Search Results

Search found 9490 results on 380 pages for 'session hijacking'.

Page 3/380 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Log session and session changes of a asp.net web user

    - by Johan Wikström
    This is going to be a quite broad question, and any suggestions, examples, links are very welcome! I'm looking for a good way to log my users session, and actions on the site up to a certain point. The site in question is a site for doing bookings. The users start with doing a search, doing a few steps of data gathering and selections and end up with a booking. So what I need to implement is some kind of logging of the current session variables at each step the user takes. And perhaps some other valid information. Logging should preferably be done to the a database. At the end i would like to associate all these session with a booking reference. The goal is to later if something goes wrong with the booking or we need to investigate a situation have all information we need. I understand log4net is a popular choice for logging, and used it a bit myself for simple purposes, but can not find any good examples regarding my situation. This should be a common situation, i'm curious how others do it.

    Read the article

  • Text reverses on remote gnome session

    - by Andrew Stern
    I have two computers running 10.4 . The first machine is a wired desktop with sshd. The second is a wifi connected laptop with the ssh client. When I use my laptop to bring up a remote gnome session to my desktop all the text gets reversed. Steps: 1) login as a user on the laptop to activate the wifi with a stored key. 2) goto a console Ctrl-Alt F1 3) do a xterm -- :1 to bring up a blank graphic session 4) ssh -Y user@desktopmachine gnome-session This shows reversed text and messes up the keyboard so I can't type

    Read the article

  • Autostart desktop applications without session login

    - by derekcentrico
    I understand the idea of startup applications when starting a session (ie How do I start a program automatically when I boot?). However, I'm trying to have desktop applications for multiple users start when the computer reboots/starts. Some apps I'm aiming for are Google Music Manager, remote desktop server for each session, etc. How can I either have multiple user sessions launch on boot to get these apps going -or- have them launch some other way for those users? Right now I have my primary user automatically login to start its session and related apps...

    Read the article

  • Moving from a traditional in memory Java session to persistent storage sessions

    - by Benju
    We have decided to take the plunge and move from using a typical java session provider in Tomcat/Jetty/etc to persisting everything to a central datastore. We are looking at using MongoDB for this. A few options come to mind... http://wiki.eclipse.org/Jetty/Tutorial/MongoDB_Session_Clustering This is nice because it will "auto-magically" persist our session to a Mongo installation. I am concerned however that we will not have fine grained control of what is happening. https://github.com/mattinsler/com.lowereast.guiceymongo/ GuiceMongo is interesting as it integrates with Guice. Perhaps we could persist everything via this ORM. Has anybody had to deal with this kind of move? It seems that moving from in memory to persistent session storage has a lot of gotchas.

    Read the article

  • session persisting problem after system restart

    - by user100124
    Is there a way to prevent session id restore on startup/restart of user's system? We are using a asp.net app and I am able to login and access the site. For the first time session id is created and stored in cookies. Problem: But if I restart my system without signing out, the session is still alive. How can I prevent this? from server side. I can try to delete cookies but it is not practical, as each user will have different preferences.

    Read the article

  • Session locked, Kubuntu 12.10

    - by user101815
    After leaving my laptop for a while, my Kubuntu session closed. (I'm not sure which of the various timeout criteria caused it.) So I got a screen that said my session was locked and I needed to provide my password to unlock it. That's a nuisance, not a big problem, but I'd like to fix it so timed-out sessions don't lock the session. I assume there's something in System Settings to disable the lockout -- but where? I looked in Power Management and found a setting "Lock screen on resume", but it's unchecked. Is this possibly a bug?

    Read the article

  • Zend_Session: unserialize session data

    - by takeshin
    I'm using session SaveHandler to persist session data in the database. Sample session_data column from the database: Messenger|a:1:{s:13:"page_messages";a:0:{}}userSession|a:1:{s:7:"referer";s:32:"http://cms.dev/user/profile/view";}Zend_Auth|a:1:{s:7:"storage";O:19:"User_Model_Identity":3:{s:2:"id";s:1:"1";s:8:"username";s:13:"administrator";s:4:"slug";s:13:"administrator";}} I want to delete Zend_Auth object from this session data. How can I unserialize those objects and remove object I need? I suspect, that I don't have to write my custom parser, that Zend_Session already has a method to do this. I have tried different combinations of unserialize but it still returns false. I'm using autoloader from ZF 1.10.2 and Doctrine 1.2

    Read the article

  • Changing expiry on ASP.NET's Session State cookie

    - by Charlie Somerville
    I'm using ASP.NET Session State to keep track of logged in users on my site. However, one problem I'm running into is that by default ASP.NET session cookies are set to expire when the browser closes. I've tried setting my own ASP.NET_SessionId cookie and modifying the cookie's expiry using something similar to the following code: Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(1); None of these approaches work, they all set a second cookie with the same name. Is there a way of changing the session cookie's expiry?

    Read the article

  • Increase php session time via .htaccess not working

    - by Ken
    I want to create the session timeout to 6 hours but my browser is still timing out in 1/2 hour. I am on a PLESK server. I updated .htaccess php_value session.gc_maxlifetime 21600 php_value session.cache_expire 21600 php_value session.cookie_lifetime 21600 Here is the relevant PHPinfo: Local Master session.gc_maxlifetime 21600 1440 session.cache_expire 21600 180 session.gc_maxlifetime 21600 1440

    Read the article

  • swfupload session problem destroy session

    - by saquib
    Hello Friends, I have a problem with swfupload. I am passing session_id() like this /upload-file.php?s=189477fcfa1ec7f630e70a09e1e84cae but its not maintaining session and destroying my current session (logging me out) here is code in file upload. <?php if(isset($_GET['s'])) { session_id($_GET['s']); session_start(); require_once 'admin/class/user.php'; $u = new User(); //Check for user logged in if($u->islogged() == FALSE) { header("location: index.php"); exit(); code continue ..... } because am not logged in server redirect me to the index.php this is swfupload debugger window output SWF DEBUG: ----- END SWF DEBUG OUTPUT ---- SWF DEBUG: SWF DEBUG: Event: fileDialogStart : Browsing files. Multi Select. Allowed file types: *.jpg SWF DEBUG: Select Handler: Received the files selected from the dialog. Processing the file list... SWF DEBUG: Event: fileQueued : File ID: SWFUpload_0_0 SWF DEBUG: Event: fileDialogComplete : Finished processing selected files. Files selected: 1. Files Queued: 1 SWF DEBUG: StartUpload: First file in queue SWF DEBUG: Event: uploadStart : File ID: SWFUpload_0_0 SWF DEBUG: ReturnUploadStart(): File accepted by startUpload event and readied for upload. Starting upload to /upload-file.php?s='189477fcfa1ec7f630e70a09e1e84cae' for File ID: SWFUpload_0_0 SWF DEBUG: Event: uploadProgress (OPEN): File ID: SWFUpload_0_0 SWF DEBUG: Event: uploadProgress: File ID: SWFUpload_0_0. Bytes: 317793. Total: 317793 SWF DEBUG: Event: uploadError: HTTP ERROR : File ID: SWFUpload_0_0. HTTP Status: 302. SWF DEBUG: Event: uploadComplete : Upload cycle complete. SWF DEBUG: StartUpload: First file in queue SWF DEBUG: StartUpload(): No files found in the queue.

    Read the article

  • Enabling Session State in SharePoint 2010?

    - by Steve Danner
    I have a web service built for SharePoint 2007 that I am trying to port to SharePoint 2010. This web service is dependent on session state to function properly, but so far, I have been enable to get session state to work at all in SharePoint 2010. This web service runs as its own web application under t he /_vti_bin virtual directory. I have tried all of the following with no luck: Ensured the "State Service" service application is running. Added the System.Web.SessionState.SessionStateModule http module to my application's web.config file. Added the System.Web.SessionState.SessionStateModule http module to my SharePoint root web.config file. Added <pages enableSessionState="true" /> to my application's web.config file. Added <pages enableSessionState="true" /> to my root web.config file. Additional Environment info: Visual Studio 2008 - SP1 .NET 3.5 - SP1 SharePoint 2010 - RC Windows Server 2008 R2 ASMX web service (not WCF) Had anyone had any luck getting a web application or web service to use session state in SharePoint 2010 yet? Thanks! Steve

    Read the article

  • ASP.NET: Large number of Session_Start with same session id

    - by Jaap
    I'm running a ASP.NET website on my development box (.NET 2.0 on Vista/IIS7). The Session_Start method in global.asax.cs logs every call to a file (log4net). The Session_End method also logs every call. I'm using InProc session state, and set the session timeout to 5 mins (to avoid waiting for 20 mins). I hit the website, wait for 5 minutes unit I see the Session_End logging. Then I F5 the website. The browsers still has the session cookie and sends it to the server. Session_Start is called and a new session is created using the same session id (btw: I need this to be the same session id, because it is used to store data in database). Result: Every time I hit F5 on a previously ended session, the Session_Start method is called. When I open a different browser, the Session_Start method is called just once. Then after 5 minutes the Session_End each F5 causes the Session_Start method to execute. Can anyone explain why this is happening? Update: After the Session timeout, all subsequent requests have a session start & session end. So in the end my question is: why are the sessions on these subsequent request closed immediatly? 2010-02-09 14:49:08,754 INFO Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1 2010-02-09 14:49:08,754 INFO Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET http://localhost:80/js/settings.js 2010-02-09 14:49:08,756 INFO Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq 2010-02-09 14:49:08,760 INFO Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1 2010-02-09 14:49:08,760 INFO Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=core 2010-02-09 14:49:08,761 INFO Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq 2010-02-09 14:49:08,762 INFO Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1 2010-02-09 14:49:08,762 INFO Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /js/package.aspx?name=all 2010-02-09 14:49:08,763 INFO Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq 2010-02-09 14:49:08,763 INFO Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1 2010-02-09 14:49:08,763 INFO Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=rest 2010-02-09 14:49:08,764 INFO Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq 2010-02-09 14:49:08,764 INFO Global.asax[7486] [(null)] - Session started. SID=nzponumvf1hbaniverffp4mq host=127.0.0.1 2010-02-09 14:49:08,765 INFO Global.asax[7486] [nzponumvf1hbaniverffp4mq] - Request start: GET /css/package.aspx?name=vacation 2010-02-09 14:49:08,765 INFO Global.asax[7486] [(null)] - Session ended. SID=nzponumvf1hbaniverffp4mq web.config relevant section: <system.web> <compilation debug="true" /> <sessionState timeout="2" regenerateExpiredSessionId="false" /> </system.web>

    Read the article

  • Is session destory not enough to clean the session

    - by Kamo
    When the user clicks a logout button, I connect to a script that simply does this session_destroy(); session_start(); I thought this would be enough to reset all $_SESSION variables such as $_SESSION['logged'] and $_SESSION['username'] but when I load the page again, it automatically logs me in as if the session is still active.

    Read the article

  • using key/value collection in session

    - by jumpdart
    Question: What is a good datatype to keep in session for a large collection of keys and values to frequently reference and update? Application: Updating an old .NET web app with a million pages and grids to have all the grids maintain their sort. They currently access helper code to format themselves graphically on load and on sort. I figured I could add to that code to check for a key based on the page and grid id in a collection in session to see if it has a previous expression on load. and the on sort update/add its appropriate item in the collection. Thoughts? Dictionary vs NameValueCollection

    Read the article

  • PHP => Alternative to session data?

    - by Armz
    i have a Web Application where Cookies and Session are both important. Since the Web Application is load balanced on different server, i am looking for suggestions to Alternative Store for the Session data that all server will be able to access. Some sessions could live up to severals days. The solutions that come to my mind: - Native PHP Sessions (this is the one i want to stop using) - MySQL Database - Serialize and write to a file (i want to avoid this, for performances) - Memcache (however it could become very big or older data getting knocked out) Thanks in advance!

    Read the article

  • ASP.NET C# Session Variable

    - by SAMIR BHOGAYTA
    You can make changes in the web.config. You can give the location path i.e the pages to whom u want to apply the security. Ex. 1) In first case the page can be accessed by everyone. // Allow ALL users to visit the CreatingUserAccounts.aspx // location path="CreatingUserAccounts.aspx" system.web authorization allow users="*" / /authorization /system.web /location 2) in this case only admin can access the page // Allow ADMIN users to visit the hello.aspx location path="hello.aspx" system.web authorization allow roles="ADMIN' / deny users="*" / /authorization /system.web /location OR On the every page you need to check the authorization according to the page logic ex: On every page call this if (session[loggeduser] !=null) { DataSet dsUser=(DataSet)session[loggeduser]; if (dsUser !=null && dsUser.Tables.Count0 && dsUser.Tables[0] !=null && dsUser.Tables[0].Rows.Count0) { if (dsUser.Table[0].Rows[0]["UserType"]=="SuperAdmin") { //your page logic here } if (dsUser.Table[0].Rows[0]["UserType"]=="Admin") { //your page logic here } } }

    Read the article

  • Classic ASP Session not working in IIS 7 Windows Server 2008 R2 x64

    - by user553361
    Hi, I've been googleing and searching here info about this but so far couldn't find anything relevant to my problem. We have a website currently working on II6 and Windows Server 2003 (x86) without any problem. Now we want to migrate our server to a Virtual Machine with Windows Server 2008 R2 (x64) and IIS7. Out current app is built in Classic ASP and SQL Server (This one located on a 2nd Server but this is staying the way it is now). The website is configured as a WebSite, not a virtual directory. Using DefaultAppPool with 4 applications. Now, the problem I'm getting is with the Sessions, or at least that's what I think since I created a simple hello.asp with this code <% response.write "Hello" response.write Session.SessionID %> And this is giving us this result: Hello error '8002801d' /hello.asp, line 3 ASP Sessions Properties Enable Session State : True Maximum Sessions : 2147483647 New ID On Secure Connection : True Time-out : 20 min This is the log in Event Viewer Warning 24/12/2010 14:03:42 Active Server Pages 9 None FailedReqLog Url http://apps.shocklogic.com:80/hello.asp App Pool DefaultAppPool Authentication anonymous User from token NT AUTHORITY\IUSR Activity ID {00000000-0000-0000-1400-0080000000F8} Site 1 Process 3312 Failure Reason STATUS_CODE Trigger Status 500 Final Status 500 Time Taken 110 msec Would be great if anyone has any ideas. Thanks, Federico

    Read the article

  • FOSS ASP.Net Session Replication Solution?

    - by jsight
    I've been searching (with little success) for a free/opensource session clustering and replication solution for asp.net. I've run across the usual suspects (indexus sharedcache, memcached), however, each has some limitations. Indexus - Very immature, stubbed session interface implementation. Its otherwise a great caching solution, though. Memcached - Little replication/failover support without going to a db backend. Several SF.Net projects - All aborted in the early stages... nothing that appears to have any traction, and one which seems to have gone all commercial. Microsoft Velocity - Not OSS, but seems nice. Unfortunately, I didn't see where CTP1 supported failover, and there is no clear roadmap for this one. I fear that this one could fall off into the ether like many other MS dev projects. I am fairly used to the Java world where it is kind of taken for granted that many solutions to problems such as this will be available from the FOSS world. Are there any suitable alternatives available on the .Net world?

    Read the article

  • How to encrypt session id in cookie?

    - by terrani
    While I was reading about session hijacking articles, i learned that it would be nice to encrypt session id value that is stored in a cookie. As far as I know, when I start a session by calling session_start(), PHP does not encrypt session id value in a cookie. How do I encrypt session id value and then initialize session with it?

    Read the article

  • php sessions not working

    - by Elwhis
    Hey guys, I have a problem, tried to google some sollutions but without success. I am working with wamp2.0 - PHP 5.3, apache 2.2.11 but my sessions are not storing data. I have a page that accepts a parameter, which (simplified version) I wanna store in a session, so I when I come to www.example.com/home.php?sessid=db_session_id the script looks like: session_start(); $sessid = @$_GET['sessid']; if ($sessid) { $_SESSION['sessid'] = $sessid; } var_dump($_SESSION); and outputs: array(1) { [0]=> string(13) "db_session_id" } which is fine, but then, when I go to www.example.com/home.php (without the sessid parameter) the $_SESSION array is empty. I've event tried to comment the $_SESSION['sessid'] = $sessid; line before going to the page without the parameter, but still it didin't work. I've checked the session_id() output and the session id remains the same. Session settings from phpinfo() Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path c:/wamp/tmp c:/wamp/tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 EDIT: $_SESSION and $_COOKIE var dumps right after session_start() Session: array(1) { ["sessid"]=> string(0) "" } Cookie: array(6) { ["ZONEuser"]=> string(10) "3974260089" ["PHPSESSID"]=> string(26) "qhii6udt0cghm4mqilctfk3t44" ["__utmz"]=> string(91) "1.1294313834.54.3.utmcsr=u.cz|utmccn=(referral)|utmcmd=referral|utmcct=/registered/packages" ["__utma"]=> string(48) "1.1931776919.1287349233.1294266869.1294313834.54" ["__utmc"]=> string(1) "1" ["__utmb"]=> string(18) "1.49.10.1294313834" }

    Read the article

  • abandon session in asp.net on browser close..kill session cookie

    - by Tuviah
    So I have a website where I use session start and end events to track and limit open instances of our web application, even on the same computer. On page unload i call a session enabled page method which then called session.abandon. This triggers session end event and clears the session variable but unfortunately does not kill the session cookie!! as a result if other browser instances are open there are problems because their session state just disappeared...and much worse than this when I open the site again with the zombie session still not expired, I get multiple session start and session end events on any subsequent postbacks. This happens on all browsers. so how do I truly kill the session (force the cookie to expire)

    Read the article

  • How do I access a asp.net session variable from APP_CODE??

    - by user313714
    I have seen lots of posts here and elsewhere stating that one can access session variables from app_code. I want to access an already created session. this code errors out because of a null exception. string myFile = HttpContext.Current.Session["UploadedFile"]; this creates a null session variable. System.Web.SessionState.HttpSessionState Session = HttpContext.Current.Session; It looks like I can create a new session variable but not access an already created one. Anyone have any idea what might be giving me problems?

    Read the article

  • Hijacking ASP.NET Sessions

    - by Ricardo Peres
    So, you want to be able to access other user’s session state from the session id, right? Well, I don’t know if you should, but you definitely can do that! Here is an extension method for that purpose. It uses a bit of reflection, which means, it may not work with future versions of .NET (I tested it with .NET 4.0/4.5). 1: public static class HttpApplicationExtensions 2: { 3: private static readonly FieldInfo storeField = typeof(SessionStateModule).GetField("_store", BindingFlags.NonPublic | BindingFlags.Instance); 4:  5: public static ISessionStateItemCollection GetSessionById(this HttpApplication app, String sessionId) 6: { 7: var module = app.Modules["Session"] as SessionStateModule; 8:  9: if (module == null) 10: { 11: return (null); 12: } 13:  14: var provider = storeField.GetValue(module) as SessionStateStoreProviderBase; 15:  16: if (provider == null) 17: { 18: return (null); 19: } 20:  21: Boolean locked; 22: TimeSpan lockAge; 23: Object lockId; 24: SessionStateActions actions; 25:  26: var data = provider.GetItem(HttpContext.Current, sessionId.Trim(), out locked, out lockAge, out lockId, out actions); 27:  28: if (data == null) 29: { 30: return (null); 31: } 32:  33: return (data.Items); 34: } 35: } As you can see, it extends the HttpApplication class, that is because we need to access the modules collection, for the Session module. Use with care!

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >