Search Results

Search found 1397 results on 56 pages for 'cookies'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 28/56 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Authorizing a computer to access a web application

    - by HackedByChinese
    I have a web application, and am tasked with adding secure sign-on to bolster security, akin to what Google has added to Google accounts. Use Case Essentially, when a user logs in, we want to detect if the user has previously authorized this computer. If the computer has not been authorized, the user is sent a one-time password (via email, SMS, or phone call) that they must enter, where the user may choose to remember this computer. In the web application, we will track authorized devices, allowing users to see when/where they logged in from that device last, and deauthorize any devices if they so choose. We require a solution that is very light touch (meaning, requiring no client-side software installation), and works with Safari, Chrome, Firefox, and IE 7+ (unfortunately). We will offer x509 security, which provides adequate security, but we still need a solution for customers that can't or won't use x509. My intention is to store authorization information using cookies (or, potentially, using local storage, degrading to flash cookies, and then normal cookies). At First Blush Track two separate values (local data or cookies): a hash representing a secure sign-on token, as well as a device token. Both values are driven (and recorded) by the web application, and dictated to the client. The SSO token is dependent on the device as well as a sequence number. This effectively allows devices to be deauthorized (all SSO tokens become invalid) and mitigates replay (not effectively, though, which is why I'm asking this question) through the use of a sequence number, and uses a nonce. Problem With this solution, it's possible for someone to just copy the SSO and device tokens and use in another request. While the sequence number will help me detect such an abuse and thus deauthorize the device, the detection and response can only happen after the valid device and malicious request both attempt access, which is ample time for damage to be done. I feel like using HMAC would be better. Track the device, the sequence, create a nonce, timestamp, and hash with a private key, then send the hash plus those values as plain text. Server does the same (in addition to validating the device and sequence) and compares. That seems much easier, and much more reliable.... assuming we can securely negotiate, exchange, and store private keys. Question So then, how can I securely negotiate a private key for authorized device, and then securely store that key? Is it more possible, at least, if I settle for storing the private key using local storage or flash cookies and just say it's "good enough"? Or, is there something I can do to my original draft to mitigate the vulnerability I describe?

    Read the article

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • How can i maintain last cookie value in flex with jsp?

    - by praveen
    Hi All, my login form in flex when I login I have created a cookie in jsp like this name setValueCookie.jsp <%@ page language="java" import="java.util.* , javax.net.*" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <% String username = request.getParameter("value"); System.out.println("Email got in cookieSet = " + username); if(username==null) username=""; Date now = new Date(); String timestamp = now.toString(); Cookie cookie = new Cookie("username",username); cookie.setMaxAge(365 * 24 * 60 * 60); response.addCookie(cookie); %> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>DashBoard-Cookie</title> </head> <body> </body> </html> now using Http service request parameter i am passing username 'Value' to this jsp. and i am reading cookie value from getValueCookie.jsp like this <% String cookieName = "username"; Cookie cookies [] = request.getCookies (); Cookie myCookie = null; String result; if (cookies != null) { for (int i = 0; i < cookies.length; i++) { if (cookies [i].getName().equals (cookieName)) { myCookie = cookies[i]; break; } } } %> <data> <status><%=myCookie.getValue().toString()%></status> </data> through the httpservice value i am getting but if i open a new window or any new tab cookie value is not getting how can i solve this? Thanks in advance.

    Read the article

  • Javascript - undefined cookie value?

    - by Computeras
    Try running the code, I know the problem is in the 1. part. Thanks in advance, P.S. I'm a newbie in JS. <html> <head> <script> { //1. part var Cookies = ""; function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function eraseCookie(name) { createCookie(name,"",-1); } //2. part function saveIt(name) { var x = document.forms['cookieform'].cookievalue.value; if (!x) alert('Please fill in a value in the input box.'); else { Cookies.create(name,x,7); alert('Cookie created'); } } function readIt(name) { alert('The value of the cookie is ' + Cookies[name]); } function eraseIt(name) { Cookies.erase(name); alert('Cookie erased'); } function init() { for (var i=1;i<3;i++) { var x = Cookies['ppkcookie' + i]; if (x) alert('Cookie ppkcookie' + i + '\nthat you set on a previous visit, is still active.\nIts value is ' + x); } } } </script> <body> <form name = "forma"> <input type = "text" name = "cookievalue"> <input type = "button" value = "Spremi" onClick = "saveIt('ppkcookie1')"> <input type = "button" value = "Ispisi" onClick = "readIt('ppkcookie1')"> </form> </body> </html>

    Read the article

  • Session and Pop Up Window

    - by imran_ku07
     Introduction :        Session is the secure state management. It allows the user to store their information in one page and access in another page. Also it is so much powerful that store any type of object. Every user's session is identified by their cookie, which client presents to server. But unfortunately when you open a new pop up window, this cookie is not post to server with request, due to which server is unable to identify the session data for current user.         In this Article i will show you how to handle this situation,  Description :         During working in a application, i was getting an Exception saying that Session is null, when a pop window opens. After seeing the problem more closely i found that ASP.NET_SessionId cookie for parent page is not post in cookie header of child (popup) window.         Therefore for making session present in both parent and child (popup) window, you have to present same cookie. For cookie sharing i passed parent SessionID in query string,   window.open('http://abc.com/s.aspx?SASID=" & Session.SessionID &','V');           and in Application_PostMapRequestHandler application Event, check if the current request has no ASP.NET_SessionId cookie and SASID query string is not null then add this cookie to Request before Session is acquired, so that Session data remain same for both parent and popup window.    Private Sub Application_PostMapRequestHandler(ByVal sender As Object, ByVal e As EventArgs)           If (Request.Cookies("ASP.NET_SessionId") Is Nothing) AndAlso (Request.QueryString("SASID") IsNot Nothing) Then               Request.Cookies.Add(New HttpCookie("ASP.NET_SessionId", Request.QueryString("SASID")))           End If       End Sub           Now access Session in your parent and child window without any problem. How this works :          ASP.NET (both Web Form or MVC) uses a cookie (ASP.NET_SessionId) to identify the user who is requesting. Cookies are may be persistent (saved permanently in user cookies ) or non-persistent (saved temporary in browser memory). ASP.NET_SessionId cookie saved as non-persistent. This means that if the user closes the browser, the cookie is immediately removed. This is a sensible step that ensures security. That's why ASP.NET unable to identify that the request is coming from the same user. Therefore every browser instance get it's own ASP.NET_SessionId. To resolve this you need to present the same parent ASP.NET_SessionId cookie to the server when open a popup window.           You can confirm this situation by using some tools like Firebug, Fiddler,  Summary :          Hopefully you will enjoy after reading this article, by seeing that how to workaround the problem of sharing Session between different browser instances by sharing their Session identifier Cookie.

    Read the article

  • SmartGWT TreeGrid Selection

    - by wonderbread988
    I have a SmartGWT webapp that uses a TreeGrid with a dataSource. I would like this treeGrid to preselect values saved in a cookie. I have gotten the value to be saved in the cookie correctly, however I have tried several different methods of getting the treeGrid to select these values and I can not get it to work. I am attempting to do this in the onmoduleLoad method in my entry point. I have tried: Cookies.setCookie( "selectedUnit", TreeGrid.getSelectedPaths() ) to set the cookie and then when the page is reloaded: TreeGrid.setSelectedPaths( Cookies.getCookie("selectedUnit" ) When I could not get that to work, I tried storing just the id of the item selected: Cookies.setCookies( "selectedUnit", TreeGrid.getSelected().getAttribute("id") ) and then onLoad attempting to find that record and select it: TreeGrid.selectRecord( TreeGrid.getTree().find("id", Cookies.getCookie("selectedUnit") ) ) This did not work either, so finally I tried storing TreeGrid.getSelectedState() and upon retrieving that value form the cookie onLoad, passing it to TreeGrid.setSelectedState() similar to my first attempt, but passing state instead of path. I could not get any of these things to work. Can I not tell the TreeGrid to select an item in the 'OnmoduleLoad' method? Is this action only valid after the TreeGrid has been drawn? If that is the case where and how can I do this? Thank you in advance for any help you can give.

    Read the article

  • iphone bookmarklet cookie persistence

    - by Larry Davis
    I have an iphone (jqtouch based) web app that uses cookies for authentication. The use flow is as follows : user goes to the mobile landing page and is instructed to save the page as a bookmarklet on their home page. they launch the bookmarklet to go to a login page to login and get a cookie. the cookie works and they can navigate throughout the web site. However this session cookie is not persistent. If they leave safari and then restart using the saved bookmarklet, the cookies set during their previous session are gone. Just using safari (ie: launch safari directly rather than through the bookmarklet) to navigate the pages works fine (ie: start safari, go to url, do login, restart safari, go back to url). I find that that the cookies that were active when the bookmarklet was created are persistent but any cookies set during the session when safari is accessed through the bookmarklet are not persistent. I'm wondering if this is a safari/iphone issue and/or if there is any way around this. Many thanks for any insight you can provide.

    Read the article

  • IE error on jquery Line 4618

    - by eo
    I am trying to save some css information into cookies with the below jquery script. Everything is perfectly fine for Firefox however IE throws an error on jquery Line 4618, whenever i include this file jQuery(document).ready(function() { // cookie period var days = 365; // load positions and z-index from cookies $("div[id*='tqitem']").each( function( index ){ $(this).css( "left", $.cookie( "im_" + $(this).attr("id") + "_left") ); $(this).css( "top", $.cookie( "im_" + this.id + "_top") ); $(this).css( "zIndex", $.cookie( "tqz_" + this.id + "_zIndex") ); }); // bind event $(".pagenumbers").draggable({cursor: "move"}); $("div[id*='tqitem']").bind('dragstop', savePos); $("div[id*='tqitem']").bind('dragstop', savePot); // save positions into cookies function savePos( event, ui ){ $.cookie("im_" + $(this).attr("id") + "_left", $(this).css("left"), { path: '/', expires: days }); $.cookie("im_" + this.id + "_top", $(this).css("top"), { path: '/', expires: days }); $.cookie("im_" + this.id + "_zIndex", $(this).css("zIndex"), { path: '/', expires: days }); }; var thiss = $("div[id*='tqitem']"); function savePot(){ $("div[id*='tqitem']").each(function (i) { $.cookie("tqz_" + $(this).attr("id") + "_zIndex", $(this).css("zIndex"), { path: '/', expires: days }); }) }; }); /*ADDITIONAL INFO: SCRIPT HIERARCHY Jquery itself Jquery ui Jquery cookie plugin Save cookies js no matter how i ordered them the result did not change*/

    Read the article

  • Login Website, curious Cookie Problem

    - by Collin Peters
    Hello, Language: C# Development Environment: Visual Studio 2008 Sorry if the english is not perfect. I want to login to a Website and get some Data from there. My Problem is that the Cookies does not work. Everytime the Website says that I should activate Cookies but i activated the Cookies trough a Cookiecontainer. I sniffed the traffic serveral times for the login progress and I see no problem there. I tried different methods to login and I have searched if someone else have this Problem but no results... Login Page is: "www.uploaded.to", Here is my Code to Login in Short Form: private void login() { //Global CookieContainer for all the Cookies CookieContainer _cookieContainer = new CookieContainer(); //First Login to the Website HttpWebRequest _request1 = (HttpWebRequest)WebRequest.Create("http://uploaded.to/login"); _request1.Method = "POST"; _request1.CookieContainer = _cookieContainer; string _postData = "email=XXXXX&password=XXXXX"; byte[] _byteArray = Encoding.UTF8.GetBytes(_postData); Stream _reqStream = _request1.GetRequestStream(); _reqStream.Write(_byteArray, 0, _byteArray.Length); _reqStream.Close(); HttpWebResponse _response1 = (HttpWebResponse)_request1.GetResponse(); _response1.Close(); //######################## //Follow the Link from Request1 HttpWebRequest _request2 = (HttpWebRequest)WebRequest.Create("http://uploaded.to/login?coo=1"); _request2.Method = "GET"; _request2.CookieContainer = _cookieContainer; HttpWebResponse _response2 = (HttpWebResponse)_request2.GetResponse(); _response2.Close(); //####################### //Get the Data from the Page after Login HttpWebRequest _request3 = (HttpWebRequest)WebRequest.Create("http://uploaded.to/home"); _request3.Method = "GET"; _request3.CookieContainer = _cookieContainer; HttpWebResponse _response3 = (HttpWebResponse)_request3.GetResponse(); _response3.Close(); } I'm stuck at this problem since many weeks and i found no solution that works, please help...

    Read the article

  • deleting cookie at the end of a process

    - by RyanP13
    Hi, I am using the following plug in for cookies in jQuery: https://code.google.com/p/cookies/ The issue i am having is not with the plugin but when and how to delete the cookie at the end of a quoting process. The site i am using this on is a six step online quote and buy process. There is Omniture event serialisation sitestat tracking applied to some of the pages. This event serialisation has to include the name of the event and a random number of which i create. I have a generic function for this which i call at the bottom of the page like so: serialEvent('event21:', 'payment'); Here is the function: function serialEvent(eventNumber, eventName) { var sessionID = jaaulde.utils.cookies.get('sessionID'); var remLength = 20 - eventName.length; var remSession = sessionID.substr(sessionID.length - remLength, remLength); var eventName = eventName + remSession; s.events = eventNumber + eventName; } I need to delete the cookie at the end of the process, the Thank you page but i also need the cookie 'sessionID' for the 'serialEvent' function. As the function is called at the bottom of the page should i just write the cookie delete after it? Is that robust enough? I need to be sure that the function has successfully been called before the cookie is deleted. The code for deleting the cookie is quite simple: jaaulde.utils.cookies.del('sessionID'); Thanks :)

    Read the article

  • Is my approach for persistent login secure ?

    - by Jay
    I'm very much stuck with the reasonable secure approach to implement 'Remember me' feature in a login system. Here's my approach so far, Please advice me if it makes sense and is reasonably secure: Logging: User provides email and password to login (both are valid).. Get the user_id from DB Table Users by comparing provided email Generate 2 random numbers hashed strings: key1, key2 and store in cookies. In DB Table COOKIES, store key1, key2 along with user_id. To Check login: If key1 and key2 both cookies exist, validate both keys in DB Table COOKIES (if a row with key1, and key2 exists, user is logged). if cookie is valid, regenrate key2 and update it in cookie and also database. Why re-genrating key: Because if someone steals cookie and login with that cookie, it will be working only until the real user login. When the real user will login, the stolen cookie will become invalid. Right? Why do I need 2 keys: Because if i store user_id and single key in cookie and database, and the user want to remember the password on another browser, or computer, then the new key will be updated in database, so the user's cookie in earlier browser/PC will become invalid. User wont be able to remember password on more than one place. Thanks for your opinions.

    Read the article

  • Optimize php-fpm and varnish for a powerfull server

    - by Jim
    My setup is: Intel® Core™ i7-2600 and RAM 16 GB DDR3 RAM varnish+nginx+php-fpm+apc for a not very heavy WordPress blog with W3 Total Cache and CDN My problem is that after 55 hits per second according to blitz.io varnish starts giving out timeouts. CPU usage at this time is hardly 1%. Free memory at all time remains 10GB+. I tried benchmarking php-fpm directly with result of 150hits/s without any timeouts. But after that the CPU usage goes 100% and it stops responding. Can you help me optimize it to handle more? As i understand nginx has nothing to do over here so i dont put its config. php-fpm config listen = /tmp/php5-fpm.sock listen.allowed_clients = 127.0.0.1 user = nginx group = nginx pm = dynamic pm.max_children = 150 pm.start_servers = 7 pm.min_spare_servers = 2 pm.max_spare_servers = 15 pm.max_requests = 500 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on apc extension = apc.so apc.enabled=1 apc.shm_size=512MB apc.num_files_hint=0 apc.user_entries_hint=0 apc.ttl=7200 apc.use_request_time=1 apc.user_ttl=7200 apc.gc_ttl=3600 apc.cache_by_default=1 apc.filters apc.mmap_file_mask=/tmp/apc.XXXXXX apc.file_update_protection=2 apc.enable_cli=0 apc.max_file_size=1M apc.stat=1 apc.stat_ctime=0 apc.canonicalize=0 apc.write_lock=1 apc.report_autofilter=0 apc.rfc1867=0 apc.rfc1867_prefix =upload_ apc.rfc1867_name=APC_UPLOAD_PROGRESS apc.rfc1867_freq=0 apc.rfc1867_ttl=3600 apc.include_once_override=0 apc.lazy_classes=0 apc.lazy_functions=0 apc.coredump_unmap=0 apc.file_md5=0 apc.preload_path Varnish VCL backend default { .host = "127.0.0.1"; .port = "8080"; .connect_timeout = 6s; .first_byte_timeout = 6s; .between_bytes_timeout = 60s; } acl purgehosts { "localhost"; "127.0.0.1"; } # Called after a document has been successfully retrieved from the backend. sub vcl_fetch { # Uncomment to make the default cache "time to live" is 5 minutes, handy # but it may cache stale pages unless purged. (TODO) # By default Varnish will use the headers sent to it by Apache (the backend server) # to figure out the correct TTL. # WP Super Cache sends a TTL of 3 seconds, set in wp-content/cache/.htaccess set beresp.ttl = 24h; # Strip cookies for static files and set a long cache expiry time. if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") { unset beresp.http.set-cookie; set beresp.ttl = 24h; } # If WordPress cookies found then page is not cacheable if (req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)") { # set beresp.cacheable = false;#versions less than 3 #beresp.ttl>0 is cacheable so 0 will not be cached set beresp.ttl = 0s; } else { #set beresp.cacheable = true; set beresp.ttl=24h;#cache for 24hrs } # Varnish determined the object was not cacheable #if ttl is not > 0 seconds then it is cachebale if (!beresp.ttl > 0s) { # set beresp.http.X-Cacheable = "NO:Not Cacheable"; } else if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) { # You don't wish to cache content for logged in users set beresp.http.X-Cacheable = "NO:Got Session"; return(hit_for_pass); #previously just pass but changed in v3+ } else if ( beresp.http.Cache-Control ~ "private") { # You are respecting the Cache-Control=private header from the backend set beresp.http.X-Cacheable = "NO:Cache-Control=private"; return(hit_for_pass); } else if ( beresp.ttl < 1s ) { # You are extending the lifetime of the object artificially set beresp.ttl = 300s; set beresp.grace = 300s; set beresp.http.X-Cacheable = "YES:Forced"; } else { # Varnish determined the object was cacheable set beresp.http.X-Cacheable = "YES"; if (beresp.status == 404 || beresp.status >= 500) { set beresp.ttl = 0s; } # Deliver the content return(deliver); } sub vcl_hash { # Each cached page has to be identified by a key that unlocks it. # Add the browser cookie only if a WordPress cookie found. if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) { #set req.hash += req.http.Cookie; hash_data(req.http.Cookie); } } # vcl_recv is called whenever a request is received sub vcl_recv { # remove ?ver=xxxxx strings from urls so css and js files are cached. # Watch out when upgrading WordPress, need to restart Varnish or flush cache. set req.url = regsub(req.url, "\?ver=.*$", ""); # Remove "replytocom" from requests to make caching better. set req.url = regsub(req.url, "\?replytocom=.*$", ""); remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; # Exclude this site because it breaks if cached if ( req.http.host == "sr.ituts.gr" ) { return( pass ); } # Serve objects up to 2 minutes past their expiry if the backend is slow to respond. set req.grace = 120s; # Strip cookies for static files: if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") { unset req.http.Cookie; return(lookup); } # Remove has_js and Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # Remove empty cookies. if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; } if (req.request == "PURGE") { if (!client.ip ~ purgehosts) { error 405 "Not allowed."; } #previous version ban() was purge() ban("req.url ~ " + req.url + " && req.http.host == " + req.http.host); error 200 "Purged."; } # Pass anything other than GET and HEAD directly. if (req.request != "GET" && req.request != "HEAD") { return( pass ); } /* We only deal with GET and HEAD by default */ # remove cookies for comments cookie to make caching better. set req.http.cookie = regsub(req.http.cookie, "1231111111111111122222222333333=[^;]+(; )?", ""); # never cache the admin pages, or the server-status page, or your feed? you may want to..i don't if (req.request == "GET" && (req.url ~ "(wp-admin|bb-admin|server-status|feed)")) { return(pipe); } # don't cache authenticated sessions if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") { return(lookup); } # don't cache ajax requests if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~ "(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)") { return (pass); } return( lookup ); } Varnish Daemon options DAEMON_OPTS="-a :80 \ -T 127.0.0.1:6082 \ -f /etc/varnish/ituts.vcl \ -u varnish -g varnish \ -S /etc/varnish/secret \ -p thread_pool_add_delay=2 \ -p thread_pools=8 \ -p thread_pool_min=100 \ -p thread_pool_max=1000 \ -p session_linger=50 \ -p session_max=150000 \ -p sess_workspace=262144 \ -s malloc,5G" Im not sure where to start, should i for start optimize php-fpm and then go to varnish or php-fpm is at its max right now so i should start looking for the problem in varnish?

    Read the article

  • Windows LiveID "Couldn't sign you out" error at sign-out

    - by Jason
    I'm implementing LiveID authentication on my website. I've done it before, but not on this particular platform, MojoPortal. The sign-in works properly, but when I attempt to sign-out, I get the error message quoted below. My browser is not blocking cookies. I get the same message when logging in to and out of, say, MSDN with a LiveID too now. I can't figure out if there's something about my site's programming that is interfering with the sign-out process of LiveID (since I believe that all (recent?) websites get sent a sign-out command) OR if live.com is just having issues lately and this is a coincidence. Couldn't sign you out We couldn't sign you out because your browser is blocking cookies. To sign out, close all of your browser windows. To keep this from happening again, change your browser's settings to allow cookies. If you don't know how to do that, see your browser's help.

    Read the article

  • Best practice for assigning A/B test variation based on IP address

    - by mojones
    I am starting to write some code for A/B testing in a Grails web application. I want to ensure that requests from the same IP address always see the same variation. Rather than store a map of IP-variant, is it OK to simply turn the IP address into an integer by removing the dots, then use that as the seed for a random number generator? The following is taking place in a Grails Filter: def ip = request.remoteAddr def random = new Random(ip.replaceAll(/\./, '').toInteger()) def value = random.nextBoolean() session.assignment = value // value should always be the same for a given IP address I know that identifying users by IP address is not reliable, and I will be using session variables/cookies as well, but this seems to be useful for the case where we have a new session, and no cookies set (or the user has cookies disabled).

    Read the article

  • Why is this HTTP request continually looping?

    - by alex
    I'm probably overlooking something really obvious here. Comments are in to help explain any library specific code. public function areCookiesEnabled() { $random = 'cx67ds'; // set cookie cookie::set('test_cookie', $random); // try and get cookie, if not set to false $testCookie = cookie::get('test_cookie', false); $cookiesAppend = '?cookies=false'; // were we able to get the cookie equal ? $cookiesEnabled = ($testCookie === $random); // if $_GET['cookies'] === false , etc try and remove $_GET portion if ($this->input->get('cookies', false) === 'false' AND $cookiesEnabled) { url::redirect(str_replace($cookiesAppend, '', url::current())); // redirect return false; } // all else fails, add a $_GET[] if ( ! $cookiesEnabled) { url::redirect(url::current().$cookiesAppend); } return $cookiesEnabled; }

    Read the article

  • Simulating a cookie-enabled browser in PHP

    - by Itamar Benzaken
    How can I open a web-page and receive its cookies using PHP? The motivation: I am trying to use feed43 to create an RSS feed from the non-RSS-enabled HighLearn website (remote learning website). I found the web-page that contains the feed contents I need to parse, however, it requires to login first. Luckily, logging in can be done via a GET request so it's as easy as fopen()ing "http://highlearn.website/login_page.asp?userID=foo&password=bar" for example. But I still need to get the cookies generated when I logged in, pass the cookies to the real client (using setcookie() maybe?) and then redirect.

    Read the article

  • curl cookie problem in PHP

    - by safaali
    hi as my client needs, I developed a code to login via cURl. login to www.web1.com and store cookies in cookie.txt go to www.web2.com and browse a page using that cookie.txt no problem with www.web2.com so when i want to do this with www.web3.com, the problem appears. the www.web3.com uses session and cookies itself and I have to gather and use them. it means I should have tow series of cookies, first those from www.web1.com , and second those from www.web3.com , then request the www.web3.com/somepage how I can do that?

    Read the article

  • Linq to SQL - How to compare against a collection in the where clause?

    - by Sgraffite
    I'd like to compare against an IEnumerable collection in my where clause. Do I need to manually loop through the collection to pull out the column I want to compare against, or is there a generic way to handle this? I want something like this: public IEnumerable<Cookie> GetCookiesForUsers(IEnumerable<User> Users) { var cookies = from c in db.Cookies join uc in db.UserCookies on c.CookieID equals uc.CookieID join u in db.Users on uc.UserID equals u.UserID where u.UserID.Equals(Users.UserID) select c; return cookies.ToList(); } I'm used to using the lambda Linq to SQL syntax, but I decided to try the SQLesque syntax since I was using joins this time. What is a good way to do this?

    Read the article

  • Play Majesty: The Fantasy Kingdom Sim on your Java ME phone

    - by hinkmond
    Here's a game that started on on the iDrone, then Anphoid, and now finally on Java ME tech-enabled mobile phones (thank goodness!). See: Majesty: Fantasy Kingdom Here's a quote: When you become the head of the country all the responsibility for the land's prosperity rests on your royal shoulders. You will have to fight various enemies and monsters, explore new territories, manage economic and scientific developments and solve a heap of unusual and unexpected tasks. For example, what will you do when all the gold in the kingdom transforms into cookies? Sounds like the same as becoming President of the U.S... except for the gold turning into cookies part... and the part about dragons. But, everything else is the same. Hinkmond

    Read the article

  • How To Log Into Multiple Accounts On the Same Website At Once

    - by Chris Hoffman
    If you ever want to sign into two different accounts on the same website at once – say, to have multiple Gmail inboxes open next to each other – you can’t just open a new tab or browser window. Websites store your login state in browser-specific cookies. There are a number of ways you can get another browser window with its own cookies and stay logged into multiple accounts at once. HTG Explains: What is the Windows Page File and Should You Disable It? How To Get a Better Wireless Signal and Reduce Wireless Network Interference How To Troubleshoot Internet Connection Problems

    Read the article

  • Pretty URL in ADF Faces of JDeveloper 11.1.2.2

    - by Frank Nimphius
    Many features planned for Oracle JDeveloper 12c find their way into current releases of Oracle JDeveloper 11g R1 and JDeveloper 11g R2. One example of such a feature is "pretty URL" - or "clean URL" as the Oracle JDeveloper 11g R2 (11.1.2.2) documentation puts it. "A.2.3.24 Clean URLs Historically, ADF Faces has used URL parameters to hold information, such as window IDs and state. However, URL parameters can prevent search engines from recognizing when URLs are actually the same, and therefore interfere with analytics. URL parameters can also interfere with bookmarking. By default, ADF Faces removes URL parameters using the HTML5 History Management API. If that API is unavailable, then session cookies are used.You can also manually configure how URL parameters are removed using the context parameter oracle.adf.view.rich.prettyURL.OPTIONS. Set the parameter to off so that no parameters are removed. Set the parameter to useHistoryApi to only use the HTML5 History Management API. If a browser does not support this API, then no parameters will be removed. Set the parameter to useCookies to use session cookies to remove parameters. If the browser does not support cookies, then no parameters will be removed." See: http://docs.oracle.com/cd/E26098_01/web.1112/e16181/ap_config.htm#ADFUI12856 So basically, what this part in the documentation says is: In JDeveloper 11g R2 (11.1.2.2), Oracle ADF Faces automatically removes its internally used dynamic parameters from the URL You can influence the setting with the prettyURL.OPTIONS context option, which however is not recommended you to do because the default behavior is able to detect if the browser client supports HTML 5 History management or not. In the latter case it the uses a session cookie and if this doesn't work, falls back to the "old" URL parameter adding. The information that is not so explicit and clearly mentioned in the documentation is that this is only for ADF Faces parameters (such as _afrLoop, Adf-Window-Id, etc.), but not the ADF controller token (_adf.ctrl-state)! Removing the ADF controller token is an enhancement request that will be implemented in Oracle JDeveloper 12c

    Read the article

  • Questions about identifying the components in MVC

    - by luiscubal
    I'm currently developing an client-server application in node.js, Express, mustache and MySQL. However, I believe this question should be mostly language and framework agnostic. This is the first time I'm doing a real MVC application and I'm having trouble deciding exactly what means each component. (I've done web applications that could perhaps be called MVC before, but I wouldn't confidently refer to them as such) I have a server.js that ties the whole application together. It does initialization of all other components (including the database connection, and what I think are the "models" and the "views"), receiving HTTP requests and deciding which "views" to use. Does this mean that my server.js file is the controller? Or am I mixing code that doesn't belong there? What components should I break the server.js file into? Some examples of code that's in the server.js file: var connection = mysql.createConnection({ host : 'localhost', user : 'root', password : 'sqlrevenge', database : 'blog' }); //... app.get("/login", function (req, res) { //Function handles a GET request for login forms if (process.env.NODE_ENV == 'DEVELOPMENT') { mu.clearCache(); } session.session_from_request(connection, req, function (err, session) { if (err) { console.log('index.js session error', err); session = null; } login_view.html(res, user_model, post_model, session, mu); //I named my view functions "html" for the case I might want to add other output types (such as a JSON API), or should I opt for completely separate views then? }); }); I have another file that belongs named session.js. It receives a cookies object, reads the stored data to decide if it's a valid user session or not. It also includes a function named login that does change the value of cookies. First, I thought it would be part of the controller, since it kind of dealt with user input and supplied data to the models. Then, I thought that maybe it was a model since it dealt with the application data/database and the data it supplies is used by views. Now, I'm even wondering if it could be considered a View, since it outputs data (cookies are part of HTTP headers, which are output)

    Read the article

  • Find Out Which Websites are Tracking You Across the Web

    - by Taylor Gibb
    Have you ever wondered where the websites you visit send your information? Well, if you have, read on to find out about this new extension from Mozilla that will tell you how you are tracked across websites. Editor’s Note: Most websites use cookies of some type, and all online advertisers do, including the advertisers on this site. You’re welcome to block cookies if that’s a worry. How to Banish Duplicate Photos with VisiPic How to Make Your Laptop Choose a Wired Connection Instead of Wireless HTG Explains: What Is Two-Factor Authentication and Should I Be Using It?

    Read the article

  • How ad retargeting works?

    - by Bojan Babic
    Recently, I read that Facebook ads are moving towards retargeting and got interested deeper into subject. Essentially, retargeting is technique advertisers use that tracks purchase intent by putting cookies into your browser and when you visit another website within ad network you will see ad for item you "wanted to buy". In order this to for, both publisher and advertiser need to work together. Publisher needs add couple of lines of javascript and publisher need to be able to read this info across sites. In most cases, javascript inserts iframe from adnetwork domain. Iframe script sets cookies for both host domain and remote adnetwork domain. However, Same Origin policy do not let iframes read/set content from parent domain. Is there something I'm missing here? Can someone explain how this technique actually works?

    Read the article

  • session persisting problem after system restart

    - by user100124
    Is there a way to prevent session id restore on startup/restart of user's system? We are using a asp.net app and I am able to login and access the site. For the first time session id is created and stored in cookies. Problem: But if I restart my system without signing out, the session is still alive. How can I prevent this? from server side. I can try to delete cookies but it is not practical, as each user will have different preferences.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >