Search Results

Search found 6520 results on 261 pages for 'sent'.

Page 27/261 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • TCP-Connection Establishment = How to measure time based on Ping RRT?

    - by Tom
    Hello Experts, I would be greatful for help, understanding how long it takes to establish a TCP connection when I have the Ping RoundTripTip: According to Wikipedia a TCP Connection will be established in three steps: 1.SYN-SENT (=>CLIENT TO SERVER) 2.SYN/ACK-RECEIVED (=>SERVER TO CLIENT) 3.ACK-SENT (=>CLIENT TO SERVER) My Questions: Is it correct, that the third transmission (ACK-SENT) will not yet carry any payload (my data) but is only used for the connection establishement.(This leads to the conclusion, that the fourth packt will be the first packt to hold any payload....) Is it correct to assume, that when my Ping RoundTripTime is 20 milliseconds, that in the example given above, the TCP Connection establishment would at least require 30 millisecons, before any data can be transmitted between the Client and Server? Thank you very much Tom

    Read the article

  • Specifying culture for http request/reponse

    - by Akash
    I have a ReSTful web service which needs to parse culture-sensitive data from the request. This data could either be in an XML body or part of the query string. Is there any acepted way of determining which culture the data is being sent in (and by extension the culture in which the response should be sent)? One option is simply to specify to the clients the culture in which all requests should be sent. A friendlier option seems to be to allow the client to specify the culture. I've considered: a) using the accept-language http header to encode this information. b) using the xml:lang attribute for XML POSTs, and an extra field for query strings (e.g. ...&culture=en-GB) http://www.w3.org/International/questions/qa-accept-lang-locales warns of limitations in using the accept-language header, but most of the warnings seem to center around requests originating from browsers. In my case the requests will come from other applications. All advice greatly appreciated!

    Read the article

  • Mysql : Request to select the last 10 send/received messages to/by different users

    - by Yako malin
    Hello, I want to select the 10 last messages you received OR you sent TO different users. For example the results must be shown like that : 1. John1 - last message received 04/17/10 3:12 2. Thomy - last message sent 04/16/10 1:26 3. Pamela - last message received 04/12/10 3:51 4. Freddy - last message received 03/28/10 9:00 5. Jack - last message sent 03/20/10 4:53 6. Tom - last message received 02/01/10 7:41 ..... Table looks like : CREATE TABLE `messages` ( `id` int(11) NOT NULL AUTO_INCREMENT, `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `sender` int(11) DEFAULT NULL, `receiver` int(11) DEFAULT NULL, `content` text ) Have someone any solution ? Thanks in advance for your help.

    Read the article

  • Why is Apache seg faulting?

    - by Jamie Howard
    We have a production server that seems to Seg Fault a few times every day. The fault is picked up by Apache and logged in the error log - but there seems to be no traffic around the time. If it's a request generating the fault then it looks like it happens before any other logging is made so I can't see how it's happening so it's very hard to debug. Our setup is Linux 64 bit Centos 5.3 Apache is loaded with the following modules apachectl -t -D DUMP_MODULES | more Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_dbm_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_dbm_module (shared) authz_default_module (shared) ldap_module (shared) authnz_ldap_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) proxy_module (shared) proxy_balancer_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_connect_module (shared) cache_module (shared) suexec_module (shared) disk_cache_module (shared) file_cache_module (shared) mem_cache_module (shared) cgi_module (shared) version_module (shared) security2_module (shared) unique_id_module (shared) fcgid_module (shared) php5_module (shared) proxy_ajp_module (shared) ssl_module (shared) Here's an exert from the Apache error log: [Mon Mar 15 06:39:25 2010] [error] [client 213.246.222.74] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 07:41:31 2010] [error] [client 213.246.222.74] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 08:24:16 2010] [error] [client 67.19.250.146] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 08:43:46 2010] [error] [client 213.246.222.74] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 08:54:02 2010] [error] [client 74.208.123.71] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 09:09:51 2010] [notice] child pid 2138 exit signal Segmentation fault (11), possible coredump in /tmp [Mon Mar 15 09:45:27 2010] [error] [client 213.246.222.74] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Mon Mar 15 09:49:05 2010] [error] [client 190.12.113.196] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin [Mon Mar 15 09:49:06 2010] [error] [client 190.12.113.196] File does not exist: /var/www/vhosts/default/htdocs/PMA And the Access log around the same time (09:09:51): 213.246.222.74 - - [15/Mar/2010:08:43:46 +0000] "GET /" 400 561 "-" "-" 208.80.193.28 - - [15/Mar/2010:08:52:20 +0000] "GET / HTTP/1.0" 301 313 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; SU 2.009)" 74.208.123.71 - - [15/Mar/2010:08:54:02 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 298 "-" "-" 81.149.146.231 - - [15/Mar/2010:09:15:18 +0000] "GET /zabbix/ HTTP/1.1" 200 3565 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10" 81.158.71.196 - - [15/Mar/2010:09:16:06 +0000] "GET / HTTP/1.1" 301 313 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.0.18) Gecko/2010020219 Firefox/3.0.18" 213.246.222.74 - - [15/Mar/2010:09:45:27 +0000] "GET /" 400 561 "-" "-" 213.246.222.74 - - [15/Mar/2010:09:45:27 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 298 "-" "-" 190.12.113.196 - - [15/Mar/2010:09:49:05 +0000] "GET /phpMyAdmin/main.php HTTP/1.0" 404 295 "-" "-" So As you can see, there's no access logged around the time of the fault!! How annoying :s I enabled core dumps and here is the backtrace: #0 0x00007f9c8c8a858b in memcpy () from /lib64/libc.so.6 No symbol table info available. #1 0x00007f9c8cfb066d in apr_pstrcat (a=<value optimized out>) at strings/apr_strings.c:165 cp = 0x1fa6b "\205¦H\211¦t`¦\003" argp = 0x7f9c9ad790e8 "Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Referer, Re"... res = 0x0 saved_lengths = {129643, 2, 43, 140310399395576, 0, 140310394592712} nargs = <value optimized out> len = <value optimized out> adummy = {{gp_offset = 16, fp_offset = 32668, overflow_arg_area = 0x7fff968a0ec0, reg_save_area = 0x7fff968a0de0}} #2 0x00007f9c8cfb1bf9 in apr_table_merge (t=0x7f9c8f83b148, key=0x7f9c85a465fe "Vary", val=0x7f9c9ad99070 "Referer, Referer, Referer, Referer, Referer") at tables/apr_tables.c:688 next_elt = (apr_table_entry_t *) 0x7f9c8f83b270 end_elt = (apr_table_entry_t *) 0x7f9c8f83b270 checksum = <value optimized out> hash = 22 #3 0x00007f9c85a42cfa in ?? () from /etc/httpd/modules/mod_rewrite.so No symbol table info available. #4 0x00007f9c85a44022 in ?? () from /etc/httpd/modules/mod_rewrite.so No symbol table info available. #5 0x00007f9c8e87bd1a in ap_run_fixups () from /usr/sbin/httpd No symbol table info available. #6 0x00007f9c8e88e8f8 in ap_process_request () from /usr/sbin/httpd No symbol table info available. #7 0x00007f9c8e88bb40 in ?? () from /usr/sbin/httpd No symbol table info available. #8 0x00007f9c8e887ca2 in ap_run_process_connection () from /usr/sbin/httpd No symbol table info available. #9 0x00007f9c8e892849 in ?? () from /usr/sbin/httpd No symbol table info available. #10 0x00007f9c8e892ada in ?? () from /usr/sbin/httpd No symbol table info available. #11 0x00007f9c8e892b90 in ?? () from /usr/sbin/httpd No symbol table info available. #12 0x00007f9c8e89387b in ap_mpm_run () from /usr/sbin/httpd No symbol table info available. #13 0x00007f9c8e86de48 in main () from /usr/sbin/httpd No symbol table info available. Can anyone shed any light on how to move forward with this? I can confirm that the server is operational and doesn't appear to be misbehaving - the failures are so infrequent that I haven't seen it do one while making a request myself. Really appreciate any help! Cheers!

    Read the article

  • Bounce Email handling with PHP??

    - by mcfadder_09
    I am really new to this (not new to php). Here is my scenario: I have 2 emails accounts. [email protected] and [email protected]. I want to send email to all my users with [email protected] but then "reply to" [email protected] (until here, my php script can handle it). When, the email cant be sent, it sent to [email protected], the error message could be 553 (non existent email ...) etc. My question is: How do I direct all those bounce emails (couldn't sent emails) to [email protected] through a handling script to check for the bounce error codes? What programming language should I be for the "handling script"? What would the "handling script" looks like? Can give a sample? OR:(Big Question) What are the procedures I should follow to handle the bounce email ??

    Read the article

  • How to send EOF to stdin in paramiko?

    - by Alexandru
    I would like to execute some program through ssh and redirect its input from a file. The behaviour of the following code: channel.exec_command('cat') with open('mumu', 'r') as f: text = f.read() nbytes = 0 while nbytes < len(text): sent = channel.send(text[nbytes:]) if sent == 0: break nbytes += sent should be equivalent to (assuming public-key authentication): ssh user@host cat < mumu However the application hangs waiting for more input. I think this happens because the stdin stream is never closed. How do I do that?

    Read the article

  • Send Redirects To Specific Ports

    - by Garrett
    I have an Rails application server that is listening on port 9000, and is being called through haproxy. All my redirects from that server are being redirected back through port 9000, when they should be sent back on port 80. I am using a combination of haproxy + nginx + passenger. Is there a way to make sure all redirects are being sent through port 80, regardless of what port the actual server is listening on? I don't care if its a haproxy, nginx, Passenger, or Rails change. I just need to make sure most requests unless specified otherwise, are sent back to port 80. Thanks!

    Read the article

  • How does one capture H.323 voice traffic on a VOIP network?

    - by Chris Holmes
    What I am trying to do is capture the WAV data of a phone conversation on a VOIP network using SharpPCap/PCap.Net. We are using the H.323 recommendation and my understanding is that voice data is located in the RTP packets. However, there is no way to heuristically determine if a UDP packet is a RTP packet, so we have to do more work before we can capture the data. The H.323 recommendation apparently uses a lot of traffic on specific TCP ports to negotiate the call before the WAV data is sent via RTP. However, I am having very little luck determining what data is actually sent on those TCP ports, when it is sent, what the packets look like, how to handle it, etc. If anyone has any information on how to go about this I'd really appreciate it. My Google-Fu seems to be failing me on this one.

    Read the article

  • Where should I catch WM_HIBERNATE and WM_CLOSE in Windows Mobile/WinCE?

    - by afriza
    I have read about Windows Mobile's X button's behaviour, WM_HIBERNATE, and WM_CLOSE on Low Memory Situation. MSDN on WM_HIBERNATE: This message is sent to an application when system resources are running low. An application should attempt to release as many resources as possible when sent this message by unloading dialog boxes, destroying windows, or freeing up as much local storage as possible without changing the internal state. MSDN on WM_CLOSE: This message is sent as a signal that a window or an application should terminate. Where should I catch the message? in the main message pump? in every window? or only some windows? If I am using MFC, where should I catch it?

    Read the article

  • steps for facebook connect graph api

    - by dskanth
    Hi, iam using facebook connect in my site, and i want to know how do i use the graph api for authenticating the user. I followed these steps: 1) Initially i sent a request for "code", by clicking on the facebook icon in my site: https://graph.facebook.com/oauth/authorize? client_id=xxx&redirect_uri=http://xxxxxxxx 2) And then after getting a code, i sent a request for "access token", by clicking on another link in my site: https://graph.facebook.com/oauth/access_token? client_id=xxx&redirect_uri=http://xxxxxxx&client_secret=xxxx&code=xxxxx 3) And after i got the token, i sent another request for getting user data, by clicking on yet another link: https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Then finally i got the user data in array format, which i need to parse for my required data like user's firstname, email, etc. Now my question is that how i can automate this process with just one click ? Right now, iam using 3 different links for sending those requests. Can anyone suggest a solution ?

    Read the article

  • simplemodal contact form does not close after sending mail in ie8

    - by frank
    hi, i am using the simplemodal contact form for my website. it works perfectly on safari, firefox and opera on mac os, and firefox and chrome on windows. the only issue i have is with ie8. when i click the "send" button the mail is actually sent but i get an error message (alert window with "unknown" in it) and then everything seems to be in some infinite loop with the "loading.gif" turning and turning. it never gets to the step where i ahve the message "your mail has been sucessfully sent" although like i said the mail is sent. any idea where the problem is coming from ? thanks for your help. frank

    Read the article

  • php mysql flex unicode

    - by JonoB
    I have a problem with saving the £ symbol to a mysql database. I am running a flex front end, with a php + mysql backend When I save a record from flex, the string gets sent to the server as "This amount is £10" php views the string as above, and when it gets saved into the DB, it gets saved as "This amount is £10". My understanding is that this is correct based on MySQL or PHP is appending a  whenever the £ is used I now retrieve the above record, and it gets sent to flex as "This amount is £10". Flex correctly displays this in a textarea as "This amount is £10" I change another field in the same record in flex, and re-save the transaction. The string now gets sent to the server as "This amount is £10" The record is now saved into the DB as "The amount is £10". Each time the record is re-saved, this effect snowballs. Thanks for any advice you can give.

    Read the article

  • django + xmppy: send a message to two recipients

    - by Agrajag
    I'm trying to use xmpppy for sending jabber-messages from a django-website. This works entirely fine. However, the message only gets sent to the -first- of the recipients in the list. This happens when I run the following function from django, and also if I run it from an interactive python-shell. The weird part though, is that if I extract the -body- of the function and run that interactively, then all the recipients (there's just 2 at the moment) get the message. Also, I do know that the inner for-loop gets run the correct count times (2), because the print-statement does run twice, and return two different message-ids. The function looks like this: def hello_jabber(request, text): jid=xmpp.protocol.JID(settings.JABBER_ID) cl=xmpp.Client(jid.getDomain(),debug=[]) con=cl.connect() auth=cl.auth(jid.getNode(),settings.JABBER_PW,resource=jid.getResource()) for friend in settings.JABBER_FRIENDS: id=cl.send(xmpp.protocol.Message(friend,friend + ' is awesome:' + text)) print 'sent message with id ' + str(id) cl.disconnect() return render_to_response('jabber/sent.htm', locals())

    Read the article

  • Reason for not properly closed socket?

    - by gc
    Here is what I am trying to do: The server sends message to connected clients when new messages are available. The client, on the other hand, when connected, tries to send a message to the server using send() and then receive message using recv(), right after that, the client calls close() to close the connection. Sometimes, after the client finishes, the server tries to receive message from client will result in a 104 - "connection reset by peer" error. When this happens, Wireshark reveals that the last two segments sent by the client is: 1. an ACK acknowledging the receipt of the message sent by the server 2. a RST/ACK No FIN is sent by the client. Why is this happening and how can I close the socket "properly" at the client?

    Read the article

  • Programming error in Java Socket

    - by Akhil K Nambiar
    Can you tell me what is the error in this code? Socket socket = new Socket(hostname, port); PrintWriter out = new PrintWriter(socket.getOutputStream(), true); //DataInputStream is = new DataInputStream(socket.getInputStream()); out.println("hi"); System.out.print(in.readLine()); The Server Socket program is written in .Net and it echoes back the data. The data is sent successfully but could not be retrieved properly. I tried the same by using the linux command nc 192.168.1.6 8425 (enter) Hi (Sent data) Hi (recieved data) When I checked the code the data is found to have sent as byteStream in .Net. Is that a problem. In that case what modification should I make.

    Read the article

  • Java SOAP WSDL 1.1 message sending all the parameters (even future ones)

    - by Eduardo
    I have to communicate with a SOAP Web Service defined in a WSDL 1.1. All the parameters are optional in the WSDL like: <xsd:element name="Submitter" type="xsd:string"/> but if I do not send them I get an error because the parameter was not sent, so instead I have to send an empty string for any parameter I do not intent to send. So instead of not sending the element I have to send: <Submitter></Submitter> The problem is that the WebService publisher does not have any problem adding new parameters at any point in time but I must sent at least an empty string for all the parameters. How may I call this WebService in Java so every time I call the WebService the WSDL is read so that all the parameters are sent having the parameters I care for are actually filled with the data I provide? I am currently using Apache CXF but I am open to anything to solve this problem.

    Read the article

  • Write a recursive function in C that converts a number into a string

    - by user3501779
    I'm studying software engineering, and came across this exercise: it asks to write a recursive function in C language that receives a positive integer and an empty string, and "translates" the number into a string. Meaning that after calling the function, the string we sent would contain the number but as a string of its digits. I wrote this function, but when I tried printing the string, it did print the number I sent, but in reverse. This is the function: void strnum(int n, char *str) { if(n) { strnum(n/10, str+1); *str = n%10 + '0'; } } For example, I sent the number 123 on function call, and the output was 321 instead of 123. I also tried exchanging the two lines within the if statement, and it still does the same. I can't figure out what I did wrong. Can someone help please? NOTE: Use of while and for loop statements is not allowed for the exercise.

    Read the article

  • Perform tasks with delay, without delaying web response (ASP.NET)

    - by Tomas Lycken
    I'm working on a feature that needs to send two text messages with a 30 second delay, and it is crucial that both text messages are sent. Currently, this feature is built with ajax requests, that are sent with a 30 second javascript delay, but since this requires the user to have his browser open and left on the same page for at least 30 seconds, it is not a method I like. Instead, I have tried to solve this with threading. This is what I've done: Public Shared Sub Larma() Dim thread As New System.Threading.Thread(AddressOf Larma_Thread) thread.Start() End Sub Private Shared Sub Larma_Thread() StartaLarm() Thread.Sleep(1000 * 30) StoppaLarm() End Sub A web handler calls Larma(), and StartaLarm() and StoppaLarm() are the methods that send the first and second text messages respectively. However, I only get the first text message delivered - the second is never sent. Am I doing something wrong here? I have no deep understanding of how threading works in ASP.NET, so please let me know how to accomplish this.

    Read the article

  • Mono 2.11 on nginx using fastcgi-mono-server4 will not work

    - by fuzzycow101
    I have mono 2.11 set up with my nginx 1.0.15 webserver running on centos 6.2. I built it from source and xps2, xps4 and fastcgi-mono-server2 work as expected. The problem is when I try and run fastcgi-mono-server4. When I run: fastcgi-mono-server4 /applications=site:/:/srv/www/html/ /socket=tcp:127.0.0.1:9000 /loglevels=Debug /printlog=true Here is what I get from fastcgi-mono-server2: [2012-06-06 23:51:07Z] Debug Record received. (Type: BeginRequest, ID: 1, Length: 8) [2012-06-06 23:51:07Z] Debug Record received. (Type: Params, ID: 1, Length: 801) [2012-06-06 23:51:07Z] Debug Record received. (Type: Params, ID: 1, Length: 0) [2012-06-06 23:51:07Z] Debug Read parameter. (QUERY_STRING = ) [2012-06-06 23:51:07Z] Debug Read parameter. (REQUEST_METHOD = GET) [2012-06-06 23:51:07Z] Debug Read parameter. (CONTENT_TYPE = ) [2012-06-06 23:51:07Z] Debug Read parameter. (CONTENT_LENGTH = ) [2012-06-06 23:51:07Z] Debug Read parameter. (SCRIPT_NAME = /) [2012-06-06 23:51:07Z] Debug Read parameter. (REQUEST_URI = /) [2012-06-06 23:51:07Z] Debug Read parameter. (DOCUMENT_URI = /) [2012-06-06 23:51:07Z] Debug Read parameter. (DOCUMENT_ROOT = /srv/www/html) [2012-06-06 23:51:07Z] Debug Read parameter. (SERVER_PROTOCOL = HTTP/1.1) [2012-06-06 23:51:07Z] Debug Read parameter. (GATEWAY_INTERFACE = CGI/1.1) [2012-06-06 23:51:07Z] Debug Read parameter. (SERVER_SOFTWARE = nginx/1.0.15) [2012-06-06 23:51:07Z] Debug Read parameter. (REMOTE_ADDR = 192.168.128.121) [2012-06-06 23:51:07Z] Debug Read parameter. (REMOTE_PORT = 62326) [2012-06-06 23:51:07Z] Debug Read parameter. (SERVER_ADDR = 192.168.128.125) [2012-06-06 23:51:07Z] Debug Read parameter. (SERVER_PORT = 80) [2012-06-06 23:51:07Z] Debug Read parameter. (SERVER_NAME = site) [2012-06-06 23:51:07Z] Debug Read parameter. (REDIRECT_STATUS = 200) [2012-06-06 23:51:07Z] Debug Read parameter. (PATH_INFO = ) [2012-06-06 23:51:07Z] Debug Read parameter. (SCRIPT_FILENAME = /srv/www/html/) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_HOST = site) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_ACCEPT_ENCODING = gzip, deflate) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_CONNECTION = keep-alive) [2012-06-06 23:51:07Z] Debug Read parameter. (HTTP_COOKIE = ASP.NET_SessionId=0176BE8FC161E702439D3C91) [2012-06-06 23:51:07Z] Debug Record received. (Type: StandardInput, ID: 1, Length: 0) [2012-06-06 23:51:08Z] Debug Record sent. (Type: StandardOutput, ID: 1, Length: 196) [2012-06-06 23:51:08Z] Debug Record sent. (Type: StandardOutput, ID: 1, Length: 128) [2012-06-06 23:51:08Z] Debug Record sent. (Type: StandardOutput, ID: 1, Length: 0) [2012-06-06 23:51:08Z] Debug Record sent. (Type: EndRequest, ID: 1, Length: 8) And this is what I get from fastcgi-mono-server4: [2012-06-06 23:50:52Z] Debug Record received. (Type: BeginRequest, ID: 1, Length: 8) [2012-06-06 23:50:52Z] Debug Record received. (Type: Params, ID: 1, Length: 801) [2012-06-06 23:50:52Z] Debug Record received. (Type: Params, ID: 1, Length: 0) [2012-06-06 23:50:52Z] Debug Read parameter. (QUERY_STRING = ) [2012-06-06 23:50:52Z] Debug Read parameter. (REQUEST_METHOD = GET) [2012-06-06 23:50:52Z] Debug Read parameter. (CONTENT_TYPE = ) [2012-06-06 23:50:52Z] Debug Read parameter. (CONTENT_LENGTH = ) [2012-06-06 23:50:52Z] Debug Read parameter. (SCRIPT_NAME = /) [2012-06-06 23:50:52Z] Debug Read parameter. (REQUEST_URI = /) [2012-06-06 23:50:52Z] Debug Read parameter. (DOCUMENT_URI = /) [2012-06-06 23:50:52Z] Debug Read parameter. (DOCUMENT_ROOT = /srv/www/html) [2012-06-06 23:50:52Z] Debug Read parameter. (SERVER_PROTOCOL = HTTP/1.1) [2012-06-06 23:50:52Z] Debug Read parameter. (GATEWAY_INTERFACE = CGI/1.1) [2012-06-06 23:50:52Z] Debug Read parameter. (SERVER_SOFTWARE = nginx/1.0.15) [2012-06-06 23:50:52Z] Debug Read parameter. (REMOTE_ADDR = 192.168.128.121) [2012-06-06 23:50:52Z] Debug Read parameter. (REMOTE_PORT = 62326) [2012-06-06 23:50:52Z] Debug Read parameter. (SERVER_ADDR = 192.168.128.125) [2012-06-06 23:50:52Z] Debug Read parameter. (SERVER_PORT = 80) [2012-06-06 23:50:52Z] Debug Read parameter. (SERVER_NAME = site) [2012-06-06 23:50:52Z] Debug Read parameter. (REDIRECT_STATUS = 200) [2012-06-06 23:50:52Z] Debug Read parameter. (PATH_INFO = ) [2012-06-06 23:50:52Z] Debug Read parameter. (SCRIPT_FILENAME = /srv/www/html/) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_HOST = site) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_ACCEPT_ENCODING = gzip, deflate) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_CONNECTION = keep-alive) [2012-06-06 23:50:52Z] Debug Read parameter. (HTTP_COOKIE = ASP.NET_SessionId=0176BE8FC161E702439D3C91) [2012-06-06 23:50:53Z] Debug Record received. (Type: StandardInput, ID: 1, Length: 0) [2012-06-06 23:50:53Z] Debug Record sent. (Type: EndRequest, ID: 1, Length: 8) I do not see what I am doing wrong. Any help would be great.

    Read the article

  • Send regular keyboard samples OR keyboard state changes over network

    - by Ciaran
    Building a multi player asteroids game where ships compete with each other. Using UDP. Wanted to minimize traffic sent to server. Which would you do: Send periodic keyboard state samples every from client every to match server physics update rate e.g. 50 times per second. Highly resilient to packet loss and other reliabilty problems. Out of date packets disacarded by server. Generates a lot of unnuecessary traffic. Only send keyboard state when it changes (key up, key down). Radically less traffic sent from client to server. However, UDP can lose packets without you being informed. So the latter method could result in the vital packet never being resent unless I detect and resend this in a timely manner.

    Read the article

  • Transactional Messaging in the Windows Azure Service Bus

    - by Alan Smith
    Introduction I’m currently working on broadening the content in the Windows Azure Service Bus Developer Guide. One of the features I have been looking at over the past week is the support for transactional messaging. When using the direct programming model and the WCF interface some, but not all, messaging operations can participate in transactions. This allows developers to improve the reliability of messaging systems. There are some limitations in the transactional model, transactions can only include one top level messaging entity (such as a queue or topic, subscriptions are no top level entities), and transactions cannot include other systems, such as databases. As the transaction model is currently not well documented I have had to figure out how things work through experimentation, with some help from the development team to confirm any questions I had. Hopefully I’ve got the content mostly correct, I will update the content in the e-book if I find any errors or improvements that can be made (any feedback would be very welcome). I’ve not had a chance to look into the code for transactions and asynchronous operations, maybe that would make a nice challenge lab for my Windows Azure Service Bus course. Transactional Messaging Messaging entities in the Windows Azure Service Bus provide support for participation in transactions. This allows developers to perform several messaging operations within a transactional scope, and ensure that all the actions are committed or, if there is a failure, none of the actions are committed. There are a number of scenarios where the use of transactions can increase the reliability of messaging systems. Using TransactionScope In .NET the TransactionScope class can be used to perform a series of actions in a transaction. The using declaration is typically used de define the scope of the transaction. Any transactional operations that are contained within the scope can be committed by calling the Complete method. If the Complete method is not called, any transactional methods in the scope will not commit.   // Create a transactional scope. using (TransactionScope scope = new TransactionScope()) {     // Do something.       // Do something else.       // Commit the transaction.     scope.Complete(); }     In order for methods to participate in the transaction, they must provide support for transactional operations. Database and message queue operations typically provide support for transactions. Transactions in Brokered Messaging Transaction support in Service Bus Brokered Messaging allows message operations to be performed within a transactional scope; however there are some limitations around what operations can be performed within the transaction. In the current release, only one top level messaging entity, such as a queue or topic can participate in a transaction, and the transaction cannot include any other transaction resource managers, making transactions spanning a messaging entity and a database not possible. When sending messages, the send operations can participate in a transaction allowing multiple messages to be sent within a transactional scope. This allows for “all or nothing” delivery of a series of messages to a single queue or topic. When receiving messages, messages that are received in the peek-lock receive mode can be completed, deadlettered or deferred within a transactional scope. In the current release the Abandon method will not participate in a transaction. The same restrictions of only one top level messaging entity applies here, so the Complete method can be called transitionally on messages received from the same queue, or messages received from one or more subscriptions in the same topic. Sending Multiple Messages in a Transaction A transactional scope can be used to send multiple messages to a queue or topic. This will ensure that all the messages will be enqueued or, if the transaction fails to commit, no messages will be enqueued.     An example of the code used to send 10 messages to a queue as a single transaction from a console application is shown below.   QueueClient queueClient = messagingFactory.CreateQueueClient(Queue1);   Console.Write("Sending");   // Create a transaction scope. using (TransactionScope scope = new TransactionScope()) {     for (int i = 0; i < 10; i++)     {         // Send a message         BrokeredMessage msg = new BrokeredMessage("Message: " + i);         queueClient.Send(msg);         Console.Write(".");     }     Console.WriteLine("Done!");     Console.WriteLine();       // Should we commit the transaction?     Console.WriteLine("Commit send 10 messages? (yes or no)");     string reply = Console.ReadLine();     if (reply.ToLower().Equals("yes"))     {         // Commit the transaction.         scope.Complete();     } } Console.WriteLine(); messagingFactory.Close();     The transaction scope is used to wrap the sending of 10 messages. Once the messages have been sent the user has the option to either commit the transaction or abandon the transaction. If the user enters “yes”, the Complete method is called on the scope, which will commit the transaction and result in the messages being enqueued. If the user enters anything other than “yes”, the transaction will not commit, and the messages will not be enqueued. Receiving Multiple Messages in a Transaction The receiving of multiple messages is another scenario where the use of transactions can improve reliability. When receiving a group of messages that are related together, maybe in the same message session, it is possible to receive the messages in the peek-lock receive mode, and then complete, defer, or deadletter the messages in one transaction. (In the current version of Service Bus, abandon is not transactional.)   The following code shows how this can be achieved. using (TransactionScope scope = new TransactionScope()) {       while (true)     {         // Receive a message.         BrokeredMessage msg = q1Client.Receive(TimeSpan.FromSeconds(1));         if (msg != null)         {             // Wrote message body and complete message.             string text = msg.GetBody<string>();             Console.WriteLine("Received: " + text);             msg.Complete();         }         else         {             break;         }     }     Console.WriteLine();       // Should we commit?     Console.WriteLine("Commit receive? (yes or no)");     string reply = Console.ReadLine();     if (reply.ToLower().Equals("yes"))     {         // Commit the transaction.         scope.Complete();     }     Console.WriteLine(); }     Note that if there are a large number of messages to be received, there will be a chance that the transaction may time out before it can be committed. It is possible to specify a longer timeout when the transaction is created, but It may be better to receive and commit smaller amounts of messages within the transaction. It is also possible to complete, defer, or deadletter messages received from more than one subscription, as long as all the subscriptions are contained in the same topic. As subscriptions are not top level messaging entities this scenarios will work. The following code shows how this can be achieved. try {     using (TransactionScope scope = new TransactionScope())     {         // Receive one message from each subscription.         BrokeredMessage msg1 = subscriptionClient1.Receive();         BrokeredMessage msg2 = subscriptionClient2.Receive();           // Complete the message receives.         msg1.Complete();         msg2.Complete();           Console.WriteLine("Msg1: " + msg1.GetBody<string>());         Console.WriteLine("Msg2: " + msg2.GetBody<string>());           // Commit the transaction.         scope.Complete();     } } catch (Exception ex) {     Console.WriteLine(ex.Message); }     Unsupported Scenarios The restriction of only one top level messaging entity being able to participate in a transaction makes some useful scenarios unsupported. As the Windows Azure Service Bus is under continuous development and new releases are expected to be frequent it is possible that this restriction may not be present in future releases. The first is the scenario where messages are to be routed to two different systems. The following code attempts to do this.   try {     // Create a transaction scope.     using (TransactionScope scope = new TransactionScope())     {         BrokeredMessage msg1 = new BrokeredMessage("Message1");         BrokeredMessage msg2 = new BrokeredMessage("Message2");           // Send a message to Queue1         Console.WriteLine("Sending Message1");         queue1Client.Send(msg1);           // Send a message to Queue2         Console.WriteLine("Sending Message2");         queue2Client.Send(msg2);           // Commit the transaction.         Console.WriteLine("Committing transaction...");         scope.Complete();     } } catch (Exception ex) {     Console.WriteLine(ex.Message); }     The results of running the code are shown below. When attempting to send a message to the second queue the following exception is thrown: No active Transaction was found for ID '35ad2495-ee8a-4956-bbad-eb4fedf4a96e:1'. The Transaction may have timed out or attempted to span multiple top-level entities such as Queue or Topic. The server Transaction timeout is: 00:01:00..TrackingId:947b8c4b-7754-4044-b91b-4a959c3f9192_3_3,TimeStamp:3/29/2012 7:47:32 AM.   Another scenario where transactional support could be useful is when forwarding messages from one queue to another queue. This would also involve more than one top level messaging entity, and is therefore not supported.   Another scenario that developers may wish to implement is performing transactions across messaging entities and other transactional systems, such as an on-premise database. In the current release this is not supported.   Workarounds for Unsupported Scenarios There are some techniques that developers can use to work around the one top level entity limitation of transactions. When sending two messages to two systems, topics and subscriptions can be used. If the same message is to be sent to two destinations then the subscriptions would have the default subscriptions, and the client would only send one message. If two different messages are to be sent, then filters on the subscriptions can route the messages to the appropriate destination. The client can then send the two messages to the topic in the same transaction.   In scenarios where a message needs to be received and then forwarded to another system within the same transaction topics and subscriptions can also be used. A message can be received from a subscription, and then sent to a topic within the same transaction. As a topic is a top level messaging entity, and a subscription is not, this scenario will work.

    Read the article

  • Anti-Forgery Request Recipes For ASP.NET MVC And AJAX

    - by Dixin
    Background To secure websites from cross-site request forgery (CSRF, or XSRF) attack, ASP.NET MVC provides an excellent mechanism: The server prints tokens to cookie and inside the form; When the form is submitted to server, token in cookie and token inside the form are sent in the HTTP request; Server validates the tokens. To print tokens to browser, just invoke HtmlHelper.AntiForgeryToken():<% using (Html.BeginForm()) { %> <%: this.Html.AntiForgeryToken(Constants.AntiForgeryTokenSalt)%> <%-- Other fields. --%> <input type="submit" value="Submit" /> <% } %> This invocation generates a token then writes inside the form:<form action="..." method="post"> <input name="__RequestVerificationToken" type="hidden" value="J56khgCvbE3bVcsCSZkNVuH9Cclm9SSIT/ywruFsXEgmV8CL2eW5C/gGsQUf/YuP" /> <!-- Other fields. --> <input type="submit" value="Submit" /> </form> and also writes into the cookie: __RequestVerificationToken_Lw__= J56khgCvbE3bVcsCSZkNVuH9Cclm9SSIT/ywruFsXEgmV8CL2eW5C/gGsQUf/YuP When the above form is submitted, they are both sent to server. In the server side, [ValidateAntiForgeryToken] attribute is used to specify the controllers or actions to validate them:[HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult Action(/* ... */) { // ... } This is very productive for form scenarios. But recently, when resolving security vulnerabilities for Web products, some problems are encountered. Specify validation on controller (not on each action) The server side problem is, It is expected to declare [ValidateAntiForgeryToken] on controller, but actually it has be to declared on each POST actions. Because POST actions are usually much more then controllers, the work would be a little crazy. Problem Usually a controller contains actions for HTTP GET and actions for HTTP POST requests, and usually validations are expected for HTTP POST requests. So, if the [ValidateAntiForgeryToken] is declared on the controller, the HTTP GET requests become invalid:[ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public class SomeController : Controller // One [ValidateAntiForgeryToken] attribute. { [HttpGet] public ActionResult Index() // Index() cannot work. { // ... } [HttpPost] public ActionResult PostAction1(/* ... */) { // ... } [HttpPost] public ActionResult PostAction2(/* ... */) { // ... } // ... } If browser sends an HTTP GET request by clicking a link: http://Site/Some/Index, validation definitely fails, because no token is provided. So the result is, [ValidateAntiForgeryToken] attribute must be distributed to each POST action:public class SomeController : Controller // Many [ValidateAntiForgeryToken] attributes. { [HttpGet] public ActionResult Index() // Works. { // ... } [HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult PostAction1(/* ... */) { // ... } [HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult PostAction2(/* ... */) { // ... } // ... } This is a little bit crazy, because one application can have a lot of POST actions. Solution To avoid a large number of [ValidateAntiForgeryToken] attributes (one for each POST action), the following ValidateAntiForgeryTokenWrapperAttribute wrapper class can be helpful, where HTTP verbs can be specified:[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class ValidateAntiForgeryTokenWrapperAttribute : FilterAttribute, IAuthorizationFilter { private readonly ValidateAntiForgeryTokenAttribute _validator; private readonly AcceptVerbsAttribute _verbs; public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs) : this(verbs, null) { } public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs, string salt) { this._verbs = new AcceptVerbsAttribute(verbs); this._validator = new ValidateAntiForgeryTokenAttribute() { Salt = salt }; } public void OnAuthorization(AuthorizationContext filterContext) { string httpMethodOverride = filterContext.HttpContext.Request.GetHttpMethodOverride(); if (this._verbs.Verbs.Contains(httpMethodOverride, StringComparer.OrdinalIgnoreCase)) { this._validator.OnAuthorization(filterContext); } } } When this attribute is declared on controller, only HTTP requests with the specified verbs are validated:[ValidateAntiForgeryTokenWrapper(HttpVerbs.Post, Constants.AntiForgeryTokenSalt)] public class SomeController : Controller { // GET actions are not affected. // Only HTTP POST requests are validated. } Now one single attribute on controller turns on validation for all POST actions. Maybe it would be nice if HTTP verbs can be specified on the built-in [ValidateAntiForgeryToken] attribute, which is easy to implemented. Specify Non-constant salt in runtime By default, the salt should be a compile time constant, so it can be used for the [ValidateAntiForgeryToken] or [ValidateAntiForgeryTokenWrapper] attribute. Problem One Web product might be sold to many clients. If a constant salt is evaluated in compile time, after the product is built and deployed to many clients, they all have the same salt. Of course, clients do not like this. Even some clients might want to specify a custom salt in configuration. In these scenarios, salt is required to be a runtime value. Solution In the above [ValidateAntiForgeryToken] and [ValidateAntiForgeryTokenWrapper] attribute, the salt is passed through constructor. So one solution is to remove this parameter:public class ValidateAntiForgeryTokenWrapperAttribute : FilterAttribute, IAuthorizationFilter { public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs) { this._verbs = new AcceptVerbsAttribute(verbs); this._validator = new ValidateAntiForgeryTokenAttribute() { Salt = AntiForgeryToken.Value }; } // Other members. } But here the injected dependency becomes a hard dependency. So the other solution is moving validation code into controller to work around the limitation of attributes:public abstract class AntiForgeryControllerBase : Controller { private readonly ValidateAntiForgeryTokenAttribute _validator; private readonly AcceptVerbsAttribute _verbs; protected AntiForgeryControllerBase(HttpVerbs verbs, string salt) { this._verbs = new AcceptVerbsAttribute(verbs); this._validator = new ValidateAntiForgeryTokenAttribute() { Salt = salt }; } protected override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); string httpMethodOverride = filterContext.HttpContext.Request.GetHttpMethodOverride(); if (this._verbs.Verbs.Contains(httpMethodOverride, StringComparer.OrdinalIgnoreCase)) { this._validator.OnAuthorization(filterContext); } } } Then make controller classes inheriting from this AntiForgeryControllerBase class. Now the salt is no long required to be a compile time constant. Submit token via AJAX For browser side, once server side turns on anti-forgery validation for HTTP POST, all AJAX POST requests will fail by default. Problem In AJAX scenarios, the HTTP POST request is not sent by form. Take jQuery as an example:$.post(url, { productName: "Tofu", categoryId: 1 // Token is not posted. }, callback); This kind of AJAX POST requests will always be invalid, because server side code cannot see the token in the posted data. Solution Basically, the tokens must be printed to browser then sent back to server. So first of all, HtmlHelper.AntiForgeryToken() need to be called somewhere. Now the browser has token in both HTML and cookie. Then jQuery must find the printed token in the HTML, and append token to the data before sending:$.post(url, { productName: "Tofu", categoryId: 1, __RequestVerificationToken: getToken() // Token is posted. }, callback); To be reusable, this can be encapsulated into a tiny jQuery plugin:/// <reference path="jquery-1.4.2.js" /> (function ($) { $.getAntiForgeryToken = function (tokenWindow, appPath) { // HtmlHelper.AntiForgeryToken() must be invoked to print the token. tokenWindow = tokenWindow && typeof tokenWindow === typeof window ? tokenWindow : window; appPath = appPath && typeof appPath === "string" ? "_" + appPath.toString() : ""; // The name attribute is either __RequestVerificationToken, // or __RequestVerificationToken_{appPath}. tokenName = "__RequestVerificationToken" + appPath; // Finds the <input type="hidden" name={tokenName} value="..." /> from the specified. // var inputElements = $("input[type='hidden'][name='__RequestVerificationToken" + appPath + "']"); var inputElements = tokenWindow.document.getElementsByTagName("input"); for (var i = 0; i < inputElements.length; i++) { var inputElement = inputElements[i]; if (inputElement.type === "hidden" && inputElement.name === tokenName) { return { name: tokenName, value: inputElement.value }; } } return null; }; $.appendAntiForgeryToken = function (data, token) { // Converts data if not already a string. if (data && typeof data !== "string") { data = $.param(data); } // Gets token from current window by default. token = token ? token : $.getAntiForgeryToken(); // $.getAntiForgeryToken(window). data = data ? data + "&" : ""; // If token exists, appends {token.name}={token.value} to data. return token ? data + encodeURIComponent(token.name) + "=" + encodeURIComponent(token.value) : data; }; // Wraps $.post(url, data, callback, type). $.postAntiForgery = function (url, data, callback, type) { return $.post(url, $.appendAntiForgeryToken(data), callback, type); }; // Wraps $.ajax(settings). $.ajaxAntiForgery = function (settings) { settings.data = $.appendAntiForgeryToken(settings.data); return $.ajax(settings); }; })(jQuery); In most of the scenarios, it is Ok to just replace $.post() invocation with $.postAntiForgery(), and replace $.ajax() with $.ajaxAntiForgery():$.postAntiForgery(url, { productName: "Tofu", categoryId: 1 }, callback); // Token is posted. There might be some scenarios of custom token, where $.appendAntiForgeryToken() is useful:data = $.appendAntiForgeryToken(data, token); // Token is already in data. No need to invoke $.postAntiForgery(). $.post(url, data, callback); And there are scenarios that the token is not in the current window. For example, an HTTP POST request can be sent by an iframe, while the token is in the parent window. Here, token's container window can be specified for $.getAntiForgeryToken():data = $.appendAntiForgeryToken(data, $.getAntiForgeryToken(window.parent)); // Token is already in data. No need to invoke $.postAntiForgery(). $.post(url, data, callback); If you have better solution, please do tell me.

    Read the article

  • Google webmastertools soft 404 - How to update google search after updating it to 200

    - by Jayapal Chandran
    My site has many modules which are indexed by google. Recently there has been a database problem so the site was not appearing well like many links returned 404 i think. Now i have make it working and all the content what previously google indexed are as it were. How do we update google that i have corrected and the pages which sent 404 are not 200? That is now i wanted to tell google that the urls which sent 404 are now working fine so that google will update it soon before it removes from its database.

    Read the article

  • MySQL Query Cache

    - by BRADINO
    According to MySQL.com the query cache stores the text of a SELECT statement together with the corresponding result that was sent to the client. If an identical statement is received later, the server retrieves the results from the query cache rather than parsing and executing the statement again. The query cache is shared among sessions, so a result set generated by one client can be sent in response to the same query issued by another client. Purely hypothetical example: SELECT `name` FROM `beers` WHERE `favorite` = true To force the database NOT to give you a cached result simply add SQL_NO_CACHE to the query: SELECT SQL_NO_CACHE `name` FROM `beers` WHERE `favorite` = true mysql query cache sql no cache mysql nocache

    Read the article

  • Anti-Forgery Request in ASP.NET MVC and AJAX

    - by Dixin
    Background To secure websites from cross-site request forgery (CSRF, or XSRF) attack, ASP.NET MVC provides an excellent mechanism: The server prints tokens to cookie and inside the form; When the form is submitted to server, token in cookie and token inside the form are sent by the HTTP request; Server validates the tokens. To print tokens to browser, just invoke HtmlHelper.AntiForgeryToken():<% using (Html.BeginForm()) { %> <%: this.Html.AntiForgeryToken(Constants.AntiForgeryTokenSalt)%> <%-- Other fields. --%> <input type="submit" value="Submit" /> <% } %> which writes to token to the form:<form action="..." method="post"> <input name="__RequestVerificationToken" type="hidden" value="J56khgCvbE3bVcsCSZkNVuH9Cclm9SSIT/ywruFsXEgmV8CL2eW5C/gGsQUf/YuP" /> <!-- Other fields. --> <input type="submit" value="Submit" /> </form> and the cookie: __RequestVerificationToken_Lw__=J56khgCvbE3bVcsCSZkNVuH9Cclm9SSIT/ywruFsXEgmV8CL2eW5C/gGsQUf/YuP When the above form is submitted, they are both sent to server. [ValidateAntiForgeryToken] attribute is used to specify the controllers or actions to validate them:[HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult Action(/* ... */) { // ... } This is very productive for form scenarios. But recently, when resolving security vulnerabilities for Web products, I encountered 2 problems: It is expected to add [ValidateAntiForgeryToken] to each controller, but actually I have to add it for each POST actions, which is a little crazy; After anti-forgery validation is turned on for server side, AJAX POST requests will consistently fail. Specify validation on controller (not on each action) Problem For the first problem, usually a controller contains actions for both HTTP GET and HTTP POST requests, and usually validations are expected for HTTP POST requests. So, if the [ValidateAntiForgeryToken] is declared on the controller, the HTTP GET requests become always invalid:[ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public class SomeController : Controller { [HttpGet] public ActionResult Index() // Index page cannot work at all. { // ... } [HttpPost] public ActionResult PostAction1(/* ... */) { // ... } [HttpPost] public ActionResult PostAction2(/* ... */) { // ... } // ... } If user sends a HTTP GET request from a link: http://Site/Some/Index, validation definitely fails, because no token is provided. So the result is, [ValidateAntiForgeryToken] attribute must be distributed to each HTTP POST action in the application:public class SomeController : Controller { [HttpGet] public ActionResult Index() // Works. { // ... } [HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult PostAction1(/* ... */) { // ... } [HttpPost] [ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)] public ActionResult PostAction2(/* ... */) { // ... } // ... } Solution To avoid a large number of [ValidateAntiForgeryToken] attributes (one attribute for one HTTP POST action), I created a wrapper class of ValidateAntiForgeryTokenAttribute, where HTTP verbs can be specified:[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class ValidateAntiForgeryTokenWrapperAttribute : FilterAttribute, IAuthorizationFilter { private readonly ValidateAntiForgeryTokenAttribute _validator; private readonly AcceptVerbsAttribute _verbs; public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs) : this(verbs, null) { } public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs, string salt) { this._verbs = new AcceptVerbsAttribute(verbs); this._validator = new ValidateAntiForgeryTokenAttribute() { Salt = salt }; } public void OnAuthorization(AuthorizationContext filterContext) { string httpMethodOverride = filterContext.HttpContext.Request.GetHttpMethodOverride(); if (this._verbs.Verbs.Contains(httpMethodOverride, StringComparer.OrdinalIgnoreCase)) { this._validator.OnAuthorization(filterContext); } } } When this attribute is declared on controller, only HTTP requests with the specified verbs are validated:[ValidateAntiForgeryTokenWrapper(HttpVerbs.Post, Constants.AntiForgeryTokenSalt)] public class SomeController : Controller { // Actions for HTTP GET requests are not affected. // Only HTTP POST requests are validated. } Now one single attribute on controller turns on validation for all HTTP POST actions. Submit token via AJAX Problem For AJAX scenarios, when request is sent by JavaScript instead of form:$.post(url, { productName: "Tofu", categoryId: 1 // Token is not posted. }, callback); This kind of AJAX POST requests will always be invalid, because server side code cannot see the token in the posted data. Solution The token must be printed to browser then submitted back to server. So first of all, HtmlHelper.AntiForgeryToken() must be called in the page where the AJAX POST will be sent. Then jQuery must find the printed token in the page, and post it:$.post(url, { productName: "Tofu", categoryId: 1, __RequestVerificationToken: getToken() // Token is posted. }, callback); To be reusable, this can be encapsulated in a tiny jQuery plugin:(function ($) { $.getAntiForgeryToken = function () { // HtmlHelper.AntiForgeryToken() must be invoked to print the token. return $("input[type='hidden'][name='__RequestVerificationToken']").val(); }; var addToken = function (data) { // Converts data if not already a string. if (data && typeof data !== "string") { data = $.param(data); } data = data ? data + "&" : ""; return data + "__RequestVerificationToken=" + encodeURIComponent($.getAntiForgeryToken()); }; $.postAntiForgery = function (url, data, callback, type) { return $.post(url, addToken(data), callback, type); }; $.ajaxAntiForgery = function (settings) { settings.data = addToken(settings.data); return $.ajax(settings); }; })(jQuery); Then in the application just replace $.post() invocation with $.postAntiForgery(), and replace $.ajax() instead of $.ajaxAntiForgery():$.postAntiForgery(url, { productName: "Tofu", categoryId: 1 }, callback); // Token is posted. This solution looks hard coded and stupid. If you have more elegant solution, please do tell me.

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >