Search Results

Search found 1491 results on 60 pages for 'tea with cookies'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 47/60 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • set current user in asp.net mvc

    - by Tomh
    Hey guys, I'm not sure if this is the best way to do it, but I want to keep a user object alive during all requests of the current user. From reading several resources I learned that you should create your own IPrinciple which holds this. But I don't want to trigger the database every authentication request. Any recommendations on how to handle this? Is caching the db request a good idea? protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); User user; using (HgDataContext hg = new HgDataContext()) { if (Session["user"] != null) { user = (from u in hg.Users where u.EmailAddress == authTicket.Name select u).Single(); } else { user = Session["user"] as User; } } var principal = new HgPrincipal(user); Context.User = principal; } }

    Read the article

  • php custom forum error

    - by phillip morris
    i have a form, and i want to have it be limited at 10 characters minimum. that is no problem, but what i want to do is echo the error at the top of the page, which is being included, so i cant just do: echo '<div class="error">Error</div>'; i want to have a designated div that is empty (will be on the included header page), but when there is an error it gets filled with the error text to output. anyone know how to do this not using sessions or cookies?

    Read the article

  • Replay attacks for HTTPS requests

    - by MatthewMartin
    Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

    Read the article

  • How to catch HttpAntiForgeryException in ASP.NET MVC

    - by megalonychidae
    I'm using the AntiForgeryToken in my ASP.NET MVC forms. If I deactivate cookies in my browser and send the from, I'd get following error message: A required anti-forgery token was not supplied or was invalid. How can I prevent this message from showing? I would prefer redirecting the user to another page. I've activated customErrors and included this HandleError in my controller: [HandleError(ExceptionType=typeof(HttpAntiForgeryException), View="Index")] public class MyController : Controller { ... } The HandleError is ignored. Has anyone got a solution?

    Read the article

  • How can web form content be preserved for the back button

    - by Peter Howe
    When a web form is submitted and takes the user to another page, it is quite often the case that the user will click the Back button in order to submit the form again (the form is an advanced search in my case.) How can I reliably preserve the form options selected by the user when they click Back (so they don't have to start from scratch with filling the form in again if they are only changing one of many form elements?) Do I have to go down the route of storing the form options in session data (cookies or server-side) or is there a way to get the browser to handle this for me? (Environment is PHP/JavaScript - and the site must work on IE6+ and Firefox2+)

    Read the article

  • Is using GET with a tokenID for security a good idea?

    - by acidzombie24
    I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

    Read the article

  • how to execute javascript in delphi?

    - by radick
    hi all i am coding a small app ,in middle i struck at some point where i have to execute javascript to get my data ? in my process ,i have to login to some url and then go to some page and have to get data from that . i done all this with indy idhttp ,i got all info except one column which needs javascript to get value ,then i itried to using twebbowser to make it work for me ,but how can i use cookies to enabled to webbrowser ? i navigated browserto('http://mysite.com/login.php user and pass ') ,well its loged in and then i tried to access next link like ('http://mysite.com/link1/example.php')but it directing to login page :( any help appreciated :)

    Read the article

  • Setting a Forms Authentication cookie from a .NET client application

    - by Jon DellOro
    We currently have a .NET 2.0 web app that uses forms authentication via cookies. Associated with this web app is an old VB6 client application that has its own login system. Currently, the users have to login to the VB6 app, and then when they click on a link, need to authenticate themselves again with the .NET forms authentication system. I'm wondering if it's possible to create a client side .NET application, give it the username and password, and set the forms authentication cookie (without the browser being opened). Is that possible??

    Read the article

  • PHP multiuser login class or script

    - by FFish
    I am looking for a simple but secure login script with mySQL PHP: sessions, MD5 that I can use with my exsisting database. Cookies to store password + password recovery by email. Change login/pass. I do not need registering, I register the user myself with temp login/pass. table agents agent1 agent2 table albums album1, owner: agent1 album2, owner: agent1 album3, owner: agent2 ... login.php agent1 logs in and has access to his albums: - album1 - album2 agent1 can edit his albums: edit.php?ref=album1 but NOT edit.php?ref=album3 by changing the ?ref variable

    Read the article

  • compile cs files with mono?

    - by acidzombie24
    I am trying to compile my project with mono on linux. My cmd looks something like... gmcs Pages/UserProfile.cs Properties/AssemblyInfo.cs queues.cs watch_editor.cs Class1.cs -define:USE_SQLITE -r:System -r:System.Collections -r:System.Collections.Generic -r:System.Collections.ObjectModel -r:System.Collections.Specialized -r:System.Configuration but much long. and i get the output error CS0006: cannot find metadata file `System.Collections' error CS0006: cannot find metadata file `System.Collections.Generic' error CS0006: cannot find metadata file `System.Collections.ObjectModel' ... How do i solve this? I also tried it the other way around (below) and had the same error msg with .dll at the end of them gmcs -define:USE_SQLITE -r:System.dll -r:System.Collections.dll -r:System.Web.UI.WebControls CommentCenter.cs cookies.cs db.cs Default.aspx.cs

    Read the article

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

    - by viatropos
    I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

    Read the article

  • Why do I get a "Day too big" error from Perl?

    - by azp74
    I have been helping someone debug some code where the error message was "Day too big". I know that this springs from localtime and the Y2038 bug (most google results appear to be people dealing with cookies expiring well into the future). We appear to have 'fixed' the problem by using time to get the current date. However, given that none of our original dates should have hit the 2038 issue I'm sceptical that we've actually fixed the problem ... Are there other instances that anyone knows of where one would hit "day too big"? OS is Solaris. Sample code - the actual code is quite large and the person I'm working with hasn't actually isolated the offending part (which is why I'm worried the 'fix' is not actually a fix). If I can put together something concise which reproduces the issue I will post!

    Read the article

  • What are the PHP Dos and Donts on XSS?

    - by AuGhost Ice
    Could any guru tell me the Dos and Donts of PHP when dealing with XSS issue? What de facto principles shoud I use when passing parameters between forms and dbs to prevent XSS? Are any of these maintaining state techniques of using 1. hidden form fields, 2.URL rewriting and 3.using cookies are vunerable to XSS? Also, can any one recommend me a good article that gives basic guidelines on how to prevent such vunerabilites been expolited? Or any coding examples?

    Read the article

  • how to set(get) cookie value in ext.net

    - by user591587
    scene: when I click item in ext:ComboBox and want to set the item selected value to cookie variable. Finally, after I click ext:Button, the ext:Label get cookie value and display it. But I get a error :Ext.Ajax Communication Failure , any help will be appreciated. aspx: <ext:ComboBox ID="ComboBox1" runat="server" StoreID="Store1" Width="100" Editable="false" DisplayField="name" ValueField="value" Mode="Local" TriggerAction="All`enter code here`" EmptyText="Select a locale..."> ..... aspx.cs protected void lngIndexChanged(object sender, DirectEventArgs e) { //Sets the cookie that is to be used by Global.asax HttpCookie cookie = new HttpCookie("CultureInfo"); cookie.Value = ComboBox1.SelectedItem.Value ; Response.Cookies.Add(cookie); Label1.Text = cookie.Value; //Set the culture and reload for immediate effect. //Future effects are handled by Global.asax Thread.CurrentThread.CurrentCulture = new CultureInfo(ComboBox1.SelectedItem.Value); Thread.CurrentThread.CurrentUICulture = new CultureInfo(ComboBox1.SelectedItem.Value); }

    Read the article

  • Fixing lots of broken references in a working asp.net mvc project

    - by davidbuttrick
    The last time I worked on this project everything was fine. That was about 4 days ago. Now, when I open the project, all the references to .Net are not working, I cannot build my project any more. I have tried following the advice in posts here, but to no avail. Even simple things, like Request.cookies - Request is underlined in curlies, and I get 'Request is undefined' when I roll over it. That doesnt seem like I need to just remove and recreate the reference to System.Web.Mvc - which I have tried, and had no luck. Any ideas? Surely there are other issues that can cause this problem... Thank you.

    Read the article

  • WordPress front page (homepage) fails to redirect when static front page is set.

    - by Keyslinger
    I have configured WordPress to display a static front page as described here: http://codex.wordpress.org/Settings_Reading_SubPanel#Reading_Settings When save changes and try to visit my front page, my browser displays the following error: "The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete." Disabling cookies does not remedy the situation. I'm using the theme, Constructor (http://wordpress.org/extend/themes/constructor), which I suspect may be contributing to the problem. How can I make WordPress properly display my front page?

    Read the article

  • Parsing a website

    - by Phenom
    I want to make a program that takes as user input a website address. The program then goes to that website, downloads it, and then parses the information inside. It outputs a new html file using the information from the website. Specifically, what this program will do is take certain links from the website, and put the links in the output html file, and it will discard everything else. Right now I just want to make it for websites that don't require a login, but later on I want to make it work for sites where you have to login, so it will have to be able to deal with cookies. I'll also want to later on have the program be able to explore certain links and download information from those other sites. What are the best programming languages or tools to do this?

    Read the article

  • Setting current culture with threads in ASP.NET MVC

    - by mare
    Here's an example of SetCulture attribute which inside does something like this: public void OnActionExecuting(ActionExecutingContext filterContext) { string cultureCode = SetCurrentLanguage(filterContext); if (string.IsNullOrEmpty(cultureCode)) return; HttpContext.Current.Response.Cookies.Add( new HttpCookie("Culture", cultureCode) { HttpOnly = true, Expires = DateTime.Now.AddYears(100) } ); filterContext.HttpContext.Session["Culture"] = cultureCode; CultureInfo culture = new CultureInfo(cultureCode); System.Threading.Thread.CurrentThread.CurrentCulture = culture; System.Threading.Thread.CurrentThread.CurrentUICulture = culture; } I was wondering how does this affect a site with multiple users logged on and each one setting their own culture? What is the scope of a thread here with regards to the IIS worker process (w3wp) that the site is running in?

    Read the article

  • create cookie in web method

    - by quantum62
    i have a web method that check user in data base via a jquery-ajax method i wanna if client exists in db i create a cookie in client side with user name but i know that response is not available in staticmethod .how can i create a cookie in a method that call with jquery ajax and must be static. its my code that does not work cuz response is not accesible if (olduser.Trim() == username.Trim() && password.Trim()==oldpass.Trim()) { retval =olduser; HttpContext context = HttpContext.Current; context.Session[retval.ToString()] = retval.ToString(); HttpCookie cook = new HttpCookie("userath"); cook["submituser"] = "undifiend"; Response.Cookies.Add(cook); }

    Read the article

  • At what point should I change the way Struts acquires the session token?

    - by Hanno Fietz
    It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies. If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval). There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?

    Read the article

  • align WMD editor's preview HTML with server-side HTML validation (e.g. no embedded javascript)

    - by Justin Grant
    There are many SO questions (e.g. here and here) about how to do server-side scrubbing of Markdown produced by the WMD editor to ensure the HTML generated doesn't contain malicious script, like this: <img onload="alert('haha');" src="http://www.google.com/intl/en_ALL/images/srpr/logo1w.png" /> This doesn't affect the WMD client's preview box. I doubt this is a big deal since if you're scrubbing the HTML on the server, an attacker can't save the bad HTML so no one else will be able to see it later and have their cookies stolen or sessions hijacked by the bad script. But it's still kinda odd to allow an attacker to run any script in the context of your site, and it's probably a bad idea to allow the client preview window to allow different HTML than your server will allow. StackOverflow has clearly plugged this hole. How did they do it? [NOTE: I already figured this out but it required some tricky javascript debugging, so I'm answering my own question here to help others who may want to do ths same thing]

    Read the article

  • asp.net forms authentication timing out after 1 minute

    - by user548929
    I'm using ASP.NET MVC 3 with the Authorize attribute, but it keeps kicking me to the logon page after 1 minute, but even though my expiration is set to a very high value, it times out quickly. I check the cookie in my browser and its still there and not set to expire until about a month later, and it's set to be persistent, so I'm not sure why it keeps booting me. It only happens on my published location, locally it works just fine. var ticket = new FormsAuthenticationTicket(username, true, 500000); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="7200" slidingExpiration="false"/> </authentication>

    Read the article

  • Station ID - more than IP

    - by bensiu
    Hello I am working on internal PHP application where users login only from our network (we are on dedicated IP and application is checking $_SERVER['REMOTE_ADDR'] and if is match our IP go thru if not - Bye However how I can identify from which station user is login ? Using cookie not gonna work - those are windows station working under control MS StedyState and all cookies are deleted every login I don't need nothing fancy like full MAC address just any unique ID (can not be application username - because users use different stations) Any ideas ? Maybe Javascript is able to grab some Unique detail from station's browser (IE 8) and pass this as hidden input? bensiu

    Read the article

  • Auto login on website

    - by jacktol
    I'm working on an application which consists of a Web Application and a Standalone Application. Both of the applications use the same database and require authentication and authorization. Within the Standalone Application a web browser needs to be opened, going to a page within the Web Application. This page is for authorized users only. Could anyone tell me if there is an easy way to automatically login within the Web Application via the Standalone Application? Besides using cookies or providing a token in the url. Thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >