Search Results

Search found 10433 results on 418 pages for 'session replication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 25/418 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >

  • How to prevent session hijacking with SID (CGI perl)

    - by Gnippots
    I have a web app used by a small number of people (internal only) and am using a randomised sessionID that is stored under the user record and placed in various links. I have had a problem where users are sending links to each other which is allowing them to hijack the sender's session. What are some ways of preventing this from happening while still letting users send links to one another? Edit: The session ID in the link (which also contains $username) is just compared to what is stored in the User table. &incorrectLogin just prints an error followed by die; if ($sid) { $sth = $dbh->prepare("SELECT * FROM tbl_User WHERE UserID = '$username'"); $sth->execute(); $ref = $sth->fetchrow_hashref(); $session_chk = $ref->{'usr_sessionID'}; unless ($sid eq $session_chk) {&incorrectLogin;} } The problem is that if someone uses a link that is created by someone else, the page will load as them. I am not using cookies, and I recall being told in the past that CGI perl cookie handling is quite poor.

    Read the article

  • PHP/WordPress Session CountDown

    - by Cameron
    I have the following code to show how long a user has left before their session will expire, I am using WordPress. How can I do this? Thanks <script> var obj_Span; var n_Seconds = 0; var n_Minutes = 0; var n_Hours = 0; function F_ConvertNumberToString ( n_Num ) { var str_Num = String(n_Num); if ( str_Num.length < 2 ) str_Num = "0" + str_Num; return str_Num; } function F_CountDown () { if ( n_Hours == 0 && n_Minutes == 0 && n_Seconds == 0 ) { obj_Span.innerHTML = "(Sorry, your session has expired.)"; } else { if ( n_Seconds >= 0 ) n_Seconds --; if ( n_Seconds < 0 ) { n_Minutes --; n_Seconds = 59; } if ( n_Minutes >= 0 ) { window.setTimeout ( "F_CountDown()", 1000 ); } if ( n_Minutes < 0 ) { n_Hours --; n_Minutes = 59; window.setTimeout ( "F_CountDown()", 1000 ); } F_UpdateDisplay (); } } function F_UpdateDisplay ( ) { if ( document.getElementById ) { if (n_Hours > 0 ) obj_Span.innerHTML = "(Remaining " + F_ConvertNumberToString(n_Hours) + ":" + F_ConvertNumberToString(n_Minutes) + ":" + F_ConvertNumberToString(n_Seconds) + ")"; else obj_Span.innerHTML = "(Remaining " + F_ConvertNumberToString(n_Minutes) + ":" + F_ConvertNumberToString(n_Seconds) + ")"; } } function F_StartCountDown ( n_Session ) { obj_Span = document.getElementById ( "CountDown" ); n_Minutes = n_Session; n_Hours = Math.floor(n_Minutes/60); n_Minutes = n_Minutes - (60*n_Hours); F_CountDown (); } </script> <script> F_StartCountDown ( " code here... " ); </script> <span id="CountDown"></span>

    Read the article

  • Jetty 7 will not allow me to customize a session cookie path

    - by Bob Obringer
    Using Jetty 7.0.2, I am unable to set a custom session cookie path. I am hosting multiple sites on the same server using apache to proxy requests to the proper context. (replaced http as htp as stackoverflow thinks my multiple links might be spam) <VirtualHost *:80> ServerName context.domain.com ProxyRequests On ProxyPreserveHost Off <Proxy *:80> Order deny,allow Allow from 127.0.0.1 </Proxy> ProxyPass / htp://localhost:8080/context/ ProxyPassReverse / htp://localhost:8080/context/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost> Jetty is running on the same server on port 8080 and my context is available @ /context The user accesses the application @ htp://context.domain.com but jetty is setting the path for the session cookie @ /context. This prevents the browser from accessing the cookie since the the actual path to the context is not being used. I need to override Jetty's default setting to set the cookie for the context, and set the path at the root ( / ). In my Jetty's webdefault.xml I have the following, which is partially working: <context-param> <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name> <param-value>CustomCookieName</param-value> </context-param> <context-param> <param-name>org.eclipse.jetty.servlet.SessionPath</param-name> <param-value>/</param-value> </context-param> The cookie is properly set with a custom name, but it is NOT setting the SessionPath. No matter what I set the value to... it refuses to set a cookie at any path but /context. This has been driving me crazy so any help would be greatly appreciated.

    Read the article

  • How Session out trigger on browser close?

    - by Hemant Kothiyal
    Hi, Yesterday morning i open gmail account in Internet Exlorer second tab. I checked my mail and closed that tab (not browser). Then at the time of evining i again open second tab of browser and enetr gmail.com, it automatically redirect me at my email account without asking login. I shocked and i thought i should remain browser open for whole night and today open gmail in second tab , it behave similar means without login screen it redirect in my gmail account. Then i closed that tab and open another browser session and enter gmail i again surprised that i redirect me login page. At the same time i open second tab of first browser and it automatically redirect me at mail account page. What i councluded by this behaviour is that might be gmail server keep my browser id at their server so that whenever i eneter gmail.com on second tab of first browser, it automatically redirect me at gmail account. I don't know i am right or not? Please clear me this concept? What happens with my session at gmail server when i closed my browser tab? As per my opinion it should automatically logout me but why this doesn't happened?

    Read the article

  • Signed_request lost in ASP.NET session, confusing my website

    - by Csabi
    I have an ASP.NET MVC 3 website which is available both from a specific public url, and I'm also making be available as a Facebook App. Inside my website logic, in some places I have to determine whether the current request is from the Facebook-app, or from the public website, because I want to display content based on this environment. So, for eg. if the user is using my site as a facebook-app, then I want to display a picture, and if the user is using my site normally, then I don't wanna display a picture. To determine whether I'm from a Facebook app, I check the "signed_request" in the HttpContext.Request, and store it in the HttpSession to be available for my other actions, not just for that action (url) which is defined for my Facebook app. So when a child-action is executed, I can determine based on the Session, that the website is used as a FB-app or not. The problem happens, when the Session times out, because then althought the logic is still running inside Facebook, my logic thinks it's not inside Facebook. Any advice?

    Read the article

  • Hibernate Session flush behaviour [ and Spring @Transactional ]

    - by EugeneP
    I use Spring and Hibernate in a web-app, SessionFactory is injected into a DAO bean, and then this DAO is used in a Servlet through webservicecontext. DAO methods are transactional, inside one of the methods I use ... getCurrentSession().save(myObject); One servlet calls this method with an object passed. The update seems to not be flushed at once, it takes about 5 seconds to see the changes in the database. The servlet's method in which that DAO's update method is called, takes a fraction of second to complete. After the @Transactional method of DAO is completed, flushing may NOT happen ? It does not seem to be a rule [ I already see it ]. Then the question is this: what to do to force the session to flush after every DAO method? It may not be a good thing to do, but talking about a Service layer, some methods must end with immediate flush, and Hibernate Session behavior is not predictable. So what to do to guarantee that my @Transactional method persists all the changes after the last line of that method code? getCurrentSession().flush() is the only solution? p.s. I read somewhere that @Transactional IS ASSOCIATED with a DB Transaction. Method returns, transaction must be committed. I do not see this happens.

    Read the article

  • Horizontal Scaling of Tomcat in Microsoft Azure

    - by Fabe
    Hey everyone, I am working on this quiet a while, but still no conclustion. I want to do horizontal scaling of Tomcat instances in Microsoft Azure (1,2,3,... Tomcat instances for one service). I read lots of articles about session replication, clustering,... with Tomcat. Since Azure does not support Multicasts, there is no easy way to cluster Tomcat. Also sticky sessions is no options, because Azure does round robin load balancing. Setting up two services - one with Terracotta or Apache mod_jk - and the other with Tomcat instances seems overkill for me (if even doable)... Is this even possible? Thanks in advance for reading and answering my question. Every comment/idea is highly appreciated.

    Read the article

  • What is the best way to change the replication scheme of 2 currently replicated slaves?

    - by mmattax
    I have MySQL replication set up in production as follows: DB1 - DB2 DB1 - BAK Where DB2 and BAK are slaves to DB1. All 3 servers are in sync (0 seconds behind the master) and have 30+ GB of data. I'd like to put the servers in a new master-slave configuration as follows: DB1 - DB2 - BAK What is the best way to change the master host on BAK? Is there a way to avoid having to stop the slave thread on DB2 and getting a mysqldump for BAK (a 5-6 hour processes) ?

    Read the article

  • PHP session cookie sessionid

    - by msaif
    in PHP i used session and cookie not urlrewriting with PHPSESSID. but when i opened cookie then i saw the key value pair.but one of them is path : / what does path mean,can you explain elaborately. if i change the path value to /abc/cdddddddddd/efc then what does that mean?

    Read the article

  • ASP.NET Session or global variables?

    - by WtFudgE
    Hi, I am creating an ASP.NET page where I need a couple of variables which hold pathnames and a chosen language etc... Not that many, let's say about 5. Should I use session variables for this? Atm I'm using public static variables but I'm not sure if this is the right way to do this. Any thoughts? Thx

    Read the article

  • session id in php

    - by rajanikant
    hi every one i am trying to echo session id i saw that each time refreshing the page it chang thats why i cant login . please any one suggest wht prob should be there

    Read the article

  • Why not use PHP's built-in session handling?

    - by Dougal
    Is there currently - or has there ever been - any serious or significant problem with PHP's built-in session handling? I mean, it's always worked for me and my projects. But I see some codebases and frameworks out there seem to use a custom handler. Is this reinventing the wheel? Or improving on some flaws? What flaws?

    Read the article

  • Storing Requested URL in Global.asax without Session State in ASP.NET

    - by Mark Richman
    I have a complex URL rewriting scheme which breaks the built in Forms Authentication ReturnUrl mechanism. I would like to grab the requested URL for later redirection away from my login.aspx. I can get this URL in Application_BeginRequest via HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath. However, Session state is not available in Application_BeginRequest. How can I store this URL prior to ASP.NET redirecting me to login.aspx?

    Read the article

  • authentication and session in Java

    - by Sephy
    hi, I would like to know if it is possible to maintain an authentication (like a session with login and password in php) on a website from a java program, and if anyone had any lead on the subject or some reading for me, that would be great. thanks

    Read the article

  • Using Session in Silverlight using simple WebServices (NOT WCF)

    - by Syed
    Hi, I need to use Session variables in my Silverlight application ( Using Visual Studio 2008, and Silverlight 3). I am already using a webservice (not WCF service) and would like to know if I can add two methods say GetSessionVariable and SetSessionVariable in my existing WebService Class? Any assistance with sample code would be great! Regards and Thanks in advance, Nadeem.

    Read the article

  • Using memcached as a session storage with CodeIgniter

    - by Alex N.
    I am researching possibilities of using memcached as a session storage for a system built on CodeIgniter. Has anybody done this before(that's probably a stupid question :) and if so what's your experience folks? Have you used any existing libraries/extensions? As far as performance improvement what have you seen? Any caveats?

    Read the article

  • Rails creating a new session every page view

    - by danhere
    Hi everyone, I'm following the Agile RoR book somewhat to apply it to a project for school. It's going good until I get to sessions. I continually get Authenticity Invalid Tokens and when I look at my sessions table in the database, there's a new session being created every time I refresh the page. Is that right or is something messed up? Thanks.

    Read the article

  • session cant be identified in subdomain

    - by Mac Taylor
    hey guys i installed phpbb3 on a subdomain forums.mywebsite.com everything is fine unless in subdomain session that set before in my portal cant be identified but if i go to forums with this url : mywebsite.com/forums problem will be solved is there any solution to solve this problem and user can be identified when subdomain is used ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >