System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), false); MyCookie.Domain = ConfigurationManager.AppSettings["domainName"]; Response.AppendCookie(MyCookie); When I am logged in to signon.mysite.com the page.user.identity.isauthenticated and page.user.identity.name properties both work fine. When I navigate to subdomain.mysite.com the page.user.identity.isauthenticated returns true, bue the name is empty. I tried to retrieve it from the cookie using the following, but it also was blank. HttpCookie cookie = Request.Cookies[".ASPXAUTH"]; FormsAuthenticationTicket fat = FormsAuthentication.Decrypt(cookie.Value); user2_lbl.Text = fat.Name; When googling the issue I found some people saying something must be added to global.asax and other saying it wasn't necessary. The goal is to be able to login on the authentication subdomain and have the user identity accessible from the root site and other subdomains. Machine keys match in all web.config, and the AppSettings["domainName"] is set to "mysite.com" currently. Does anyone know what is preventing me from accessing the user information?

    Read the article

  • How to test an HTTP 301 redirect?

    - by NoozNooz42
    How can one easily test HTTP return codes, like, say, a 301 redirect? For example, if I want to "see what's going on", I can use telnet to do something like this: ... $ telnet nytimes.com 80 Trying 199.239.136.200... Connected to nytimes.com. Escape character is '^]'. GET / HTTP/1.0 (enter) (enter) HTTP/1.1 200 OK Server: Sun-ONE-Web-Server/6.1 Date: Mon, 14 Jun 2010 12:18:04 GMT Content-type: text/html Set-cookie: RMID=007af83f42dd4c161dfcce7d; expires=Tuesday, 14-Jun-2011 12:18:04 GMT; path=/; domain=.nytimes.com Set-cookie: adxcs=-; path=/; domain=.nytimes.com Set-cookie: adxcs=-; path=/; domain=.nytimes.com Set-cookie: adxcs=-; path=/; domain=.nytimes.com Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-control: no-cache Pragma: no-cache Connection: close <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> ... Which is an easy way to access quite some infos. But now I want to test that a 301 redirect is indeed a 301 redirect. How can I do so? Basically, instead of getting a HTTP/1.1 200 OK I'd like to know how I can get the 301? I know that I can enter the name of the URL in a browser and "see" that I'm redirected, but I'd like to know what tool(s) can be used to actually really "see" the 301 redirect. Btw, I did test with a telnet, but when I enter www.example.org, which I redirected to example.org (without the www), all I can see is an "200 OK", I don't get to see the 301.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >