Search Results

Search found 1926 results on 78 pages for 'cookie monster'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 50/78 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

  • state server session - cross appDomain?

    - by newone1
    When using a State server for session, are sessions still appDomain specific? So for example, I have two different IIS applications(virtual directories) on a web server, and they both point to one state server for session. The session guid from the cookie will be the same across requests from both applications, so will the same session be accessible across both of these applications? Thanks.

    Read the article

  • session problem in rails

    - by piemesons
    I am getting this error. No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). I deleted all the cookies, values from sessions table. Restarted my server.Still geting the same error and this code was working yesterday.

    Read the article

  • What does this `_time_independent_equals` mean?

    - by Satoru.Logic
    In the tornado.web module there is a function called _time_independent_equals: def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 It is used to compare secure cookie signatures, and thus the name. But regarding the implementation of this function, is it just a complex way to say a==b?

    Read the article

  • What does this `_time_independent_equlas` mean?

    - by Satoru.Logic
    In the tornado.web module there is a function called _time_independent_equals: def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 It is used to compare secure cookie signatures, and thus the name. But regarding the implementation of this function, is it just a complex way to say a==b?

    Read the article

  • Changing image domain / path in css for production?

    - by Neil
    Currently, for things like background images, our css files have no domain specified. This works both in our development and production environments. background-image: url(/images/bg.png); For performance reasons (cookie-less domain), we'd like to switch this: background-image: url(http://staticimagedomain.com/images/bg.png); Ideally, we don't hard code those, so our development environments can still pull locally. Any thoughts on how to best achieve this?

    Read the article

  • HTACCESS Rewrite on directories

    - by Cameron
    I have the following code in my Root htaccess file RewriteCond %{HTTP_HOST} ^paperviewmagazine.com RewriteRule (.*) http://www.paperviewmagazine.com/$1 [R=301,L] It works fine for the main site, but for my forums at /forums/ if someone misses off the www it will show the page and not redirect to the www.paperviewmagazine.com/forums/ instead. I need to force the WWW to prevent anyone from logging in by accident on the non-www as it wont have the correct cookie credentials for accessing the site at www./forums/ Can anyone help? Thanks.

    Read the article

  • How to facebook getuser() after login with javascript SDK

    - by user1848205
    So I have to ask for extended permission by clicking the enter button, but after the login is necessary to refresh the page in order to display the app. Here's my code: <?php require 'facebook.php'; $facebook = new Facebook(array( 'appId' => '< THE APPID >', 'secret' => '< THE SECRET >', 'cookie' => true, )); $user = $facebook->getUser(); if ($user) { try { $user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); $user = null; } } ?> <body> <div id="fb-root"></div> <script> window.fbAsyncInit = function() { FB.init({ appId : '< THE APPID >', status : true, cookie : true, xfbml : true }); // Additional initialization code such as adding Event Listeners goes here $('#btn-enter').click(function(){ login(); }); }; (function(d){ var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0]; if (d.getElementById(id)) {return;} js = d.createElement('script'); js.id = id; js.async = true; js.src = "//connect.facebook.net/en_US/all.js"; ref.parentNode.insertBefore(js, ref); }(document)); function login() { FB.login(function(response) { if (response.authResponse) { // connected } else { // cancelled } //}); }, {scope: 'read_friendlists,friends_photos,publish_stream'}); } </script> <?php if ($user): ?> <!--Here is my APP--> <?php else: ?> <a id="btn-enter">Enter</a> <?php endif ?> Is there a better way to do this ? What works for me is: function login() { FB.login(function(response) { if (response.authResponse) { top.location.href='https://the_app_url'; } else { } //}); }, {scope: 'read_friendlists,friends_photos,publish_stream'}); } But this causes the entire page to refresh and is not 'elegant' per se...

    Read the article

  • Semantics of setting cookies and redirecting without getting header error

    - by salmane
    I would like to do the following in php : setcookie('name', $value, $Cookie_Expiration,'/'); then some action header("location:http://www.example.com") the problem is that I get : warning: Cannot modify header information - headers already sent by (...etc ) could you please let me know what i am doing wrong and if there is a way to do this? by the way , this code is before any output is made ...the cookie setting part works fine on its own and so does the redirection code....the combination fails thank you

    Read the article

  • php symantics of setting cookies and redirecting without getting header error

    - by salmane
    I would like to do the following in php : setcookie('name', $value, $Cookie_Expiration,'/'); then some action header("location:http://www.example.com") the problem is that I get : warning: Cannot modify header information - headers already sent by (...etc ) could you please let me know what i am doing wrong and if there is a way to do this? by the way , this code is before any output is made ...the cookie setting part works fine on its own and so does the redirection code....the combination fails thank you

    Read the article

  • Alternative Django Authenication

    - by pq
    Need to integrate Django with an existing authentication system. That system has it's own database, API, login/logout,edit profile web pages and cookie. (I may have to add a few additional profile fields stored/updated locally) What's the proper approach to substitute the out-of-the-box authentication in Django?

    Read the article

  • PHP user sessions

    - by Temek
    I'm bit confused. I've been building my sites with my own session system, but i'm not sure how secure the php's own session system is. My session system usually just has user id and quite harsh hash, which does not include user name or password for generation. I save the hash in the user database and as a cookie to confirm the user session on every page load. So my question is should i keep using my own systems or try out php sessions?

    Read the article

  • FormsAuthentication AuthCookie data type

    - by FreshCode
    Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability? As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Users table in my database, eg. Guid vs int or a unique username string.

    Read the article

  • Simple check authentication decorator in Python + Pylons

    - by ensnare
    I'd like to write a simple decorator that I can put above functions in my controller to check authentication and re-direct to the login page if the current user is not authenticated. What is the best way to do this? Where should the decorator go? How should I pass cookie info to the decorator? Sample code is greatly appreciated. Thank you!

    Read the article

  • input box gets cleared on refresh page : javascript

    - by p p
    Hi, I have a javascript function that writes the value of input box to a cookie, then it tells the page to refresh. The page must be refreshed to the server side can reconstruct the page based on the values of the cookies. Output the correct data on the page. However I do not want the user to lose the value they type on the input box unless they erase it. what can i do?

    Read the article

  • php cURL problem

    - by dfilkovi
    I have a problem logging onto a page and then using it with cURL. I login, get PHPSESSID and cookie, and then try to do an action but page returns 'not logged in'. But if I manually log in and copy/paste that PHPSESSID into curl cookies .txt file, everything works fine. So why doesn't it work with PHPSESSID from cURL?

    Read the article

  • Problem carrying Session over to other pages

    - by AAA
    I am able to login a user, but while processing to the next page (memebers area) I can't display any user info let alone print the $_SESSION[email]. I am not sure what's up. Below is the login code and the testing members are page. Login page: session_start(); //also in a real app you would get the id dynamically $sql = "select `email`, `password` from `accounts` where `email` = '$_POST[email]'"; $query = mysql_query($sql) or die ("Error: ".mysql_error()); while ($row = mysql_fetch_array($query)){ $email = $row['email']; $secret = $row['password']; //we will echo these into the proper fields } mysql_free_result($query); // Process the POST variables $email = $_POST["email"]; //Variables $_SESSION["email"] = $_POST["email"]; $secret = $info['password']; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $email = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT email, password FROM accounts WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (@ $info['password'] != $pass) { } else { header("Location: home.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['email'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT email,password FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) //gives error if the password is wrong if (@ $_POST['password'] != $info['password']) { die('Incorrect password, please try again'); } else { // if login is ok then we add a cookie $_POST['email'] = stripslashes($_POST['email']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['email'], $hour); setcookie(Key_my_site, $_POST['password'], $hour); //then redirect them to the members area header("Location: home.php"); } } } else { // if they are not logged in ?> <?php } ?> home.php session_start(); if(!isset($_SESSION['email'])) { header('Location: login_test3.php'); die('<a href="login_test3.php">Login first!</a>'); } //Variables $_SESSION["email"] = $email; print $_SESSION['name']; UPDATE Just realized the existing code gets in to the home.php file but will not echo anything. But as soon as you hit refresh the session is gone.

    Read the article

  • How to scrape user's data without being banned by the server?

    - by embedded
    I'm developing a site which monitors user's date. It uses the cURL over PHP. It first gets authorized using cookie and then parses the required data. My problem is that it needs to fire multiple requests to the server (for all registered users) and this may Get me banned by the remote server. I would like to know if there is something I could do to prevent being banned. (This activity is legal - the users have provided their login information) Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >