Search Results

Search found 1397 results on 56 pages for 'cookies'.

Page 36/56 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Tools similar to HTTP Watch or YSlow for Google Chrome browser

    - by GustlyWind
    Hi We are testing our app in Google chrome for support. The basic loading is in scrambled and all the pages are in total CSS mess which we need to clean up unfortunately.For this I require a tool which works similar to firebug for Mozilla.Also to check headers, cookies, caching and POST data ,compression, redirection & chunked encoding a similar tool to HTTP watch is also desired. Any suggestions.Thanks

    Read the article

  • How do you code against CSRF malicious requests?

    - by user355950
    how to Decline malicious requests.... Cross-Site Request Forgery Severity: Medium Test Type: Application Remediation Tasks: Decline malicious requests Reasoning: The same request was sent twice in different sessions and the same response was received. This shows that none of the parameters are dynamic (session identifiers are sent only in cookies) and therefore that the application is vulnerable to this issue.

    Read the article

  • IntegrationTests - A potentially dangerous Request.Path value was detected from the client

    - by stacker
    I get this error: A potentially dangerous Request.Path value was detected from the client (?). when this URI: http://www.site.com/%3f. How can I write a integration test for this type of errors. I want to test against all this erros: A potentially dangerous Request.Path value was detected from the client A potentially dangerous Request.Cookies value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.QueryString value was detected from the client

    Read the article

  • Parsing cookie headers in J2ME/BlackBerry apps

    - by Marc Novakowski
    When using an HttpConnection in a BlackBerry app, you often get HTTP cookies in the response headers. Unfortunately there are no built-in APIs to assist with the parsing of the cookie headers. Has anyone found a third-party library to assist with the parsing of the cookie header(s) into a more useful data object? Creating some custom code that just parses out the name and value of the cookie isn't too difficult, but I'd like to also consider other fields within the cookie such as the expiration and domain fields.

    Read the article

  • Excel VBA and InternetExplorer causing errors on website

    - by SWD
    I have some "clever" users who have written an excel spreadsheet that automates some of their tasks on our intranet/timesheet. It seems as if the instance of Internet Explorer that is created is not doing everything I expect a browser to do, e.g. set cookies. Is there a way to detect if a user is hitting a web site with a VBA com object instance of Internet Explorer? I can't keep users from building creative solutions but I want to be able to handle them. thanks

    Read the article

  • Getting facebook OAuth access_token through Python SDK does not seem to be working, any ideas?

    - by user259349
    According to http://github.com/facebook/python-sdk/blob/master/src/facebook.py , In my canvas application, i can do the following call to get my access_token, which will work because my user has used facebook to login: import facebook myDict = facebook.get_user_from_cookie(cookies, app_id, app_secret) # my access_token is myDict["access_token"] myDict is alwas None, any ideas?

    Read the article

  • PHP Warning: Cookie values can not contain any of the following

    - by morpheous
    I am getting this warning whilst using Symfony 1.3.2 on Ubuntu 9.10: HP Warning: Cookie values can not contain any of the following ',; \t\r\n\013\014' in /lib/vendor/symfony/symfony-1.3.2/lib/response/sfWebResponse.class.php on line 368 I am not sure why this warning is being issued, since I am not directly setting any cookies in my action/template. Anyone knows what is causing this?

    Read the article

  • Forms Authentication logs out very quickly , locally works fine !!!

    - by user319075
    Hello to all, There's a problem that i am facing with my hosting company, I use a project that uses FormsAuthentication and the problem is that though it successfully logs in, it logs out VERY QUICKLY, and i don't know what could be the cause of that, so in my web.config file i added those lines: <authentication mode="Forms" > <forms name="Nadim" loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" path="/" requireSSL="false"/> </authentication> <authorization> <deny users ="?" /> </authorization> <sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" cookieless="false" timeout="1440"> </sessionState> and this is the code i use in my custom login page : protected void PasswordCustomValidator_ServerValidate(object source, ServerValidateEventArgs args) { try { UsersSqlDataSource.SelectParameters.Clear(); UsersSqlDataSource.SelectCommand = "Select * From Admins Where AdminID='" + IDTextBox.Text + "' and Password='" + PassTextBox.Text + "'"; UsersSqlDataSource.SelectCommandType = SqlDataSourceCommandType.Text; UsersSqlDataSource.DataSourceMode = SqlDataSourceMode.DataReader; reader = (SqlDataReader)UsersSqlDataSource.Select(DataSourceSelectArguments.Empty); if (reader.HasRows) { reader.Read(); if (RememberCheckBox.Checked == true) Page.Response.Cookies["Admin"].Expires = DateTime.Now.AddDays(5); args.IsValid = true; string userData = "ApplicationSpecific data for this user."; FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, IDTextBox.Text, System.DateTime.Now, System.DateTime.Now.AddMinutes(30), true, userData, FormsAuthentication.FormsCookiePath); string encTicket = FormsAuthentication.Encrypt(ticket1); Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); Response.Redirect(FormsAuthentication.GetRedirectUrl(IDTextBox.Text, RememberCheckBox.Checked)); //FormsAuthentication.RedirectFromLoginPage(IDTextBox.Text, RememberCheckBox.Checked); } else args.IsValid = false; } catch (SqlException ex) { ErrorLabel.Text = ex.Message; } catch (InvalidOperationException) { args.IsValid = false; } catch (Exception ex) { ErrorLabel.Text = ex.Message; } Also you will find that line of code: FormsAuthentication.RedirectFromLoginPage(IDTextBox.Text, RememberCheckBox.Checked); is commented because i thought there might be something wrong with the ticket when i log in , so i created it manually , every thing i know i tried but nothing worked, so does anyone have any idea what is the problem ? Thanks in advance, Baher.

    Read the article

  • How do you override the WCF AuthenticationService IsLoggedIn() method?

    - by Ryan Riley
    I have three current thoughts on how to do this: re-implement AuthenticationService, which uses lots of internal constructors and internal helpers, implement custom IIdentity and IPrincipal types and somehow hook these into FormsAuthentication. give up and roll my own. The problem is that we've got web apps and fat client apps using authentication and storing cookies. However, logging out of a web app does not log out of a fat client app, and we have now way of forcing a refreshed cookie, atm.

    Read the article

  • How Google Wave cannot be XSS injected by a widget

    - by Axel
    Hello, If you've used google wave you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe> ? if yes, then how they can't redirect google wave to another page? Thanks

    Read the article

  • Why Google Wave & iGoogle cannot be XSS injected by a widget

    - by Axel
    Hello, If you've used google wave or iGoogle you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe> ? if yes, then how they can't redirect you to another page? Thanks

    Read the article

  • Difficulties with google authentication

    - by user283405
    I am trying to authenticate google with the following code but google sent me back to the login page again. //STEP# 1 string loginURL = "https://www.google.com/accounts/ServiceLoginBox?service=analytics&nui=1&hl=en-US&continue=https%3A%2F%2Fwww.google.com%2Fanalytics%2Fsettings%2F%3Fet%3Dreset%26hl%3Den%26et%3Dreset%26hl%3Den-US"; request = (HttpWebRequest)WebRequest.Create(loginURL); request.CookieContainer = cookieJar; request.Method = "GET"; request.KeepAlive = true; request.UserAgent = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4"; HttpWebResponse response = (HttpWebResponse)request.GetResponse(); foreach (Cookie cook in response.Cookies) { cookieJar.Add(cook); } using (StreamReader sr = new StreamReader(response.GetResponseStream()) ) { serverResponse = sr.ReadToEnd(); sr.Close(); } galx = ExtractValue(serverResponse,"GALX","name=\"GALX\" value=\""); Console.WriteLine(galx); //Request# 2 string uriWithData = "https://www.google.com/accounts/ServiceLoginBoxAuth"; request = (HttpWebRequest)WebRequest.Create(uriWithData); request.KeepAlive = true; request.UserAgent = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4"; request.Method = "POST"; request.CookieContainer = cookieJar; string param = string.Format("Email={0}&Passwd={1}&continue={2}&service=analytics&nui=1&dsh=8209101995200094904&GALX={3}&hl=en-US&PersistentCookie=yes","**my email address**",p,"",galx); byte[] postArr = StrToByteArray(param); request.ContentType = @"application/x-www-form-urlencoded"; request.ContentLength = param.Length; Stream reqStream = request.GetRequestStream(); reqStream.Write(postArr,0,postArr.Length); reqStream.Close(); response = (HttpWebResponse)request.GetResponse(); foreach (Cookie cook in response.Cookies) { cookieJar.Add(cook); } using (StreamReader sr = new StreamReader(response.GetResponseStream()) ) { serverResponse = sr.ReadToEnd(); Console.WriteLine(serverResponse); // Close and clean up the StreamReader sr.Close(); }

    Read the article

  • CodeIgniter extend user's session expiration time

    - by spacemonkey
    Hi, Is it possible to extend user's session expiration time in CI. What I want to do is, by default every user's session cookie lasts for example 1 day, but every time user visits the site his session expiration time is extended by one more day. I don't know if it is a good idea to do this, maybe I should just set cookies life time for like a week and that's it? Thanks!

    Read the article

  • silverlight authentication

    - by user291400
    Good day! I have an silverlight site (silverlight navigation application) and I want clients to log in on my site. I want to give them different rights of viewing pages. A WCF service gives me true or false when I enter a login and a password. Then, if it returns true, I want to remember the logged user. How can I do it? Using cookies or global variable or something else?

    Read the article

  • django: caching passwords for custom authentication

    - by gruszczy
    I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

    Read the article

  • Sharing $_SESSION varaibles across subdomains using PHP

    - by scott
    Hi, I am trying to share the contents of the session variable across two subdomains but for some reason it is not working. The sessionid is exactly the same on both subdomains but the variables aren't available. I can achieve this with Cookies and this s working but would rather use the values in the session. Here is how I setting the domain for the session: Thanks, Scott

    Read the article

  • Ajax & session ids

    - by JavaRocky
    How would you go about knowing that ajax requests are related? Normally with HTTP-HTML requests, cookies would store a md5 hash representing a session id. Is there a similar pattern with AJAX?

    Read the article

  • urllib2 in Python 2.6.4: Any way to override windows hosts file?

    - by mikez302
    I am using the urllib2 module in Python 2.6.4, running in Windows XP, to access a URL. I am making a post request, that does not involve cookies or https or anything too complicated. The domain is redirected in my C:\WINDOWS\system32\drivers\etc\hosts file. However, I would like the request from urllib2 to go to the "real" domain and ignore the entry in the hosts file. Is there any easy and practical way to do this?

    Read the article

  • P3P - compact policy and legal stuff

    - by Matty F
    Is it legally OK to have only a P3P compact policy (allowing cookies in IE6+)? The P3P XML will also be present with company details and a link to the privacy policy, but nothing more. What are the legal implications of P3P and an incorrect implementation, especially in the UK?

    Read the article

  • JBoss: Authentication caches wrong login credentials

    - by aliaslan
    I am using JBoss AS 4.2.3 JBossSeam 2.1 My Problem is that I can login/logout with different users as long as I do not enter a wrong password for one user. If this happens it is not possible to authenticate any user. Authentication always fails. If I delete the browser cookies everything works fine. I have tried to set DefaultCacheTimeout and DefaultCacheResolution to 0 but without luck. Why does JBoss cache wrong credentials?

    Read the article

  • How to simulate browser form POST method using PHP/cURL

    - by user283266
    I'm trying to simulate browser with POST method using PHP/cURL. When I looked at that live Http header it shows Content-Type: multipart/form-data. I checked on the internet where it was suggested that cURL will send multipart/form-data when a custom headers is specified to Content-Type: multipart/form-data. $headers = array( 'Content-Type' => 'multipart/form-data; boundary='.$boundary ); This didn't work for me either when I print_r(curl_getinfo()) it showed [content_type] => text/html; charset=UTF-8 Which means cURL sent a default headers I also read that sending/uploading a file with cURL will cause data to be send as multipart/form-data. I created a file which curl uploaded but again when I ran curl_getinfo I got [content_type] => text/html; charset=UTF-8 $data_array = array("field" => "@c:\file_location.txt"); I also tried to read a file content so that the only thing sent would be content NOT ATTACHED FILE but this didn't work for me curl_getinfo shows [content_type] => text/html; charset=UTF-8. $data_array = array("field" => "<c:\file_location.txt"); // note @ replaced with < Do I miss somthing here? This is the referer url POST somepath HTTP/1.1 Host: www(dot)domain(dot)com User-Agent: Mozilla/5.0 (Windows) Gecko/13081217 Firefox/3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: url/some-file.php Content-Type: multipart/form-data; boundary=--------------------------$boundary Content-Length: $some_number ----------------------------$boundary Content-Disposition: form-data; name="$some_Value1" $some_text1 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value2" $some_text2 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value3" $some_text3 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value4" $some_text4 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value5" $some_text5 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value6" $some_text6 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value7" $some_text7 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value8" $some_text8 ----------------------------$boundary Content-Disposition: form-data; name="$some_Value9" ----------------------------$boundary Content-Disposition: form-data; name="$some_Value10" ----------------------------$boundary-- Here is a piece of code. <? //Include files set_time_limit(0); include'body.php'; include'keyword.php'; include'bio.php'; include'summary.php'; include'headline.php'; include'category.php'; include'spin.php'; include'random-text.php'; $category = category(); $headline = headline() ; $summary = summary(); $keyword = keyword(); $body = body(); $bio = bio(); $target="url"; $ref ="url_ref"; $c = "Content-Disposition: form-data; name="; $boundary = "---------------------------".random_text(); $category = category(); $headline = headline() ; $summary = summary(); $keyword = keyword(); $body = body(); $bio = bio(); // emulating content form as it appears on livehttp header $data = "\r\n".$boundary."\r\n".$c."\"pen_id\"\r\n\r\n".$Auth_id."\r\n".$boundary."\r\n".$c."\"cat_id\"\r\n\r\n".category()."\r\n".$boundary."\r\n".$c."\"title\"\r\n\r\n".headline()."\r\n".$boundary."\r\n".$c."\"meta_desc\"\r\n\r\n".summary()."\r\n".$boundary."\r\n".$c."\"meta_keys\"\r\n\r\n".keyword()."\r\n".$boundary."\r\n".$c."\"content\"\r\n\r\n".body()."\r\n".$boundary."\r\n".$c."\"author_bio\"\r\n\r\n".bio()."\r\n".$boundary."\r\n".$c."\"allow_comments\"\r\n\r\ny\r\n".$boundary."\r\n".$c."\"id\"\r\n\r\n\r\n".$boundary."\r\n".$c."\"action\"\r\n\r\n\r\n".$boundary."--\r\n"; // inserting content into a file $file = "C:\file_path.txt"; $fh = fopen($file, 'w+') or die("Can't open file"); fwrite($fh,$data); fclose($fh); // pulling out content from a file as multipart/form-data $data_array = array ("field" => "<C:\file_path.txt"); $headers = array ( 'POST /myhome/article/new HTTP/1.1', 'Host: url', 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9;q=0.8', 'Accept-Language: en-us,en;q=0.5', 'Accept-Encoding: gzip,deflate', 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'Keep-Alive: 300', 'Connection: keep-alive', 'Content-Type: multipart/form-data; boundary='.$boundary, 'Content-Length: '.strlen($data), ); # Create the cURL session $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target); // Define target site curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_HEADER, $headers); // No http head //curl_setopt($ch, CURLOPT_REFERER, $ref); curl_setopt($ch, CURLOPT_NOBODY, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // Return page in string curl_setopt($ch, CURLOPT_COOKIEJAR, "c:\cookie\cookies.txt"); // Tell cURL where to write curl_setopt($ch, CURLOPT_COOKIEFILE, "c:\cookie\cookies.txt"); // Tell cURL which cookies //curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, "$data_array"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // Follow redirects curl_setopt($ch, CURLOPT_MAXREDIRS, 4); # Execute the PHP/CURL session and echo the downloaded page $page = curl_exec($ch); $err = curl_error($ch); $info =curl_getinfo($ch); # Close the cURL session curl_close($ch); print_r($err); print_r($info); ?>

    Read the article

  • How does Google Wave & iGoogle prevent XSS by a widget?

    - by Axel
    Hello, If you've used Google Wave or iGoogle you have probably seen that you can insert widgets that are made by third parties without approval. My question is: How does prevent the widge from performing XSS or steak cookies? Are the widgets loaded in an <iframe>? If yes, then what prevents them from redirecting you to another page? Thanks

    Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >