Search Results

Search found 1397 results on 56 pages for 'cookies'.

Page 30/56 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37 | Next Page >

Discussion - Allowing / blocking user access to pages (Client Side Only!) - Javascript / Jquery

- by Ozaki

TLDR Using plain HTML / Javascript (Client Side) I want to prevent viewing of certain pages. The user will have to type a username and password and depending on that they get access to different pages. Answers can NOT include server side whatsoever It does not matter if they can break it easily. There is no sensitive information etc. Also the target audience will not have access to internet OR probably know what a cookie is... At some point the user will have to type username / password.(I can define the cookie here) Currently I thought of using cookies to set a cookie for each page to say "true" / "false" but that would get messy with so many cookies. Or setting an array within a cookie for each page? I have div field "#Content" which as it looks encompasses all of my content on the page so blocking out content will be as simple as replacing it with ("sorry you don't have access") etc. For Example: $.cookie("Access","page1, page2, page3"{ expires: 1 }); I am looking for anyway to do this does not have to be with cookies. Would be nice to get a discussion of different ways this can be done. So the question is: What do YOU think would be a good way to go about doing this with client side validation?

Read the article
EOFException in ObjectInputStream thrown accessing Servlet. Only for Webstart ?!

- by Houtman

Hi, My app. is started from both the commandline and by using an JNLP file. Im running java version 1.6.0_14 First i had the problem that i created the Buffered input and output streams in incorrect order. Found the solution here at StackOverflow . So starting from the commandline works fine now. But when starting the app using Webstart, it ends here java.io.EOFException at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source) at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source) at java.io.ObjectInputStream.readStreamHeader(Unknown Source) at java.io.ObjectInputStream.<init>(Unknown Source) at <..>remoting.thinclient.RemoteSocketChannel.<init>(RemoteSocketChannel.java:76) I found some posts regarding similar problems; at bugs.sun.com - identifies problem as solved in 6u10(b12)? at ibm.com - identifies cookies problem The latter suggests that there is a problem in Webstart with cookies. It doesn't seem to be acknowledged as a proper java bug though.. Still i am a bit lost in the solution provided regarding the cookies. Can anyone expand on the cookie solution? Many thanks.

Read the article
Ajax request (from .NET) give me unexpected results

- by ironnailpiercethesky

I wanted to learn a little more about web and .NET so i decided to write a program to download binaries, webpages and does a little ajax. The first download site i tried was too easy. So i went against uploading.com. It seemed good, no captcha, some ajax use required, you cant guess all the data, it was perfect. After 2hours of messing around i got frustrated. For the life of me i could not get the ajax response to give me what i was expecting. I decided to use tamper data clear my cookies, click on the entry for the ajax request. Copy the Referer, cookies and postdata and came up with this code. It does not work! I am shocked that copying those fields did not work. I even tried setting the user agent (not in code linked) and it still did not work. Why isnt this POST on the ajax request not giving me the correct file? I notice the JsHttpRequest=12719132559480-xml changes based on time so if you want to run the code you should grab a new snapshot with tamperdata (or at least update that url). I dont see any extra headers in tamper data so does anyone know why i might not be getting the response expected? I know disabling cookies or javascript will make the link 'expired' automatically. I dont think javascript will matter because i got the data from tamperdata at the moment of request so what gives? What am i forgetting or what data am i not submitting properly?

Read the article
Problem in Application_Error in Global.asax

- by mmtemporary

my problem is User.Identity.Name or Request.Url.AbsoluteUri in exception handling is empty when exception email to me. this is Application_Code: void Application_Error(object sender, EventArgs e) { Server.Transfer("~/errors/default.aspx"); } and this is default.aspx code: protected void Page_Load(object sender, EventArgs e) { if (Server.GetLastError() == null) return; Exception ex = Server.GetLastError().GetBaseException(); if (ex == null) return; string message = string.Format("User: ", User.Identity.Name); message += Environment.NewLine; message += string.Format("AbsoluteUri: ", Request.Url.AbsoluteUri); message += Environment.NewLine; message += string.Format("Form: ", Request.Form.ToString()); message += Environment.NewLine; message += string.Format("QueryString: ", Request.QueryString.ToString()); message += Environment.NewLine; HttpBrowserCapabilities browser = Request.Browser; string s = "Browser Capabilities:\n" + "Type = " + browser.Type + "\n" + "Name = " + browser.Browser + "\n" + "Version = " + browser.Version + "\n" + "Platform = " + browser.Platform + "\n" + "Is Crawler = " + browser.Crawler + "\n" + "Supports Cookies = " + browser.Cookies + "\n" + "Supports JavaScript = " + browser.EcmaScriptVersion.ToString() + "\n" + "\n"; message += s; message += Environment.NewLine; message += ex.ToString(); Exception lastException = (Exception)Application["LastException"]; if (lastException == null || lastException.Message != ex.Message) { Application.Lock(); Application["LastException"] = ex; Application.UnLock(); SiteHelper.SendEmail(SiteHelper.AdministratorEMail, "Error!!!", message, false); } Server.ClearError(); } but i receive email like this (this is header without full exception content): User: AbsoluteUri: Form: QueryString: Browser Capabilities: Type = IE8 Name = IE Version = 8.0 Platform = WinXP Is Crawler = False Supports Cookies = True Supports JavaScript = 1.2 why username and request url is emty? this problem is exist when i replace transfer with redirect or i don't use both. tanx

Read the article
Can't understand sessions in Rails

- by ciss

Hello everyone. Please don't bit my for my misunderstanding. The sessions are very new for me, and i have some problems. Okay i read many information about sessions and especially rails session. But this don't give me right imagine about sessions. Did i understand right, when users send request to server (get) - Server create a new session (and store this some file in hard drive with session id), session id - is a random generated num? so, server create a new session (and store session on drive) after this server send back answer to client and set session_id in cookies? Ok, i debug some params and see some results: debug(session): {:_csrf_token=>"jeONIfNxFmnpDn/xt6I0icNK1m3EB3CzT9KMntNk7KU=", :session_id=>"06c5628155efaa6446582c491499af6d", "flash"=>{}} debug(cookies): {"remember_user_token"=>"1::3GFRFyXb83lffzwPDPQd", "_blog_session"=>"BAh7CDoQX2NzcmZfdG9rZW4iMWplT05JZk54Rm1ucERuL3h0NkkwaWNOSzFtM0VCM0N6VDlLTW50Tms3S1U9Og9zZXNzaW9uX2lkIiUwNmM1NjI4MTU1ZWZhYTY0NDY1ODJjNDkxNDk5YWY2ZCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA==--348c88b594e98f4bf6389d94383134fbe9b03095"} Okay, i know, what _csrf_token helps to prevent csrf. session_id - is id of the session which stored on hard drive (by default) but what is _blog_session in cookies? also, remeber_user_token containes my id (1::*) and what about second part, what is it? Sorry for this stupid questions, i know what i can easy use any nice auth-plugins (authlogic/clearance/devise), but i want to fully understand sessions. Thank you. (also sorry for my english, this is not my native language)

Read the article
JSDoc with AngularJS

- by Nick White

Currently within my Project we are using JSDoc, we have recently started to implement Angular and I want to continue using JSDoc to ensure that all the documentation is within the same place. I have taken a look at people mainly just saying to use ngDoc but this isn't really a viable option as we will always have separate JavaScript and I ideally would have everything together. /** * @author Example <[email protected]> * @copyright 2014 Example Ltd. All rights reserved. */ (function () { window.example = window.example || {}; /** * Example Namespace * @memberOf example * @namespace example.angular */ window.example.angular = window.example.angular || {}; var exAngular = window.example.angular; /** * A Example Angular Bootstrap Module * @module exampleAngularBootstrap */ exAngular.bootstrap = angular.module('exampleAngularBootstrap', [ 'ngRoute', 'ngResource', 'ngCookies' ]) .run(function ($http, $cookies) { $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken; $http.defaults.headers.common['X-CSRFToken'] = $cookies.csrftoken; }); })(); Currently this is what I have but am unable to put documentation for the run() any ideas? Thank you in advanced!

Read the article
How to hide div serverside by reading cookie

- by user338109

I am using following a tutorial from here: http://www.shopdev.co.uk/blog/cookies-with-jquery-designing-collapsible-layouts/ This is the script I use: <script type="text/javascript" language="javascript"> $(function() { // SETUP: // When the info banner is clicked: $('#setup').click(function() { $('#intro').css("display","none"); $.cookie('intro', 'collapsed'); }); // COOKIES // Info banner state var intro = $.cookie('intro'); // READ THE COOKIES if (intro == 'collapsed') { $('#intro').css("display","none"); }; }); </script> The script hides the following div as the cookie is read: <div class="feedback attention" id="intro"> Text goes here <a id="setup" href="#">Ok I get it, please hide this</a> </div> Everything work great but when the page loads the div is shown for a split second. I guess the solution is to present two different pieces of markup serverside according to the cookie info. I have no idea how to go about this.

Read the article
Android EVO4G SenseUI Flash Lite 4 cookie problem

- by cmurray

Got the EVO4G today, watching it run Actionscript3 out of the box was EXTREMELY cool. Ran into a problem though. When I connect to a server which creates an HTTP session and hands a cookie to my application, subsequent calls from my client to the server do not have the cookie attached to the HTTP request. That causes the server to invalidate the session and my user is logged out. This appears to be a bug between the Flash Lite 4 player and the SenseUI/browser running in Android 2.1 for the EVO4G. This same application works on other platforms, including the HTC HERO if compiled for flash lite 2. If I hardcode my HTTP requests in the browser address bar, the cookies work, so I know cookies are working on the phone. But when my application is running in the Flash Player, the cookies are not working. I realize this may not be the best forum for this question, so if you cant answer or help me, if you could give me some more appropriate forums to ask on, I would appreciate that. Thanks!

Read the article
Custom authentication module inheriting IHttpModule issue.

- by Chandan Khatwani

LoginPage.aspx:- protected void Button1_Click(object sender, EventArgs e) { Context.Items["Username"] = txtUserId.Text; Context.Items["Password"] = txtPassword.Text; // FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Context.Items["Username"].ToString(), DateTime.Now, DateTime.Now.AddMinutes(10), true, "users", FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); Response.Redirect("Default.aspx"); } Global.asax file:- void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string userData = ticket.UserData; string[] roles = userData.Split(','); HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles); Response.Write(HttpContext.Current.User.Identity.Name); Response.Redirect("Default.aspx"); } } } } I get the following error after signing in This webpage has a redirect loop. The webpage at http://localhost:1067/Default.aspx has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Read the article
Discussion - Allowing / blocking user access to pages / Client Side Validation (Client Side Only!) -

- by Ozaki

TLDR Using plain HTML / Javascript (Client Side) I want to prevent viewing of certain pages. The user will have to type a username and password and depending on that they get access to different pages. Answers can NOT include server side whatsoever It does not matter if they can break it easily. There is no sensitive information etc. Also the target audience will not have access to internet OR probably know what a cookie is... At some point the user will have to type username / password.(I can define the cookie here) Currently I thought of using cookies to set a cookie for each page to say "true" / "false" but that would get messy with so many cookies. Or setting an array within a cookie for each page? I have div field "#Content" which as it looks encompasses all of my content on the page so blocking out content will be as simple as replacing it with ("sorry you don't have access") etc. For Example: $.cookie("Access","page1, page2, page3"{ expires: 1 }); I am looking for anyway to do this does not have to be with cookies. Would be nice to get a discussion of different ways this can be done. So the question is: What do YOU think would be a good way to go about doing this with client side validation? Also on another note discussion on how to make client side more secure or ways to do so are acceptable.

Read the article
ClearMyTracksByProcess - all options?

- by Jonny Blaze

I've seen the list of values floating around the internet for ClearMyTracksByProcess Delete Temporary Internet Files: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 Delete Cookies: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 Delete History: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 Delete Form Data: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 Delete Passwords: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 Delete All: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 Delete All + files and settings stored by Add-ons: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 But it's not a complete list of all the options, and I can't seem to find a complete list (whether there isn't one published, or this one has been republished too many times and is hogging all the search results, I'm not sure). What I'm looking to do is delete Cookies + Temp + Add-ons, but preserve History, Form data, and Passwords. Has anybody found a complete list of all the available options? Or just the option for Add-ons so I can do the math myself? (e.g. Add-ons value + 8 + 2 = the answer I'm looking for) Thanks for looking at my question!

Read the article
Chrome: Saved username/password filled in incognito mode

- by Wouter Coekaerts

If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in. Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in? Clarification: Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it. When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).

Read the article
Ignoring GET parameters in Varnish VCL

- by JamesHarrison

Okay: I've got a site set up which has some APIs we expose to developers, which are in the format /api/item.xml?type_ids=34,35,37&region_ids=1000002,1000003&key=SOMERANDOMALPHANUM In this URI, type_ids is always set, region_ids and key are optional. The important thing to note is that the key variable does not affect the content of the response. It is used for internal tracking of requests so we can identify people who make slow or otherwise unwanted requests. In Varnish, we have a VCL like this: if (req.http.host ~ "the-site-in-question.com") { if (req.url ~ "^/api/.+\.xml") { unset req.http.cookie; } } We just strip cookies out and let the backend do the rest as far as times are concerned (this is a hackaround since Rails/authlogic sends session cookies with API responses). At present though, any distinct developers are basically hitting different caches since &key=SOMEALPHANUM is considered as part of the Varnish hash for storage. This is obviously not a great solution and I'm trying to work out how to tell Varnish to ignore that part of the URI.

Read the article
Proxy / Squid 2.7 / Debian Wheezy 6.7 / lots of TCP Timed-out

- by Maroon Ibrahim

i'm facing a lot of TCP timed-out on a busy cache server and here below my sysctl.conf configuration as well as an output of "netstat -st" Kernel 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux Any advice or help would be highly appreciated #################### Sysctl.conf cat /etc/sysctl.conf net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 fs.file-max = 65536 net.ipv4.tcp_low_latency = 1 net.core.wmem_max = 8388608 net.core.rmem_max = 8388608 net.ipv4.ip_local_port_range = 1024 65000 fs.aio-max-nr = 131072 net.ipv4.tcp_fin_timeout = 10 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 3 kernel.threads-max = 131072 kernel.msgmax = 32768 kernel.msgmni = 64 kernel.msgmnb = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.ip_forward = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_dynaddr = 1 vm.swappiness = 0 vm.drop_caches = 3 net.ipv4.tcp_moderate_rcvbuf = 1 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_ecn = 0 net.ipv4.tcp_max_orphans = 131072 net.ipv4.tcp_orphan_retries = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_max_syn_backlog = 32768 net.core.netdev_max_backlog = 131072 net.ipv4.tcp_mem = 6085248 16227328 67108864 net.ipv4.tcp_wmem = 4096 131072 33554432 net.ipv4.tcp_rmem = 4096 174760 33554432 net.core.rmem_default = 33554432 net.core.rmem_max = 33554432 net.core.wmem_default = 33554432 net.core.wmem_max = 33554432 net.core.somaxconn = 10000 # ################ Netstat results /# netstat -st IcmpMsg: InType0: 2 InType3: 233754 InType8: 56251 InType11: 23192 OutType0: 56251 OutType3: 437 OutType8: 4 Tcp: 20680741 active connections openings 63642431 passive connection openings 1126690 failed connection attempts 2093143 connection resets received 13059 connections established 2649651696 segments received 2195445642 segments send out 183401499 segments retransmited 38299 bad segments received. 14648899 resets sent UdpLite: TcpExt: 507 SYN cookies sent 178 SYN cookies received 1376771 invalid SYN cookies received 1014577 resets received for embryonic SYN_RECV sockets 4530970 packets pruned from receive queue because of socket buffer overrun 7233 packets pruned from receive queue 688 packets dropped from out-of-order queue because of socket buffer overrun 12445 ICMP packets dropped because they were out-of-window 446 ICMP packets dropped because socket was locked 33812202 TCP sockets finished time wait in fast timer 622 TCP sockets finished time wait in slow timer 573656 packets rejects in established connections because of timestamp 133357718 delayed acks sent 23593 delayed acks further delayed because of locked socket Quick ack mode was activated 21288857 times 839 times the listen queue of a socket overflowed 839 SYNs to LISTEN sockets dropped 41 packets directly queued to recvmsg prequeue. 79166 bytes directly in process context from backlog 24 bytes directly received in process context from prequeue 2713742130 packet headers predicted 84 packets header predicted and directly queued to user 1925423249 acknowledgments not containing data payload received 877898013 predicted acknowledgments 16449673 times recovered from packet loss due to fast retransmit 17687820 times recovered from packet loss by selective acknowledgements 5047 bad SACK blocks received Detected reordering 11 times using FACK Detected reordering 1778091 times using SACK Detected reordering 97955 times using reno fast retransmit Detected reordering 280414 times using time stamp 839369 congestion windows fully recovered without slow start 4173098 congestion windows partially recovered using Hoe heuristic 305254 congestion windows recovered without slow start by DSACK 933682 congestion windows recovered without slow start after partial ack 77828 TCP data loss events TCPLostRetransmit: 5066 2618430 timeouts after reno fast retransmit 2927294 timeouts after SACK recovery 3059394 timeouts in loss state 75953830 fast retransmits 11929429 forward retransmits 51963833 retransmits in slow start 19418337 other TCP timeouts 2330398 classic Reno fast retransmits failed 2177787 SACK retransmits failed 742371590 packets collapsed in receive queue due to low socket buffer 13595689 DSACKs sent for old packets 50523 DSACKs sent for out of order packets 4658236 DSACKs received 175441 DSACKs for out of order packets received 880664 connections reset due to unexpected data 346356 connections reset due to early user close 2364841 connections aborted due to timeout TCPSACKDiscard: 1590 TCPDSACKIgnoredOld: 241849 TCPDSACKIgnoredNoUndo: 1636687 TCPSpuriousRTOs: 766073 TCPSackShifted: 74562088 TCPSackMerged: 169015212 TCPSackShiftFallback: 78391303 TCPBacklogDrop: 29 TCPReqQFullDoCookies: 507 TCPChallengeACK: 424921 TCPSYNChallenge: 170388 IpExt: InBcastPkts: 351510 InOctets: -609466797 OutOctets: -1057794685 InBcastOctets: 75631402 #

Read the article
What files should be excluded from a complete Windows backup?

- by tro

I'm starting to use CrashPlan to backup my Win 7 PC. I've got it writing to my external HD (for quick local restores) and to CrashPlan Central (for offsite storage). I'd like to backup my entire C:\ drive (the only partition) in a way that: Preserves all of my installed software and configuration, but Avoids backing up log files and other ephemeral / temporary files that are regenerated during normal operation of the OS. Which files and/or directories should I be excluding from backups? I'd like to make this a community wiki, so that we could all contribute towards a definitive list. Here's a list of regular expressions identifying the directories and files that CrashPlan excludes on Windows by default listed at http://support.crashplan.com/doku.php/articles/admin_excludes: .*/(?:42|\d{8,})/(?:cp|~).* (?i).*/CrashPlan.*/(?:cache|log|conf|manifest|upgrade)/.* .*\.part .*/iPhoto Library/iPod Photo Cache/.* .*\.cprestoretmp.* *\.rbf :/Config\\.Msi.* .*/Google/Chrome/.*cache.* .*/Mozilla/Firefox/.*cache.* .*\$RECYCLE\.BIN/.* .*/System Volume Information/.* .*/RECYCLER/.* .*/I386.* .*/pagefile.sys .*/MSOCache.* .*UsrClass\.dat\.LOG .*UsrClass\.dat .*/Temporary Internet Files/.* (?i).*/ntuser.dat.* .*/Local Settings/Temp.* .*/AppData/Local/Temp.* .*/AppData/Temp.* .*/Windows/Temp.* (?i).*/Microsoft.*/Windows/.*\.log .*/Microsoft.*/Windows/Cookies.* .*/Microsoft.*/RecoveryStore.* (?i).:/Config\\.Msi.* (?i).*\\.rbf .*/Windows/Installer.* Other excludes: .*\.(class|obj) .*/hiberfil.sys (?i).*\.tmp (?i).*/temp/ (?i).*/tmp/ .*Thumbs\.db .*/Local Settings/History/ .*/NetHood/ .*/PrintHood/ .*/Cookies/ .*/Recent/ .*/SendTo/

Read the article
Coffeeshop limits Internet connection to 30 minutes -- how does it recognize me if I delete my cooki

- by Andrew

I was connected to the Internet in a coffeeshop earlier today, but I was only allowed 30 minutes of access. I tried deleting my cookies after my time was up (though admittedly I didn't delete my Flash cookies -- would that have solved the problem?), but the connection still recognized that I'd already used 30 minutes, so I couldn't connect again. How did the connection recognize me still? The wireless was unprotected (no code or password), it just had a portal you had to pass through upon the initial connection. I'm not terribly familiar with web development or computer networks, so just trying to get a better idea of what's happening (and possibly to know what to do next time I use up my minutes =)).

Read the article
Add "secure" in cookie by httpd server

- by Abhishek

How do I have to configure my httpd server to add "Secure" in the cookies? I tried the one in the below link, http://blog.modsecurity.org/2008/12/fixing-both-missing-httponly-and-secure-cookie-flags.html but this did not seem to be working. I inspected the cookie via firebug and found that the cookies have "HttpOnly" but not "Secure". I double checked the configurations and they the same as mentioned in the link. I also noticed that the server response time goes bit high when doing it by mod_security. Is there a better way to do it? Any ideas or pointers to configurations would be helpful

Read the article
Deactivate SYN flooding mechanism

- by mlaug

I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time. That made some trouble as I have seen that log entry in kern.log TCP: Possible SYN flooding on port 59380. *Sending cookies*. Check SNMP counters. So I changed sysctl net.ipv4.tcp_syncookies to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production Next time I had to restart the service, the following message was logged TCP: Possible SYN flooding on port 59380. *Dropping request*. Check SNMP counters. How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...

Read the article
What is the BCSI-CS-**** cookie for?

- by Joanne Wellings

I'm undertaking an audit of the cookies we use on our external sites. There's one cookie that's used by all the sites, and by different domains within the sites. It starts BCSI-CS- and has random numbers and letters. It's the same cookie on different PCs on our network. Our own sites use it and Bing Maps, Google Analytics and Google Maps on our sites use it. This cookie does not seem to appear on PCs not on our network. We've figured that it's a cookie that our proxy server uses and therefore only an internal cookie, not one that our external site users will encounter. However, googling that cookie shows a lot of sites have listed a similar cookie in their "About our cookies" page with the same BCSI-CS prefix. Would we be right in thinking that these sites have got it wrong, that they don't have to list this cookie? After all, when I visit these sites, the cookie that they have listed does not appear on my PC. Can anyone confirm this, or explain what the BCSI-CS cookie actually is?

Read the article
MvcReportViewer v.0.4.0 is available!

- by Ilya Verbitskiy

Originally posted on: http://geekswithblogs.net/ilich/archive/2014/06/04/mvcreportviewer-v.0.4.0-is-available.aspxToday I released new version of MvcReportViewer. This release contains mostly bug fixes reported by library users. I am glad to see that Open Source model works and people try to contribute to the project! Thank you everybody for your bug repots and help with the project. Version 0.4.0 Added support for ASP.NET MVC 5 Removed jQuery dependency. I have not tested it on IE8 or earlier versions. Any help with testing is welcome! Fixed problem with SSRS keep-alive cookies. Keep-alive cookies are issued every time a report is opened during a browser session. Many people don't restart their browsers and in my case, Chrome doesn't get rid of the cookie session data on close - had to manually delete them for the reports to start working again. I added KeepSessionAlive control settings to manage SSRS keep-alive behavior. It is set to false by default to fix Bad Request 400: Request Too Long issue. You can find usage example in Fluent.cshtml. Fixed the bug when ReportViewer Control parameters was not parsed when ShowParameterPrompts parameter had not been set. Changed public static MvcReportViewerIframe MvcReportViewer method to use IEnumerable<KeyValuePair<string, object>> reportParameters instead of simple object. The reason is users reported that they mostly use multiple report parameters’ values. Added support for SSRS hosted on Windows Azure. Users should set MvcReportViewer.IsAzureSSRS property to true in Web.config to use Windows Azure authentication. I do not have Windows Azure SSRS and build the code using http://msdn.microsoft.com/en-us/library/gg552871.aspx#Authentication article. It would be nice if somebody from community tested the change or provided me a test report on Windows Azure for testing purposes.

Read the article
Session Tracking - Advantages and Disadvantages

I use to work for a major internet company that sold Dental Plans to customers through their large customer-driven websiteto consumers. They start tracking their users as soon as they hit their web servers, and then they log everything they can about the user. There are a lot of benefits for using session tracking for both the user and the website. Users can benefit from session tracking due to the fact that a website can retain pertaining information for the user so that they do not have to re-enter the same information repeatedly. In addition, websites can hold specific items in a cart for each user so that they can pay for all of their items at once when they are ready to complete their purchases. Websites can also benefit from session tracking because they can determine where a specific user came from and which advertising partner gave them a sale. This information is very useful when deciding on where to spend an advertising budget. There is only one real disadvantage when it comes to session tracking, Users can not really control what is actually tracked by a website. Yes, they can disable cookies and this will help, but that means that no tracking can be done at all. Most sites require users to have cookies enabled in order for users to make purchases or login to their accounts.

Read the article
Users can benefit from Session Tracking

I use to work for a large Dental Plan marketing website a few years ago and they had a large customer-driven website that sold Dental Plans to consumers. Their website started tracking users as soon as they hit their web servers, and then they logged everything they could about the user. There are a lot of benefits for using session tracking for both the user and the website. Users can benefit from session tracking due to the fact that a website can retain pertaining information for the user so that they do not have to re-enter the same information repeatedly. In addition, websites can hold specific items in a cart for each user so that they can pay for all of their items at once when they are ready to complete their purchases. Websites can also benefit from session tracking because they can determine where a specific user came from and which advertising partner gave them a sale. This information is very useful when deciding on where to spend an advertising budget. There is only one real disadvantage when it comes to session tracking, Users can not really control what is actually tracked by a website. Yes, they can disable cookies and this will help, but that means that no tracking can be done at all. Most sites require users to have cookies enabled in order for users to make purchases or login to their accounts.

Read the article
IE8 and P3P problems again,

- by MSolution

Have been browsing across the net, and seems everyone who got into this mess, really slogged to get out of it,... and now my turn! http://stackoverflow.com/questions/999534/ie-p3p-iframe-and-blocked-cookies-works-until-page-host-page-has-personal-info been reading alot, and i have a very simple p3p policy here: http: // bit.ly/cCyGi5 and corresponding P3P compact policy: P3P: CP="COM DEM INT NAV OTC PRE PUR STA NOI DSP COR ADMi DEVi OUR BUS" I have validated my P3P policy via the validator at w3c, I have tried "privacy bird" IE extension, and it says my P3P.xml matches with my privacy settings, and has no conflict, my compact policy matches with my P3P policy, coz some where i read IE7 matches the two!!! If i lower my privacy settings in IE, the cookies get restricted, and if i further lower it to allow all, it gets thru, so it is my P3P compact policy the coz, and needs fixing. If someone can guide me in the right direction, or if i can hire someone for an hour or two to look into it. M.

Read the article
DNN redirect Loop

- by JAllen

I am trying to duplicate an existing DNN portal that I have for testing purposes by creating a duplicate of the database and duplicating the .net files into a new folder. After I copied the site and changed the webconfig to point to the new site and changed the alias in the database I am getting this error. This webpage has a redirect loop. The webpage at http://xxx.us/xxx/default.aspx has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Read the article
Replace all ">"(>) which are inside <code> tags

- by Micke

How can i replace all > with > and < with < inside a <code> tag with ruby? For example: <code><script>alert('I steal cookies');</script></code> With: <code><script>alert('I steal cookies);<script><code> The reason for this is because the h() method escapes all the < and > Thanks, Micke

Read the article

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37 | Next Page >