Search Results

Search found 39999 results on 1600 pages for 'php session'.

Page 48/1600 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Spring Framework 3 and session attributes

    - by newbie
    I have form object that I set to request in GET request handler in my Spring controller. First time user enters to page, a new form object should be made and set to request. If user sends form, then form object is populated from request and now form object has all user givern attributes. Then form is validated and if validation is ok, then form is saved to database. If form is not validated, I want to save form object to session and then redirect to GET request handling page. When request is redirected to GET handler, then it should check if session contains form object. I have figured out that there is @SessionAttributes("form") annotation in Spring, but for some reason following doesnt work, because at first time, session attribute form is null and it gives error: org.springframework.web.HttpSessionRequiredException: Session attribute 'form' required - not found in session Here is my controller: @RequestMapping(value="form", method=RequestMethod.GET) public ModelAndView viewForm(@ModelAttribute("form") Form form) { ModelAndView mav = new ModelAndView("form"); if(form == null) form = new Form(); mav.addObject("form", form); return mav; } @RequestMapping(value="form", method=RequestMethod.POST) @Transactional(readOnly = true) public ModelAndView saveForm(@ModelAttribute("form") Form form) { FormUtils.populate(form, request); if(form.validate()) { formDao.save(); } else { return viewForm(form); } return null; }

    Read the article

  • Using AppFabric session state provider, does each session get its own region?

    - by goombaloon
    I've been playing around with AppFabric Beta 2's session state provider. It appears that each new session get its own region (named "Default_Region_XXXX" (where XXXX is an apparent random sequence of numbers). If I understand regions correctly, it appears that each region is tied to a single cluster host, leaving a single point of failure. Why is each session being given it own region? Also, do sessions eventually timeout and clean themselves up in the cache or is that behavior just inherited from the cache settings? I'm wondering (if in a production application scenario), if one would use a separate named cache for session state apart from other application caches? Thanks.

    Read the article

  • asp.net mvc enabling session state

    - by Erwin
    Hi fellow programmer I'd like to use session variables in my ASP.NET MVC application. I already added tag in my web.config file like this <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:2967" sqlConnectionString="data source=127.0.0.1;trusted_connection=true" cookieless="false" timeout="20" /> But I still can't use session variables in my application I set the var like this in my login method Session["username"] = userName; and retrieve it like this ba.user_id = (string)Session["username"]; I got null string when retrieving.

    Read the article

  • Uploadify (Session and authentication) with ASP.NET MVC

    - by Dragouf
    When I use Authorize filter on an action or a controller used by uplodify (http://www.uploadify.com/) the action isn't reach... moreover Session are not retrieved. I found this to retrieved user session : http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx But how to use it with [Authorize] filter and retrieved session ?

    Read the article

  • NHibernate, Databinding to DataGridView, Lazy Loading, and Session managment - need advice

    - by Tom Bushell
    My main application form (WinForms) has a DataGridView, that uses DataBinding and Fluent NHibernate to display data from a SQLite database. This form is open for the entire time the application is running. For performance reasons, I set the convention DefaultLazy.Always() for all DB access. So far, the only way I've found to make this work is to keep a Session (let's call it MainSession) open all the time for the main form, so NHibernate can lazy load new data as the user navigates with the grid. Another part of the application can run in the background, and Save to the DB. Currently, (after considerable struggle), my approach is to call MainSession.Disconnect(), create a disposable Session for each Save, and MainSession.Reconnect() after finishing the Save. Otherwise SQLite will throw "The database file is locked" exceptions. This seems to be working well so far, but past experience has made me nervous about keeping a session open for a long time (I ran into performance problems when I tried to use a single session for both Saves and Loads - the cache filled up, and bogged down everything - see http://stackoverflow.com/questions/2526675/commit-is-very-slow-in-my-nhibernate-sqlite-project). So, my question - is this a good approach, or am I looking at problems down the road? If it's a bad approach, what are the alternatives? I've considered opening and closing my main session whenever the user navigates with the grid, but it's not obvious to me how I would do that - hook every event from the grid that could possibly cause a lazy load? I have the nagging feeling that trying to manage my own sessions this way is fundamentally the wrong approach, but it's not obvious what the right one is.

    Read the article

  • Session Id in url and/or cookie? [closed]

    - by Jacco
    Most people advice against rewriting every (internal) url to include the sessionId (both GET and POST). The standard argument against it seems to be:   If an attacker gets hold of the sessionId, they can hijack the session.   With the sessionId in the url, it easily leaks to the attacker (by referer etc.) But what if you put the sessionId in both an (encrypted) cookie and the url. if the sessionId in either the cookie or the url is missing or if they do not match, decline the request. Let's pretend the website in question is free of xss holes, the cookie encryption is strong enough, etc. etc. Then what is the increased risk of rewriting every url to include the sessionId? UPDATE: @Casper That is a very good point. so up to now there are 2 reasons: bad for search engines / SEO if used in public part of the website can cause trouble when users post an url with a session Id on a forum, send it trough email or bookmark the page apart from the:   It increases the security risk, but it is not clear what the increased risk is. some background info: I've a website that offers blog-like service to travellers. I cannot be sure cookies work nor can I require cookies to work. Most computers in internet cafes are old and not (even close to) up-to-date. The user has no control over them and the connection can be very unreliable for some more 'off the beaten path' locations. Binding the session to an IP-address is not possible, some places use load-balancing proxies with multiple IP addresses. (and from China there is The Great Firewall). Upon receiving the first cookie back, I flag cookies as mandatory. However, if the cookie was flagged as mandatory but not there, I ask for their password once more, knowing their session from the url. (Also cookies have a 1 time token in them, but that's not the point of this question). UPDATE 2: The conclusion seems to be that there are no extra *security* issues when you expose you session id trough the URL while also keeping a copy of the session id in an encrypted cookie. Do not hesitate to add additional information about any possible security implications

    Read the article

  • What is the purpose of WCF reliable session?

    - by bsnote
    The documentation around this topic is poor. I use WCF services with NetTcpBinding hosted in Windows service. The problem is that a session is dropped when it is inactive for some time. What I need is the session which is always alive. Is WCF reliable session something that can help? Or I can just play with timeout settings?

    Read the article

  • Eclipse RAP - Firefox doesn't forget session

    - by Fritz H
    We've got an Eclipse RAP application that's behaving a bit strangely in Firefox - two distinct problems. When you browse around, you can click on a button in one part of the system. This opens a popup window like so: IWorkbenchBrowserSupport bs; bs = PlatformUI.getWorkbench().getBrowserSupport(); int style = IWorkbenchBrowserSupport.AS_EXTERNAL; IWebBrowser b = bs.createBrowser(style, getRandomID(), "Hello world", ""); b.openURL(new URL(...)); where the URL is another servlet in the application. This servlet is in the same runtime, but has nothing to do with RAP - it takes a binary blob from in-memory storage and dumps it in the output stream. Problem 1: This causes the HTTP session to die in firefox, and shows the "session expired" RAP error page with a link to restart the session. Problem 2: Now, when you click on the link to restart the session, it shows the application's dialog again, but the session expired error is shown again the moment you do anything. This prevents the user from using the system again, unless Firefox is closed down completely and restarted. A quick peek with FireBug reveals that the JSESSIONID passed by Firefox does not change. Has anyone seen this before?

    Read the article

  • Session state in asp.net mvc

    - by tiff
    I would like to know how to use session state in a simple log in log out in asp.net mvc.. I have a code here in my controller that I've retrieved from my mysql database for my session log in..but I don't really know how to manipulate it.. <AcceptVerbs(HttpVerbs.Post)> _ Function Index(ByVal username As String, ByVal password As String, ByVal department As String) As ActionResult Dim user As DataTable user = Account.userSelect(username:=username, password:=password, department:=department) If user.Rows.Count = 0 Then Return RedirectToAction("Index", "Home") Else Session("username") = user.Rows(0).Item("username") Session("department") = user.Rows(0).Item("department") Return RedirectToAction("News", "Administration") End If End Function Thank you!

    Read the article

  • ASP.NET Session State Error only on default document

    - by schmidty
    I have a site where when accessing via site.com/default.aspx everything is fine, however when accessing via site.com/ I get a session error as follows: "Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the \\ section in the application configuration." I have confirmed that default.aspx is the highest priority default document and that it is the page being loaded. However why is this session error only occurring when accessing via the default document? The server is 2008 R2 and IIS 7.5.

    Read the article

  • Sharing session state between 2 ASP.NET applications using SQL Server

    - by Dave
    Hi I'm working on a site that has a requirement to share session between a cms application and an online store application on the same domain eg. mydomain.com and store.mydomain.com I've made some progress with it and it works on my local build between localhost/cms and localhost/store Basically I have done what is suggested in this article http://blogs.msdn.com/toddca/archive/2007/01/25/sharing-asp-net-session-state-across-applications.aspx and hacked the TempGetAppID Stored Procedure to return the same application id (1). This appears to work as it creates sessions with ids like 'abv5d2urx1asscfwuzw3wp4500000001', which is what I'd expect. My issue is that when I deploy it to our testing environment, it creates a new session when I navigate between the 2 sites. So when I start a session on the cms site, if I navigate to the store, it creates a new session. These are set up as 2 different websites in IIS7. In the web.config files for both sites, the and elements are both the same and are as follows (minus sensitive information) Has anyone got an ideas why this might not be working? I am sharing Forms Authentication across the 2 sites and that works fine. Any help or ideas would be greatly appreciated! Many thanks Dave

    Read the article

  • CodeIgniter extend user's session expiration time

    - by spacemonkey
    Hi, Is it possible to extend user's session expiration time in CI. What I want to do is, by default every user's session cookie lasts for example 1 day, but every time user visits the site his session expiration time is extended by one more day. I don't know if it is a good idea to do this, maybe I should just set cookies life time for like a week and that's it? Thanks!

    Read the article

  • ASP.NET and Session State/Login info

    - by V-Man
    Are Session variables (in ASP.NET) the safest way to store data relating to whether a user is logged in or not? i.e. Session["LoggedIn"] = 'No' I know Session variables can be spoofed so I assume there must be a safer way. Any ideas for ASP.NET? Thanks!

    Read the article

  • Verify my form workflow

    - by Shackrock
    I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

    Read the article

  • [java bean]hibernate Session breaks a java bean?

    - by blow
    Hi all, i have a simple JPanel bean in my projects, now i want to drag my panel bean class into my jframe. My panel bean class is like this: public class BeanPanel extends javax.swing.JPanel { /** Creates new form BeanPanel */ public BeanPanel () { initComponents(); Session session=HibernateUtil.getSessionFactory().openSession(); } This code seem to break the bean: Session session=HibernateUtil.getSessionFactory().openSession(); When i try to drag the class into my JFrame bean i had this error message: This component cannot be instantiated. Please make sure it is a JavaBeans Component If i comment it all works fine. What is the reason of this? Thanks.

    Read the article

  • stuck with enable session state

    - by Shrewd Demon
    hi i have an application wherein i am accessing the Session object in the CommonCode.cs file that resides in the App_Code folder. But when the session object is accessed the application throws me an error: Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the \\ section in the application configuration. Now i have already enabled the session state property in the web.config file, here is my code from the web.config file: <pages enableSessionState="true" autoEventWireup="true"> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> I dont understand why am i still getting that error !! please help ! thanks a lot.

    Read the article

  • Do session use cookies?

    - by Pandiya Chendur
    This is an interview question asked a month ago.... Do session use cookies? If so,how do they do so? Assume Session["UserId"]=1 how does this session variable uses cookies internally? If so, what will be the name of the cookie and what is the value of that cookie....

    Read the article

  • I Can Not Use Session In Page _Load And I Got Bellow Error

    - by LostLord
    hi my dear friends .... why i got this error : (Object reference not set to an instance of an object.) when i put this code in my page_load.: protected void Page_Load(object sender, EventArgs e) { BackEndUtils.OverallLoader(); string Teststr = Session["Co_ID"].ToString(); } ========================================================================== this session is made when user logins to my web site and this session works in other areas... thanks for your attention

    Read the article

  • Flex 3 / ColdFusion Session Issue?

    - by dcolumbus
    Alright so this is an odd one... I have an application built in ColdFusion with a lot of the interactivity done with Flex. When a user logs in, there are session variables, as well as the client session that is evoked. When you browse to any given Flex Application, the variables are read in a used accordingly... however, on Windows (it seems XP and maybe others) for some reason session information like USER are randomly undefined... Could this be an issue with the session timing out? Even if I force a logout and log back in, it doesn't really seem to fix the issue... mind you, I cannot duplicate the bug myself, but it constantly happens on PCs.

    Read the article

  • Zend_Auth and database session SaveHandler

    - by takeshin
    I have created Zend_Auth adapter implementing Zend_Auth_Adapter_Interface (similar to Pádraic's adapter) and created simple ACL plugin. Everything works fine with default session handler. So far, so good. As a next step I have created custom Session SaveHandler to persist session data in the database. My implementation is very similar to this one from parables-demo. Seems that everything is working fine. Session data are properly saved to the database, session objects are serialized, but authentication does not work when I enable this custom SaveHandler. I have debugged the authentication and all works fine up till the next request, when the authentication data are lost. I suspected, that is has something to do with the fact, that I use $adapter->write($object) instead $adapter->write($string), but the same happens with strings. I'm bootstrapping Zend_Application_Resource_Session in the first Bootstrap method, as early as possible. Does Zend_Auth need any extra configuration to persist data in the database? Why the authentity is being lost?

    Read the article

  • Approach for authentication and storing user details.

    - by cappuccino
    Hey folks, I am using the Zend Framework but my question is broadly about sessions / databases / auth (PHP MySQL). Currently this is my approach to authentication: 1) User signs in, the details are checked in database. - Standard stuff really. 2) If the details are correct only the user's unique ID is stored in the session and a security token (user unique ID + IP + Browser info + salt). The session in written to the filesystem. I've been reading around and many are saying that storing stuff in sessions is not a good idea, and that you should really only write a unique ID which refers back to the user's details and a security token to prevent session hijacking. So this is the approach i've taken, i use to write the user's details in session, but i've moved that out. Wanted to know your opinions on this. I'm keeping sessions in the filesystem since i don't run on multiple servers, and since i'm only writting a tiny tiny bit of data to sessions, i thought that performance would be greater keeping sessions in the filesystem to reduce load on the database. Once the session is written on authentication, it really is only read-only from then on. 3) The rest of the user's details (like subscription details, permissions, account info etc) are cached in the filesystem (this can always be easily moved to memory if i wanted even more performance). So rather than keeping the user's details in session, the user's details are cached in the file system. I'm using Zend_Cache and the unique cache id is something like md5(/cache/auth/2892), the number is the unique id of the user. I guess the benefit of this method is that once the user is logged in, there is essentially not database queries being run to get the user's details. Just wonder if this approach is better than keeping the whole lot in session... 4) As the user moves throughout the site the only thing that is checked is the ID in the session and the security token. So, overall the first question is 1) is the filesystem more efficient than a database for this purpose 2) have i taken enough security precautions 3) is separating user detail's from the session into a cached file a pointless task? Thanks.

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >