Search Results

Search found 1701 results on 69 pages for 'cookie'.

Page 34/69 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • Play framework 1.x on Tomcat - httpOnly cookies

    - by aishwarya
    I'm setting application.session.httpOnly=true in the application.conf and generating a war file and deploying on tomcat. I still see the cookie generated as HttpOnly=No and it is editable. This is an issue with play 1.x running on tomcat 6 (i.e. servlet api 2.x). Apparently, http only flag for cookies was only introduced in servlet 3.0 and so is only available in tomcat 7+ has anybody identified a workaround for this so far (so I could have http only cookies for play 1.x on tomcat 6.x ) ? the httpOnly flag on context in tomcat only works for tomcat's jsessionid cookie... also, can I run a play 1.x app on servlet 3.0 ? PS: This was also posted on the play framework's google groups but we did not receive a response and so posting on SO.

    Read the article

  • How can I use Spring Security without sessions?

    - by Jarrod
    I am building a web application with Spring Security that will live on Amazon EC2 and use Amazon's Elastic Load Balancers. Unfortunately, ELB does not support sticky sessions, so I need to ensure my application works properly without sessions. So far, I have setup RememberMeServices to assign a token via a cookie, and this works fine, but I want the cookie to expire with the browser session (e.g. when the browser closes). I have to imagine I'm not the first one to want to use Spring Security without sessions... any suggestions?

    Read the article

  • Can't setup Facebook Login on my website..

    - by Mark
    I am trying to experiment with the new facebook authentication system, and I can't getthe login to work. I'm getting the following error message: API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. The url that is being sent to facebook is: http://www.facebook.com/connect/uiserver.php?app_id=444444444444444&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df357eceb0361a8a%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx&display=popup&channel=http%3A%2F%2Fwww.mysite.com%2Ffbtester.php&cancel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df6095a98598be8%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx&locale=en_US&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request Note that the 'Next' variable in the url is: next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df357eceb0361a8a%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx Any ideas what could be going wrong? All I've done is copy and paste the facebook login demo code from facebook's website: define('FACEBOOK_APP_ID', 'your application id'); define('FACEBOOK_SECRET', 'your application secret'); function get_facebook_cookie($app_id, $application_secret) { $args = array(); parse_str(trim($COOKIE['fbs' . $app_id], '\"'), $args); ksort($args); $payload = ''; foreach ($args as $key = $value) { if ($key != 'sig') { $payload .= $key . '=' . $value; } } if (md5($payload . $application_secret) != $args['sig']) { return null; } return $args; } $cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET); ? Your user ID is <div id="fb-root"></div> <script src="http://connect.facebook.net/en_US/all.js"></script> <script> FB.init({appId: '<?= FACEBOOK_APP_ID ?>', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.login', function(response) { window.location.reload(); }); </script> Thanks for the help!

    Read the article

  • .Net System.Net.HttpWebRequest & Authentication Cookies

    - by James
    I would like to know if the following is possible: As part of the PageLoad of an ASP.Net page request: Use HttpWebRequest (POST) to make a request to a forms authentication webpage of a different web application Examine the response to see if the authentication succeeded (identifiable if an authentication cookie has been set) If it fails, then finish the ASP.Net page request, which will display a message saying "couldn't auto-login" or some such thing If success, then instead of completing the ASP.Net page lifecycle, use "Response.Write" to send the response from the HttpWebRequest back to the browser (thus essentially displaying the webpage from the HttpWebRequest) If the above is possible, then, is there also a way to transfer the authentication cookie from the HttpWebResponse to the requesting browser? My gut feeling is probably not - but if this is the case, then how do proxy servers handle such things? Is that not essentially what they are doing? Thanks for any help

    Read the article

  • X-Domain and P3P Headers

    - by Jackson
    Hi, I have a website A.com and a domain at B.com with a widget inside an iframe getting data from A.com. I want to allow x-domain cookies to be passed from a.com to inside the iframe using ASP.NET My understanding is that - I can do this in IE using P3P Headers - such that the A.com cookie is passed to the iframe and session | cookie data is preserved. The P3P headers have to be sent from the A.com and from the iframe. Is this correct ? In dev, my understanding is if I "accept all cookies" in IE - then P3P headers won't matter anyway and so this should all just work. If I put on Medium Security then P3P is required.

    Read the article

  • Why won't asp.net create cookies in localhost?

    - by James McConnell
    Okay, this is really kinda starting to bug me. I have a simple Web project setup located at: "C:\Projects\MyTestProject\". In IIS on my machine, I have mapped a virtual directory to this location so I can run my sites locally (I understand I can run it from Visual Studio, I like this method better). I have named this virtual directory "mtp" and I access it via http://localhost/mtp/index.aspx. All this is working fine. However, whenever I try to create a cookie, it simply never gets written out? I've tried this in FF3 and IE7 and it just plain won't write the cookie out. I don't get it. I do have "127.0.0.1 localhost" in my hosts file, I can't really think of anything else I can do. Thanks for any advice. James

    Read the article

  • How to prevent multiple browser windows from sharing the same session in asp.net.

    - by Barry
    I have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up. I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other. However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them). Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?

    Read the article

  • iPhone filesystem permissions POSIX-compliant?

    - by Seva Alekseyev
    Hi all, I'm trying to pass some files from one app to another. I communicate the path (via a custom URL). The target application cannot read the file, citing errno 13 (permission denied). I've checked the permissions on file - they're 0644 (O+R), the permissions on directories all the way up to the root are 755 (O+RX). From a POSIX perspective, the file should be readable to any process and any user. Yet it's not. Any ideas, please? I can think of some workarounds. I could use a Web service (upload, get a cookie, communicate the cookie to the other app, other app downloads). I could also pass the actual file data in the URL - unelegant, and probably subject to length limitations. Clipboard is not supported on iPhone OS 2 IIRC.

    Read the article

  • Session ID Rotation - does it enhance security?

    - by dound
    (I think) I understand why session IDs should be rotated when the user logs in - this is one important step to prevent session fixation. However, is there any advantage to randomly/periodically rotating session IDs? This seems to only provide a false sense of security in my opinion. Assuming session IDs are not vulnerable to brute-force guessing and you only transmit the session ID in a cookie (not as part of URLs), then an attacker will have to access your cookie (most likely by snooping on your traffic) to get your session ID. Thus if the attacker gets one session ID, they'll probably be able to sniff the rotated session ID too - and thus randomly rotating has not enhanced security.

    Read the article

  • IsAuthenticated is false! weird behaviour + review question

    - by Naor
    This is the login function (after I validate user name and password, I load user data into "user" variable and call Login function: public static void Login(IUser user) { HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(cookie); string redirectUrl = user.HomePage; Response.Redirect(redirectUrl, true); } UserResolver is the following class: public class UserResolver { public static IUser Current { get { IUser user = null; if (HttpContext.Current.User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; user = Desrialize(ticket.UserData); } return user; } } public static string Serialize(IUser user) { StringBuilder data = new StringBuilder(); StringWriter w = new StringWriter(data); string type = user.GetType().ToString(); //w.Write(type.Length); w.WriteLine(user.GetType().ToString()); StringBuilder userData = new StringBuilder(); XmlSerializer serializer = new XmlSerializer(user.GetType()); serializer.Serialize(new StringWriter(userData), user); w.Write(userData.ToString()); w.Close(); return data.ToString(); } public static IUser Desrialize(string data) { StringReader r = new StringReader(data); string typeStr = r.ReadLine(); Type type=Type.GetType(typeStr); string userData = r.ReadToEnd(); XmlSerializer serializer = new XmlSerializer(type); return (IUser)serializer.Deserialize(new StringReader(userData)); } } And the global.asax implements the following: void Application_PostAuthenticateRequest(Object sender, EventArgs e) { IPrincipal p = HttpContext.Current.User; if (p.Identity.IsAuthenticated) { IUser user = UserResolver.Current; Role[] roles = user.GetUserRoles(); HttpContext.Current.User = Thread.CurrentPrincipal = new GenericPrincipal(p.Identity, Role.ToString(roles)); } } First question: Am I do it right? Second question - weird thing! The user variable I pass to Login has 4 members: UserName, Password, Name, Id. When UserResolver.Current executed, I got the user instance. I descided to change the user structure - I add an array of Warehouse object. Since that time, when UserResolver.Current executed (after Login), HttpContext.Current.User.Identity.IsAuthenticated was false and I couldn't get the user data. When I removed the Warehouse[] from user structure, it starts to be ok again and HttpContext.Current.User.Identity.IsAuthenticated become true after I Login. What is the reason to this weird behaviour?

    Read the article

  • Object reference error even when object is not null

    - by Shrewd Demon
    hi, i have an application wherein i have incorporate a "Remember Me" feature for the login screen. I do this by creating a cookie when the user logs in for the first time, so next time when the user visits the site i get the cookie and load the user information. i have written the code for loading user information in a common class in the App_Code folder...and all my pages inherit from this class. code for loading the user info is as follows: public static void LoadUserDetails(string emailId) { UsersEnt currentUser = UsersBL.LoadUserInfo(emailId); if (currentUser != null) HttpContext.Current.Session["CurrentUser"] = currentUser; } Now the problem is i get an "Object reference" error when i try to store the currentUser object in the session variable (even though the currentUser object is not null). However the password property in the currentUser object is null. Am i getting the error because of this...or is there some other reason?? thank you

    Read the article

  • Securely persist session between https://secure.yourname.com and http://www.yourname.com on rails ap

    - by Matt
    My rails site posts to a secure host (e.g. 'https://secure.yourname.com') when the user logs into the site. Session data is stored in the database, with the cookie containing only the session ID. The problem is that when the user returns to a non-https page, such as the home page (e.g. 'http://www.yourname.com') the user appears to have logged out. I believe the reason for this is that a separate cookie is stored for each host (www vs. secure). Is this correct? What is the best secure way to persist the session between both the http and https sections of the site? Does anyone know of any plugins that address this problem? The site runs on Heroku.

    Read the article

  • How to get JSON back from HTTP POST Request (to another domain)

    - by roman m
    I'm trying to use the API on a website, here's the part of the manual: Authenticated Sessions (taken from here) To create an authenticated session, you need to request an authToken from the '/auth' API resource. URL: http://stage.amee.com/auth (this is not my domain) Method: POST Request format: application/x-www-form-urlencoded Response format: application/xml, application/json Response code: 200 OK Response body: Details of the authenticated user, including API version. Extra data: "authToken" cookie and header, containing the authentication token that should be used for subsequent calls. Parameters: username / password Example Request POST /auth HTTP/1.1 Accept: application/xml Content-Type: application/x-www-form-urlencoded username=my_username&password=my_password Response HTTP/1.1 200 OK Set-Cookie: authToken=1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/Pm...; authToken: 1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/PmEvzkPGp...== Content-Type: application/xml; charset=UTF-8 QUESTION: How do I get that to work? I tried jQuery, but it seems to have problem with XSS. Actual code snippet would be greatly appreciated. p.s. All I was looking for was WebClient class in C#

    Read the article

  • How To Create A Download Quota.

    - by snikolov
    I need to create an handy file down loader which will count the amount of bytes downloaded and stop when it has exceed a preset limit. i need to mirror some files but i only have 7 gb per moth of bandwidth and i dont want to exceed the limit. Example limits can be in bytes or number of files, each user has their own limit, as well as a limit for Download Quota itself. So if you set a limit of 2 gigabytes for Download Quota, downloads stop at 2 gigabytes, even if you have 3 users with a limit of 1 gigabyte each. if ($range) { //pass client Range header to rapidshare // _insert($range); $cookie .= "\r\nRange: $range"; $multipart = true; header("X-UR-RANGE-Range: $range"); } //octet-stream + attachment => client always stores file header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $fn . '"'); //always included so clients know this script supports resuming header("Accept-Ranges: bytes"); //awful hack to pass rapidshare the premium cookie $user_agent = ini_get("user_agent"); ini_set("user_agent", $user_agent . "\r\nCookie: enc=$cookie"); $httphandle = fopen($url, "r"); $headers = stream_get_meta_data($httphandle); //let's check the return header of rapidshare for range / length indicators //we'll just pass these to the client foreach ($headers["wrapper_data"] as $header) { $header = trim($header); if (substr(strtolower($header), 0, strlen("content-range")) == "content-range") { // _insert($range); header($header); header("X-RS-RANGE-" . $header); $multipart = true; //content-range indicates partial download } elseif (substr(strtolower($header), 0, strlen("Content-Length")) == "content-length") { // _insert($range); header($header); header("X-RS-CL-" . $header); } } //now show the client he has a partial download if ($multipart) header('HTTP/1.1 206 Partial Content'); flush(); $download_rate = 100; while (!feof($httphandle)) { // send the current file part to the browser $var_stat = fread($httphandle, round($download_rate * 1024)); $var12 = strlen($var_stat); ////////////////////////////////// echo $var_stat; ///////////////////////////////// // flush the content to the browser flush(); // sleep one second sleep(1); }

    Read the article

  • Response.Redirect in HttpModule

    - by AgentHunt
    Can I do a redirect to a custom page in an HttpModule? I have an HttpModule A which executes some javascript code when any aspx page is loaded. I would like to have a server side code check to see if the clients browsers supports cookies. Can I place that code in the HttpModule A? If so, in which event? Or do I need to have a new HttpHandler for both purposes? Also, is it possible to check for cookies in an HttpModule(without a response.redirect)? All solutions I have seen need 2 pages, 1 for setting the cookie and the other for checking if the cookie has actually been created. I am hoping there should be a way to check for cookies at one place. Thanks in advance

    Read the article

  • Where to store selected language on multilingual site: session/cookies or url?

    - by tig
    I have a site that has all its content translated to multiple languages and has no accounts (to set prefered language there). I can detect preferred language using Accept-Language, ip or anything else. I have 3 ways to store user language selection: Detect language and store it in cookie/session and allow switching language (and also store it in cookie/session) Use detected language if there is no language specified in url, and show links to url with different language Use default site language and show links to other languages Storing langage in url can be of any type: different domain, subdomain, or somewhere in url I think about first case as it allows me to send one url to anyone and it will be presented to them in their preferred language. But another opinion is that different language means different data, so it must have different link.

    Read the article

  • Delete from array help

    - by Camran
    I have a cookie which stores info in an array. This is for a classifieds website, and whenever users delete their 'ads' the cookie must also be removed of the ad which was deleted. So I have this: if (isset($_COOKIE['watched_ads'])){ $expir = time()+1728000; $ad_arr = unserialize($_COOKIE['watched_ads']); foreach($ad_arr as $val){ if($val==$id){ // $id is something like "bmw_m3_10141912" unset($val); setcookie('watched_ads', serialize($ad_arr), $expir, '/'); } } } This doesn't work... any idea why? I think its a problem with the unset part... Also, keep in mind if there is only one value inside the array, what will happen then? Thanks

    Read the article

  • iPhone filesystem POSIX-compliant?

    - by Seva Alekseyev
    Hi all, I'm trying to pass some files from one app to another. I communicate the path (via a custom URL). The target application cannot read the file, citing errno 13 (permission denied). I've checked the permissions on file - they're 0644 (O+R), the permissions on directories all the way up to the root are 755 (O+RX). From a POSIX perspective, the file should be readable to any process and any user. Yet it's not. Any ideas, please? I can think of some workarounds. I could use a Web service (upload, get a cookie, communicate the cookie to the other app, other app downloads). I could also pass the actual file data in the URL - unelegant, and probably subject to length limitations. Clipboard is not supported on iPhone OS 2 IIRC.

    Read the article

  • Android: prevent user from coming back to login page after logging in

    - by user522559
    Hi all, I have a login page in my android app. I want to prevent the user after logging in to come back to the login page. Also, when the user reopens the app, if he has logged in before, I want to go directly to the main page without having to go to the login page. What the best way of doing that? One idea I thought of is to save the login parameters in a cookie, and then, when the app is reopens, if the cookie contains some login information, I inflate the main page, otherwise, I inflate the login page. Is this the best way of doing it? Thanks,

    Read the article

  • Getting all the cookies including those from google analytics from one webpage

    - by DixieFlatline
    Hello! I use apache 4 java libs for http get connections. I get all cookies from 2 other pages. But one other webpage contains google analytics cookies(utma,utmz...) and classic session id cookie (checked with firebug). When i try to get the cookies i only get sesson id cookie. Is there any trick to get all the cookies from java in connection with google analytics? If i want to make a http post, it seems that i have to send google analytics cookies too. I can copy my code if somebody wants, but it works on other pages(for printing cookies). Thank you

    Read the article

  • Why I get java.net.SocketException: Connection reset

    - by Jammy
    I need sent some requests to server side and get reponse, sometimes when I call specific method to run the flollowing common code, I get one error in line(addToCookieJar(connection);), any idea how this get happened? URL url = new URL(providerURL); HttpURLConnection connection = (HttpURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setDoInput(true); connection.setDoOutput(true); connection.setUseCaches(false); connection.setRequestProperty("Content-Type", "application/octet-stream"); // We understand gzip encoding connection.addRequestProperty("Accept-Encoding", "gzip"); if (cookie != null && cookieHandler != null) { connection.setRequestProperty("Cookie", cookie); } if (cookieHandler == null) { addFromCookieJar(connection); } // Send the request ObjectOutputStream oos = new ObjectOutputStream(connection.getOutputStream()); oos.writeObject(remote.getName()); oos.writeObject(m.getName()); // method name oos.writeObject(m.getParameterTypes()); // formal parameters oos.writeObject(args); // actual parameters oos.flush(); oos.close(); if (cookieHandler == null) { cookieJar.put(new URI(providerURL), connection.getHeaderFields()); } Exception: java.lang.reflect.UndeclaredThrowableException at $Proxy0.updateDocument(Unknown Source) at com.agst.ui.gantt.GanttPanel.doUpdateDocument(GanttPanel.java:1931) at com.agst.ui.gantt.GanttPanel.save(GanttPanel.java:1419) at com.agst.ui.gantt.GanttPanel$4.run(GanttPanel.java:1673) at java.lang.Thread.run(Unknown Source) Caused by: java.net.SocketException: Connection reset at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at com.agst.rmi.RemoteCallHandler.call(RemoteCallHandler.java:196) at com.agst.rmi.RemoteCallHandler.invoke(RemoteCallHandler.java:142) ... 5 more Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read1(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source) at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(Unknown Source) at com.agst.rmi.RemoteCallHandler.addToCookieJar(RemoteCallHandler.java:529) at com.agst.rmi.RemoteCallHandler.call(RemoteCallHandler.java:192) ... 6 more

    Read the article

  • Curl Wrapper Class does not return any data even though it worked previously?

    - by Scott Faisal
    We changed servers and installed all necessary software and just cannot seem to pin point what is going on. A simple CURL request does not return anything. Command Line CURL commands work just fine. We are using a wrapper for CURL utilizing streams. Do PHP streams require any out of the ordinary configuration? We are using the latest Lamp stack. This is the var_dump: object(cURL_Response)#180 (14) { ["cURL:private"]= resource(288) of type (curl) ["data_stream:private"]= object(elTempStream)#178 (1) { ["fp"]= resource(290) of type (stream) } ["request_header:private"]= NULL ["response_header:private"]= object(cURL_Headers)#179 (1) { ["headers:private"]= string(0) "" } ["response_headers:private"]= array(1) { [0]= object(cURL_Headers)#179 (1) { ["headers:private"]= string(0) "" } } ["error:private"]= string(0) "" ["errno:private"]= int(0) ["info:private"]= array(21) { ["url"]= string(21) "http://www.yahoo.com/" ["content_type"]= string(23) "text/html;charset=utf-8" ["http_code"]= int(200) ["header_size"]= int(1195) ["request_size"]= int(1153) ["filetime"]= int(-1) ["ssl_verify_result"]= int(0) ["redirect_count"]= int(1) ["total_time"]= float(0.486924) ["namelookup_time"]= float(0.003692) ["connect_time"]= float(0.005709) ["pretransfer_time"]= float(0.005714) ["size_upload"]= float(0) ["size_download"]= float(28509) ["speed_download"]= float(58549) ["speed_upload"]= float(0) ["download_content_length"]= float(211) ["upload_content_length"]= float(0) ["starttransfer_time"]= float(0.149365) ["redirect_time"]= float(0.312743) ["request_header"]= string(973) "GET / HTTP/1.0 User-Agent: cURL_ClientBase (PHP v/5.2.6-1+lenny4) Host: www.yahoo.com Accept: / Accept-Encoding: gzip, deflate, compress Referer: http://yahoo.com Cookie: B=e5iber15t7u05&b=3&s=ie; fpc_s=d=GGX6WCTIR29HWsjgLxFejKc_YJWxRqm3jYdEd6lu7W5ophpuAHBm6JGtNvhv97anG4VtaIMHQBPg3JAMOZGq59Lz_tRn_TFXgUT8T_at5HdCktVJLycy&v=2; fpt=d=nt1OT7HPe9wVIkHbMkpzQOgbP3.mQ3o1SPX7k5ztrFrWeeSWK5IgQooRY.8KtTeRMiaSEZ0kv3sO1MWtEsAzjVlRCDAZBoxqOs17v6PaZbPRqmDc92ivoMia.CqjufRs4_guOO4AyhRZ7_ml8rzxFrYeexpR2jLN0oPMyEWT0nbEf6Sdf._Bkh0HMfmI7KBnEx5uZBEEmV.wTfGRLG7zSd9sA4itOFv.r6AjP39CnogSn7NTJnqg_kEcKoiCM.lR5w_MqMc8IgWMBgSAZZgGEZpfmvxlQGnUzPwNh2pSpTe2wxFS3v1zPopDgoo2VsO3uzeyA3A_j7Hlk1P8T08DHbfr6ApDMUcr7d0QIt4pGYIxVV45XzfgpT7mgUdMei6VZrD9ozVQF0oqxrs1Ufri.XzPdB3NdQ--&v=1; fpc=d=sRPCfUfBTW96.RGiQn4hSkfi3p7WnPCAqYl5YoHecI7zjg7gH7PolscoPcq1Esm8dR.Rg1.AbQCpo2WBPXn1St96PpcjeCC.pj2.Upb3mKSRQkYPIVP1vQcL9nL7J8s9Z0VIXjiBFgSUcxyzDeUdP4us2YbVO3PbaVIwaIEfFsX3WI7YgiTbkrTGtwnFgoSYq6l8tnw-&v=2" } ["info_flagged:private"]= array(20) { [1048577]= string(21) "http://www.yahoo.com/" [2097154]= int(200) [2097166]= int(-1) [3145731]= float(0.486924) [3145732]= float(0.003692) [3145733]= float(0.005709) [3145734]= float(0.005714) [3145745]= float(0.149365) [3145747]= float(0.312743) [3145735]= float(0) [3145736]= float(28509) [3145737]= float(58549) [3145738]= float(0) [2097163]= int(1195) [2]= string(973) "GET / HTTP/1.0 User-Agent: cURL_ClientBase (PHP v/5.2.6-1+lenny4) Host: www.yahoo.com Accept: / Accept-Encoding: gzip, deflate, compress Referer: http://yahoo.com Cookie: B=e5iber15t7u05&b=3&s=ie; fpc_s=d=GGX6WCTIR29HWsjgLxFejKc_YJWxRqm3jYdEd6lu7W5ophpuAHBm6JGtNvhv97anG4VtaIMHQBPg3JAMOZGq59Lz_tRn_TFXgUT8T_at5HdCktVJLycy&v=2; fpt=d=nt1OT7HPe9wVIkHbMkpzQOgbP3.mQ3o1SPX7k5ztrFrWeeSWK5IgQooRY.8KtTeRMiaSEZ0kv3sO1MWtEsAzjVlRCDAZBoxqOs17v6PaZbPRqmDc92ivoMia.CqjufRs4_guOO4AyhRZ7_ml8rzxFrYeexpR2jLN0oPMyEWT0nbEf6Sdf._Bkh0HMfmI7KBnEx5uZBEEmV.wTfGRLG7zSd9sA4itOFv.r6AjP39CnogSn7NTJnqg_kEcKoiCM.lR5w_MqMc8IgWMBgSAZZgGEZpfmvxlQGnUzPwNh2pSpTe2wxFS3v1zPopDgoo2VsO3uzeyA3A_j7Hlk1P8T08DHbfr6ApDMUcr7d0QIt4pGYIxVV45XzfgpT7mgUdMei6VZrD9ozVQF0oqxrs1Ufri.XzPdB3NdQ--&v=1; fpc=d=sRPCfUfBTW96.RGiQn4hSkfi3p7WnPCAqYl5YoHecI7zjg7gH7PolscoPcq1Esm8dR.Rg1.AbQCpo2WBPXn1St96PpcjeCC.pj2.Upb3mKSRQkYPIVP1vQcL9nL7J8s9Z0VIXjiBFgSUcxyzDeUdP4us2YbVO3PbaVIwaIEfFsX3WI7YgiTbkrTGtwnFgoSYq6l8tnw-&v=2" [2097164]= int(1153) [2097165]= int(0) [3145743]= float(211) [3145744]= float(0) [1048594]= string(23) "text/html;charset=utf-8" } ["request_url:private"]= string(16) "http://yahoo.com" ["response_url:private"]= string(21) "http://www.yahoo.com/" ["status_code:private"]= int(200) ["cookies:private"]= array(0) { } ["request_headers"]= string(973) "GET / HTTP/1.0 User-Agent: cURL_ClientBase (PHP v/5.2.6-1+lenny4) Host: www.yahoo.com Accept: / Accept-Encoding: gzip, deflate, compress Referer: http://yahoo.com Cookie: B=e5iber15t7u05&b=3&s=ie; fpc_s=d=GGX6WCTIR29HWsjgLxFejKc_YJWxRqm3jYdEd6lu7W5ophpuAHBm6JGtNvhv97anG4VtaIMHQBPg3JAMOZGq59Lz_tRn_TFXgUT8T_at5HdCktVJLycy&v=2; fpt=d=nt1OT7HPe9wVIkHbMkpzQOgbP3.mQ3o1SPX7k5ztrFrWeeSWK5IgQooRY.8KtTeRMiaSEZ0kv3sO1MWtEsAzjVlRCDAZBoxqOs17v6PaZbPRqmDc92ivoMia.CqjufRs4_guOO4AyhRZ7_ml8rzxFrYeexpR2jLN0oPMyEWT0nbEf6Sdf._Bkh0HMfmI7KBnEx5uZBEEmV.wTfGRLG7zSd9sA4itOFv.r6AjP39CnogSn7NTJnqg_kEcKoiCM.lR5w_MqMc8IgWMBgSAZZgGEZpfmvxlQGnUzPwNh2pSpTe2wxFS3v1zPopDgoo2VsO3uzeyA3A_j7Hlk1P8T08DHbfr6ApDMUcr7d0QIt4pGYIxVV45XzfgpT7mgUdMei6VZrD9ozVQF0oqxrs1Ufri.XzPdB3NdQ--&v=1; fpc=d=sRPCfUfBTW96.RGiQn4hSkfi3p7WnPCAqYl5YoHecI7zjg7gH7PolscoPcq1Esm8dR.Rg1.AbQCpo2WBPXn1St96PpcjeCC.pj2.Upb3mKSRQkYPIVP1vQcL9nL7J8s9Z0VIXjiBFgSUcxyzDeUdP4us2YbVO3PbaVIwaIEfFsX3WI7YgiTbkrTGtwnFgoSYq6l8tnw-&v=2" }

    Read the article

  • Making Authlogic 'not remember me'

    - by user57618
    I want my user session to end when the user closes the browser. But authlogic seems to remember the session even when a new browser is opened. I have tried setting @user_session.remember_me = false but that doesn't help. I drilled down to the save_cookie method which is indeed saving the cookie with :expires = nil. Am I right in assuming that this will expire the cookie with the browser session? The only peculiar thing about my authlogic configuration is that I set c.perishable_token_valid_for(0) so that the invitation code never expires. Not that I think it has anything to do with this ..

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >