Search Results

Search found 1926 results on 78 pages for 'cookie monster'.

Page 36/78 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Problem with Google App Engine Appstats

    - by Taylor L
    I'm having an issue getting Appstats to work correctly. Using /appstats or /appstats/stats ends up in an infinite loop that keeps redirecting back to /appstats/stats. This results in a 404 error saying the page isn't redirecting properly. Any idea what the issue is? Here are the relevant lines in my appengine-web.xml. I've tried using both /appstats/stats and /appstats and they both have the same issue. <admin-console> <page name="Appstats" url="/appstats/stats" /> </admin-console> Below are the http headers showing the infinite redirect loop: http://mysite.appspot.com/appstats/stats GET /appstats/stats HTTP/1.1 Host: mysite.appspot.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: USER_LOCALE=en_US; JSESSIONID=POTIUPPpEmjHZoaNDWOSTA; ACSID=AJKiYcHiwT8jH7e01V9O5iFu3kpBhDd3k3oBwwxylv5u0DbJ- utvdpsgdb4Xim2WXwobkJmgTGGljvuh94_yVQ__- VPnBsTtUAhRjSyZ2Lv3G7oUHAxTsCWHJIMChGT3- XUyUNx8wxwvJisL_RTXH8Hc4TTLh_rVHm2k8gk8kgdbVZXexSV0K- a3coELTecWIBolt0qLd5L-5vALm382KsqbHorPXqoZMPTvR_06g_mR1cbmF2Ihnk6YhP7no58BNpESM9HvFyKNKXODo39hF4oaZCcW0Q9TBqUMgsrBqlcIh3- VvC7qvH0n_nAtrLTBbK_swnOFvCDcaf3whT9ty0CJ0VRNuNqIPOLHIeQAMgwXUNMr89P64EsgmuyONHR67glCQXEPOGXIaT1vcBJFwFoeNUqjdp824fHvoVhaL7Xlav- LTIFuM3f_ymHLmibk57PRuXUYEaAG HTTP/1.1 302 Found Location: http://mysite.appspot.com/appstats/stats X-AppEngine-Estimated-CPM-US-Dollars: $0.645553 X-AppEngine-Resource-Usage: ms=18965 cpu_ms=27884 api_cpu_ms=0 Set-Cookie: ACSID=AJKiYcF_YA7PB18b3T5OO7vEMo31f1hFhO8xKqFRiBUGrCr4YABAAyugZXcDfKMOM- r0FiK8xlOPfQWx3tOWIJ6ueOqK89X8M9YfHIs8WKUcSs6PwNZSKV0HKxvbqeWxfZI_cpo2YoS73s_RPlyEvjaYLOf6iXPpWeYyKTAbSqPOEBnVnTk3oso6ur66CIj3FnN8vsHfbanqY4sbaRsNj9pLjWZco0quYLOK1fd4wRZx_oAvk3jOlfAj7BZ7p9L1bO8oVCMpVn19cwT6zvO2-9RSjfiOPAacw7Cg0MT30r7Fr7SCj7VcSPAye4lc7tb9KL9ztZEk0xbEX-9vC6vHM_VfPJ54Kb_FycxE6lACsKTE4hj0bOa2-2quaOP0NSxfoH9ozLlQQCsGhpWBnlu__W06D0GqDqxcDUu2HocYqWuLi91aoa- aRTkqB_qo4aAa3OvHeKoFgwrS; expires=Mon, 12-Apr-2010 19:41:49 GMT; path=/ Date: Sun, 11 Apr 2010 19:42:08 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html Server: Google Frontend Content-Length: 0 ---------------------------------------------------------- http://mysite.appspot.com/appstats/stats GET /appstats/stats HTTP/1.1 Host: mysite.appspot.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: USER_LOCALE=en_US; JSESSIONID=POTIUPPpEmjHZoaNDWOSTA; ACSID=AJKiYcF_YA7PB18b3T5OO7vEMo31f1hFhO8xKqFRiBUGrCr4YABAAyugZXcDfKMOM- r0FiK8xlOPfQWx3tOWIJ6ueOqK89X8M9YfHIs8WKUcSs6PwNZSKV0HKxvbqeWxfZI_cpo2YoS73s_RPlyEvjaYLOf6iXPpWeYyKTAbSqPOEBnVnTk3oso6ur66CIj3FnN8vsHfbanqY4sbaRsNj9pLjWZco0quYLOK1fd4wRZx_oAvk3jOlfAj7BZ7p9L1bO8oVCMpVn19cwT6zvO2-9RSjfiOPAacw7Cg0MT30r7Fr7SCj7VcSPAye4lc7tb9KL9ztZEk0xbEX-9vC6vHM_VfPJ54Kb_FycxE6lACsKTE4hj0bOa2-2quaOP0NSxfoH9ozLlQQCsGhpWBnlu__W06D0GqDqxcDUu2HocYqWuLi91aoa- aRTkqB_qo4aAa3OvHeKoFgwrS HTTP/1.1 302 Found Location: http://mysite.appspot.com/appstats/stats X-AppEngine-Estimated-CPM-US-Dollars: $0.002243 X-AppEngine-Resource-Usage: ms=64 cpu_ms=93 api_cpu_ms=0 Date: Sun, 11 Apr 2010 19:42:08 GMT Content-Type: text/html Server: Google Frontend Content-Length: 0

    Read the article

  • OpenId ASP MVC Authentication with long expiry

    - by Khash
    Stackoverflow uses OpenId as many other websites. However, I rarely need to provide my OpenId to Stackoverflow while with other OpenId enabled websites, I have to do it once a day or week. This suggests to me that the expiry of the session is with the website and not the OpenId provider. Looking at the DotNetOpenId code in ASP MVC, I can see that after a successful authentication by the OpenId provider FormsAuthentication.SetAuthCookie is called with the identifier and a boolean parameter to determine if the cookie should be persisted. How can I force this cookie to expire, say in 2020 instead of whatever the default value is.

    Read the article

  • Technical/Programming/Non-SEO Pros and Cons of WWW or no-WWW?

    - by Ingenutrix
    What are technical/programming/non-SEO pros and cons of www or no-www, for domains as well as sub-domains? From Jeff Atwood's twitter at http://twitter.com/codinghorror/status/1637428313 : "sort of regretting the no-www choice because it causes full cookie submission to ALL subdomains. :(" What does this mean? Is there a blog post or article detailing this? What other specific issues and their reasons should be considered for www. vs no-www. Update: On searching for more info on this topic, I found following helpful ( in addition to Laurence Gonsalves answer ) : Dropping the WWW Prefix Impact on search results: Jivlain's and Isaac Lin's comments Use Cookie-free Domains for Components on StackOverflow : Should I default my website to www.foo or not? on StackOverflow : When should one use a ‘www’ subdomain?

    Read the article

  • Java,Tomcat,Sessions - JSessionId disappear

    - by Bob
    Hi, I'm having a problem with java sessions. I'm developing a simple web app, where I have to use sessions and session attributes. Everything is fine until I close my browser. When I close my browser the JSessionId disappears. Here's my code: request.getSession().setMaxInactiveInterval(30*60); //it's 30 minutes request.getSession().setAttribute("someinteger", 10); It works great, but when I shut down the browser, and reopen it I can't find the jsessionId (before I closed the browser I could find it in the 'localhost' section). The strange thing is I can still find the "someinteger" cookie. What is the problem? What am I doing wrong? I'm using this, too: link text, and it shows that JSESSIONID cookie expires : "SESSION", and "someinteger" expires in 30 minutes Thanks in advance.

    Read the article

  • Java,Tomcat,Sessions - JSessionId disappears

    - by Bob
    Hi, I'm having a problem with java sessions. I'm developing a simple web app, where I have to use sessions and session attributes. Everything is fine until I close my browser. When I close my browser the JSessionId disappears. Here's my code: request.getSession().setMaxInactiveInterval(30*60); //it's 30 minutes request.getSession().setAttribute("someinteger", 10); It works great, but when I shut down the browser, and reopen it I can't find the jsessionId (before I closed the browser I could find it in the 'localhost' section). The strange thing is I can still find the "someinteger" cookie. What is the problem? What am I doing wrong? I'm using this, too: link text, and it shows that JSESSIONID cookie expires : "SESSION", and "someinteger" expires in 30 minutes Thanks in advance.

    Read the article

  • Error on windows using session from appengine-utilities

    - by fredrik
    Hi, I ran across an odd problem while trying to transfer a project to a windows machine. In my project I use a session handler (http://gaeutilities.appspot.com/session) it works fine on my mac but on windows I get: Traceback (most recent call last): File "C:\Program Files (x86)\Google\google_appengine\google\appengine\ext\webapp_init_.py", line 510, in call handler.get(*groups) File "C:\Development\Byggmax.Affiliate\bmaffiliate\admin.py", line 29, in get session = Session() File "C:\Development\Byggmax.Affiliate\bmaffiliate\appengine_utilities\sessions.py", line 547, in init self.cookie.load(string_cookie) File "C:\Python26\lib\Cookie.py", line 628, in load for k, v in rawdata.items(): AttributeError: 'unicode' object has no attribute 'items' Anyone familiar with the Session Handler that knows anything of this? All help are welcome! ..fredrik

    Read the article

  • vb.net .aspxauth

    - by Morgan
    I am working with a large site trying to implement web parts for particular users in a particular subdirectory but I can't get the .ASPXAUTH cookie to be recognized. I've read dozens of tutorials and MS class library pages that tell me how it should work to no avail. I am brand new to Web parts, so I'm sorry if I'm unclear. The idea is that logged in users can travel the site, but then when they go to their dashboard, they are programmatically authenticated using Membership and FormsAuthentication to pull up their Personalization. When I step through the code, I can see the cookie being set, and that it exists on the following page, but Membership.GetUser() and User.Identity are both empty. I know the user exists because I created it programmatically using Membership.CreateUser() and I can see it when I do Membership.GetAllUsers() and it's online when i use Membership.GetUser(username) but the Personalization doesn't work. Right now, I'm just trying to get the proof of concept going. I've tried creating the ticket and cookie myself, and also using SetAuthCookie() (code follows). I really just need a clue as to what to look for. Here's the "login" page... If Membership.ValidateUser(testusername, testpassword) Then -- Works FormsAuthentication.SetAuthCookie(testusername, true) Response.Redirect("webpartsdemo1.aspx", False) End If And the next page (webpartsdemo1.aspx) Dim cookey As String = ".ASPXAUTH" lblContent.Text &= "<br><br>" & Request.Cookies(cookey).Name & " Details" lblContent.Text &= "<br>path = " & Request.Cookies(cookey).Path lblContent.Text &= "<br>domain = " & Request.Cookies(cookey).Domain lblContent.Text &= "<br>expires = " & Request.Cookies(cookey).Expires lblContent.Text &= "<br>Secure only? " & Request.Cookies(cookey).Secure lblContent.Text &= "<br>HTTP only? = " & Request.Cookies(cookey).HttpOnly lblContent.Text &= "<br>Has subkeys? " & Request.Cookies(cookey).HasKeys lblContent.Text &= "<br/><br/>request authenticated? " & Request.IsAuthenticated.ToString lblContent.Text &= " Getting user<br/>Current User: " Dim muGidget As MembershipUser If Request.IsAuthenticated Then muGidget = Membership.GetUser lblContent.Text &= Membership.GetUser().UserName Else lblContent.Text &= "none found" End If Output: .ASPXAUTH Details path = / domain = expires = 12:00:00 AM Secure only? False HTTP only? = False Has subkeys? False request authenticated? False Getting user Current User: none found Sorry to go on so long. Thanks for any help you can provide.

    Read the article

  • Prevent Ruby on Rails from sending the session header

    - by hurikhan77
    How do I prevent Rails from always sending the session header (Set-Cookie). This is a security problem if the application also sends the Cache-Control: public header. My application touches (but does not modify) the session hash in some/most actions. These pages display no private content so I want them to be cacheable - but Rails always sends the cookie header, no matter if the sent session hash is different from the previous or not. What I want to achieve is to only send the hash if it is different from the one received from the client. How can you do that? And probably that fix should also go into official Rails release? What do you think?

    Read the article

  • Play framework 1.x on Tomcat - httpOnly cookies

    - by aishwarya
    I'm setting application.session.httpOnly=true in the application.conf and generating a war file and deploying on tomcat. I still see the cookie generated as HttpOnly=No and it is editable. This is an issue with play 1.x running on tomcat 6 (i.e. servlet api 2.x). Apparently, http only flag for cookies was only introduced in servlet 3.0 and so is only available in tomcat 7+ has anybody identified a workaround for this so far (so I could have http only cookies for play 1.x on tomcat 6.x ) ? the httpOnly flag on context in tomcat only works for tomcat's jsessionid cookie... also, can I run a play 1.x app on servlet 3.0 ? PS: This was also posted on the play framework's google groups but we did not receive a response and so posting on SO.

    Read the article

  • How can I use Spring Security without sessions?

    - by Jarrod
    I am building a web application with Spring Security that will live on Amazon EC2 and use Amazon's Elastic Load Balancers. Unfortunately, ELB does not support sticky sessions, so I need to ensure my application works properly without sessions. So far, I have setup RememberMeServices to assign a token via a cookie, and this works fine, but I want the cookie to expire with the browser session (e.g. when the browser closes). I have to imagine I'm not the first one to want to use Spring Security without sessions... any suggestions?

    Read the article

  • Can't setup Facebook Login on my website..

    - by Mark
    I am trying to experiment with the new facebook authentication system, and I can't getthe login to work. I'm getting the following error message: API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. The url that is being sent to facebook is: http://www.facebook.com/connect/uiserver.php?app_id=444444444444444&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df357eceb0361a8a%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx&display=popup&channel=http%3A%2F%2Fwww.mysite.com%2Ffbtester.php&cancel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df6095a98598be8%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx&locale=en_US&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request Note that the 'Next' variable in the url is: next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df357eceb0361a8a%26origin%3Dhttp%253A%252F%252Fwww.mysite.com%252Ff38fea4f9ea573%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df23b800f8a78%26result%3DxxRESULTTOKENxx Any ideas what could be going wrong? All I've done is copy and paste the facebook login demo code from facebook's website: define('FACEBOOK_APP_ID', 'your application id'); define('FACEBOOK_SECRET', 'your application secret'); function get_facebook_cookie($app_id, $application_secret) { $args = array(); parse_str(trim($COOKIE['fbs' . $app_id], '\"'), $args); ksort($args); $payload = ''; foreach ($args as $key = $value) { if ($key != 'sig') { $payload .= $key . '=' . $value; } } if (md5($payload . $application_secret) != $args['sig']) { return null; } return $args; } $cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET); ? Your user ID is <div id="fb-root"></div> <script src="http://connect.facebook.net/en_US/all.js"></script> <script> FB.init({appId: '<?= FACEBOOK_APP_ID ?>', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.login', function(response) { window.location.reload(); }); </script> Thanks for the help!

    Read the article

  • .Net System.Net.HttpWebRequest & Authentication Cookies

    - by James
    I would like to know if the following is possible: As part of the PageLoad of an ASP.Net page request: Use HttpWebRequest (POST) to make a request to a forms authentication webpage of a different web application Examine the response to see if the authentication succeeded (identifiable if an authentication cookie has been set) If it fails, then finish the ASP.Net page request, which will display a message saying "couldn't auto-login" or some such thing If success, then instead of completing the ASP.Net page lifecycle, use "Response.Write" to send the response from the HttpWebRequest back to the browser (thus essentially displaying the webpage from the HttpWebRequest) If the above is possible, then, is there also a way to transfer the authentication cookie from the HttpWebResponse to the requesting browser? My gut feeling is probably not - but if this is the case, then how do proxy servers handle such things? Is that not essentially what they are doing? Thanks for any help

    Read the article

  • X-Domain and P3P Headers

    - by Jackson
    Hi, I have a website A.com and a domain at B.com with a widget inside an iframe getting data from A.com. I want to allow x-domain cookies to be passed from a.com to inside the iframe using ASP.NET My understanding is that - I can do this in IE using P3P Headers - such that the A.com cookie is passed to the iframe and session | cookie data is preserved. The P3P headers have to be sent from the A.com and from the iframe. Is this correct ? In dev, my understanding is if I "accept all cookies" in IE - then P3P headers won't matter anyway and so this should all just work. If I put on Medium Security then P3P is required.

    Read the article

  • Why won't asp.net create cookies in localhost?

    - by James McConnell
    Okay, this is really kinda starting to bug me. I have a simple Web project setup located at: "C:\Projects\MyTestProject\". In IIS on my machine, I have mapped a virtual directory to this location so I can run my sites locally (I understand I can run it from Visual Studio, I like this method better). I have named this virtual directory "mtp" and I access it via http://localhost/mtp/index.aspx. All this is working fine. However, whenever I try to create a cookie, it simply never gets written out? I've tried this in FF3 and IE7 and it just plain won't write the cookie out. I don't get it. I do have "127.0.0.1 localhost" in my hosts file, I can't really think of anything else I can do. Thanks for any advice. James

    Read the article

  • How to prevent multiple browser windows from sharing the same session in asp.net.

    - by Barry
    I have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up. I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other. However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them). Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?

    Read the article

  • iPhone filesystem permissions POSIX-compliant?

    - by Seva Alekseyev
    Hi all, I'm trying to pass some files from one app to another. I communicate the path (via a custom URL). The target application cannot read the file, citing errno 13 (permission denied). I've checked the permissions on file - they're 0644 (O+R), the permissions on directories all the way up to the root are 755 (O+RX). From a POSIX perspective, the file should be readable to any process and any user. Yet it's not. Any ideas, please? I can think of some workarounds. I could use a Web service (upload, get a cookie, communicate the cookie to the other app, other app downloads). I could also pass the actual file data in the URL - unelegant, and probably subject to length limitations. Clipboard is not supported on iPhone OS 2 IIRC.

    Read the article

  • Session ID Rotation - does it enhance security?

    - by dound
    (I think) I understand why session IDs should be rotated when the user logs in - this is one important step to prevent session fixation. However, is there any advantage to randomly/periodically rotating session IDs? This seems to only provide a false sense of security in my opinion. Assuming session IDs are not vulnerable to brute-force guessing and you only transmit the session ID in a cookie (not as part of URLs), then an attacker will have to access your cookie (most likely by snooping on your traffic) to get your session ID. Thus if the attacker gets one session ID, they'll probably be able to sniff the rotated session ID too - and thus randomly rotating has not enhanced security.

    Read the article

  • IsAuthenticated is false! weird behaviour + review question

    - by Naor
    This is the login function (after I validate user name and password, I load user data into "user" variable and call Login function: public static void Login(IUser user) { HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(cookie); string redirectUrl = user.HomePage; Response.Redirect(redirectUrl, true); } UserResolver is the following class: public class UserResolver { public static IUser Current { get { IUser user = null; if (HttpContext.Current.User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; user = Desrialize(ticket.UserData); } return user; } } public static string Serialize(IUser user) { StringBuilder data = new StringBuilder(); StringWriter w = new StringWriter(data); string type = user.GetType().ToString(); //w.Write(type.Length); w.WriteLine(user.GetType().ToString()); StringBuilder userData = new StringBuilder(); XmlSerializer serializer = new XmlSerializer(user.GetType()); serializer.Serialize(new StringWriter(userData), user); w.Write(userData.ToString()); w.Close(); return data.ToString(); } public static IUser Desrialize(string data) { StringReader r = new StringReader(data); string typeStr = r.ReadLine(); Type type=Type.GetType(typeStr); string userData = r.ReadToEnd(); XmlSerializer serializer = new XmlSerializer(type); return (IUser)serializer.Deserialize(new StringReader(userData)); } } And the global.asax implements the following: void Application_PostAuthenticateRequest(Object sender, EventArgs e) { IPrincipal p = HttpContext.Current.User; if (p.Identity.IsAuthenticated) { IUser user = UserResolver.Current; Role[] roles = user.GetUserRoles(); HttpContext.Current.User = Thread.CurrentPrincipal = new GenericPrincipal(p.Identity, Role.ToString(roles)); } } First question: Am I do it right? Second question - weird thing! The user variable I pass to Login has 4 members: UserName, Password, Name, Id. When UserResolver.Current executed, I got the user instance. I descided to change the user structure - I add an array of Warehouse object. Since that time, when UserResolver.Current executed (after Login), HttpContext.Current.User.Identity.IsAuthenticated was false and I couldn't get the user data. When I removed the Warehouse[] from user structure, it starts to be ok again and HttpContext.Current.User.Identity.IsAuthenticated become true after I Login. What is the reason to this weird behaviour?

    Read the article

  • Object reference error even when object is not null

    - by Shrewd Demon
    hi, i have an application wherein i have incorporate a "Remember Me" feature for the login screen. I do this by creating a cookie when the user logs in for the first time, so next time when the user visits the site i get the cookie and load the user information. i have written the code for loading user information in a common class in the App_Code folder...and all my pages inherit from this class. code for loading the user info is as follows: public static void LoadUserDetails(string emailId) { UsersEnt currentUser = UsersBL.LoadUserInfo(emailId); if (currentUser != null) HttpContext.Current.Session["CurrentUser"] = currentUser; } Now the problem is i get an "Object reference" error when i try to store the currentUser object in the session variable (even though the currentUser object is not null). However the password property in the currentUser object is null. Am i getting the error because of this...or is there some other reason?? thank you

    Read the article

  • Securely persist session between https://secure.yourname.com and http://www.yourname.com on rails ap

    - by Matt
    My rails site posts to a secure host (e.g. 'https://secure.yourname.com') when the user logs into the site. Session data is stored in the database, with the cookie containing only the session ID. The problem is that when the user returns to a non-https page, such as the home page (e.g. 'http://www.yourname.com') the user appears to have logged out. I believe the reason for this is that a separate cookie is stored for each host (www vs. secure). Is this correct? What is the best secure way to persist the session between both the http and https sections of the site? Does anyone know of any plugins that address this problem? The site runs on Heroku.

    Read the article

  • How to get JSON back from HTTP POST Request (to another domain)

    - by roman m
    I'm trying to use the API on a website, here's the part of the manual: Authenticated Sessions (taken from here) To create an authenticated session, you need to request an authToken from the '/auth' API resource. URL: http://stage.amee.com/auth (this is not my domain) Method: POST Request format: application/x-www-form-urlencoded Response format: application/xml, application/json Response code: 200 OK Response body: Details of the authenticated user, including API version. Extra data: "authToken" cookie and header, containing the authentication token that should be used for subsequent calls. Parameters: username / password Example Request POST /auth HTTP/1.1 Accept: application/xml Content-Type: application/x-www-form-urlencoded username=my_username&password=my_password Response HTTP/1.1 200 OK Set-Cookie: authToken=1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/Pm...; authToken: 1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/PmEvzkPGp...== Content-Type: application/xml; charset=UTF-8 QUESTION: How do I get that to work? I tried jQuery, but it seems to have problem with XSS. Actual code snippet would be greatly appreciated. p.s. All I was looking for was WebClient class in C#

    Read the article

  • How To Create A Download Quota.

    - by snikolov
    I need to create an handy file down loader which will count the amount of bytes downloaded and stop when it has exceed a preset limit. i need to mirror some files but i only have 7 gb per moth of bandwidth and i dont want to exceed the limit. Example limits can be in bytes or number of files, each user has their own limit, as well as a limit for Download Quota itself. So if you set a limit of 2 gigabytes for Download Quota, downloads stop at 2 gigabytes, even if you have 3 users with a limit of 1 gigabyte each. if ($range) { //pass client Range header to rapidshare // _insert($range); $cookie .= "\r\nRange: $range"; $multipart = true; header("X-UR-RANGE-Range: $range"); } //octet-stream + attachment => client always stores file header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $fn . '"'); //always included so clients know this script supports resuming header("Accept-Ranges: bytes"); //awful hack to pass rapidshare the premium cookie $user_agent = ini_get("user_agent"); ini_set("user_agent", $user_agent . "\r\nCookie: enc=$cookie"); $httphandle = fopen($url, "r"); $headers = stream_get_meta_data($httphandle); //let's check the return header of rapidshare for range / length indicators //we'll just pass these to the client foreach ($headers["wrapper_data"] as $header) { $header = trim($header); if (substr(strtolower($header), 0, strlen("content-range")) == "content-range") { // _insert($range); header($header); header("X-RS-RANGE-" . $header); $multipart = true; //content-range indicates partial download } elseif (substr(strtolower($header), 0, strlen("Content-Length")) == "content-length") { // _insert($range); header($header); header("X-RS-CL-" . $header); } } //now show the client he has a partial download if ($multipart) header('HTTP/1.1 206 Partial Content'); flush(); $download_rate = 100; while (!feof($httphandle)) { // send the current file part to the browser $var_stat = fread($httphandle, round($download_rate * 1024)); $var12 = strlen($var_stat); ////////////////////////////////// echo $var_stat; ///////////////////////////////// // flush the content to the browser flush(); // sleep one second sleep(1); }

    Read the article

  • Response.Redirect in HttpModule

    - by AgentHunt
    Can I do a redirect to a custom page in an HttpModule? I have an HttpModule A which executes some javascript code when any aspx page is loaded. I would like to have a server side code check to see if the clients browsers supports cookies. Can I place that code in the HttpModule A? If so, in which event? Or do I need to have a new HttpHandler for both purposes? Also, is it possible to check for cookies in an HttpModule(without a response.redirect)? All solutions I have seen need 2 pages, 1 for setting the cookie and the other for checking if the cookie has actually been created. I am hoping there should be a way to check for cookies at one place. Thanks in advance

    Read the article

  • Delete from array help

    - by Camran
    I have a cookie which stores info in an array. This is for a classifieds website, and whenever users delete their 'ads' the cookie must also be removed of the ad which was deleted. So I have this: if (isset($_COOKIE['watched_ads'])){ $expir = time()+1728000; $ad_arr = unserialize($_COOKIE['watched_ads']); foreach($ad_arr as $val){ if($val==$id){ // $id is something like "bmw_m3_10141912" unset($val); setcookie('watched_ads', serialize($ad_arr), $expir, '/'); } } } This doesn't work... any idea why? I think its a problem with the unset part... Also, keep in mind if there is only one value inside the array, what will happen then? Thanks

    Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >