Search Results

Search found 1701 results on 69 pages for 'cookie'.

Page 51/69 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >

  • Cookies with urllib

    - by CMC
    This will probably seem like a really simple question, and I am quite confused as to why this is so difficult for me. I would like to write a function that takes three inputs: [url, data, cookies] that will use urllib (not urllib2) to get the contents of the requested url. I figured it'd be simple, so I wrote the following: def fetch(url, data = None, cookies = None): if isinstance(data, dict): data = urllib.urlencode(data) if isinstance(cookies, dict): # TODO: find a better way to do this cookies = "; ".join([str(key) + "=" + str(cookies[key]) for key in cookies]) opener = urllib.FancyURLopener() opener.addheader("Cookie", cookies) obj = opener.open(url, data) result = obj.read() obj.close() return result This doesn't work, as far as I can tell (can anyone confirm that?) and I'm stumped.

    Read the article

  • Re-send POST request easily - what tools?

    - by Fabien
    I am looking for an easy way to re-send POST request to the server within the browser mainly for debug purposes. Say you have a XHR request which contains POST parameters that is to be send to the server. After having changed the script on the server side, you would like to resent the very same request for analyzing the output. What tool could help? I guess it is a browser's extension. I already tried extension Tamper Data for Firefox which does the job as you can "Replay in browser". But for my taste, it is not enough straight forward, as there are 3 - 4 clicks to get the result of the request. Unfortunately, curl would not be suitable for my needs as my application has a session's cookie.

    Read the article

  • Authkit - deferring action for HTTP '401' response to client application

    - by jon
    Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

    Read the article

  • .htaccess add hidden php get variable for language selection

    - by Eric Di Bari
    I have a multiple language website, and I use a php get variable to set the cookie for the language setting. I have multiple subfolders (http://www.site.com/es and http://www.site.com/de) that each have a respective .htaccess file. When accessing these folders, the .htaccess file does this to "silently" redirect the user and add the appropriate php variable: ------- Options +FollowSymlinks RewriteEngine on RewriteOptions MaxRedirects=10 rewriterule ^http://www.site.com/es/$ http://www.site.com/?l=es [P,R=301] rewriterule ^(.*)$ http://www.site.com/$1?l=es [P,R=301] ------- When someone accesses the root directory: http://www.site.com, I want to add a ?l=en suffix "silently" to the url. How do I do that? Thanks.

    Read the article

  • How to use sessions with django piston auth?

    - by xyld
    The problem is that I want to store authentication in a cookie that I can present to django piston rather than requiring user/password to be typed in each time (without hardcoding or storing the user/pass combo somewhere on disk). I was hoping to accomplish this with cookies like someone would without the piston API. Am I missing something? Django Piston doesn't seem to care about session cookies at all? Or can someone suggest a good alternative? Maybe I shouldn't use Piston?

    Read the article

  • Google App Engine - Calling getSession().invalidate(); causes app engine to act weird.

    - by Spines
    When I call hreq.getSession().invalidate(); app engine slows down tremendously. I looked at appstats and saw that on a page where no database calls are made, it was calling memcache.get and datastore.get 23 times each. The stack trace of these calls showed that it was being called from getSession(). This only happens on the production server. Every time I make a request to a page, it makes a bunch of memcache and datastore calls. This slow down goes away though when i restart my browser. When I changed the code to simply set the isLoggedIn property of the session to false, rather than calling hreq.getSession().invalidate();, everything was fine. As a test, I didn't invalidate my session, but I changed the value of my browser's session cookie, and the app engine exhibited the same behavior. Is this a bug with the app engine?

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • PHP Session Cookies fail with users changing IP

    - by Columbo
    Hello, I have a login script for a small application that works by storing session cookies and checking them on each page to make sure the user is logged in. One of the two users who uses the system keeps getting logged out randomly. This appears to be down to the session cookie that shows then authenticated no longer being present. After a lot of investigation the only thing I can see that is different about this user is that their IP address is changing (today it was changing every hour (their on Sky)). The only thing is the change of IP address has happened 5 times this morning and only once has the user been logged off. Has anyone had a similar issue? Are session cookies in someway tied to IP addresses? Any help or links much appreciated. Thanks C

    Read the article

  • How do I change JAVASCRIPT_DEFAULT_SOURCES for my application?

    - by Adam Lassek
    When you call javascript_include_tag :defaults you usually get: prototype.js, effects.js, dragdrop.js, and controls.js. These are stored in a constant in ActionView::Helpers::AssetTagHelper called 'JAVASCRIPT_DEFAULT_SOURCES`. My application uses jQuery, so I want to replace the Prototype references with something more useful. I added an initializer with these lines, based on the source code from jRails: ActionView::Helpers::AssetTagHelper::JAVASCRIPT_DEFAULT_SOURCES = %w{ jquery-1.4.min jquery-ui jquery.cookie } ActionView::Helpers::AssetTagHelper::reset_javascript_include_default But when I do this, I get: warning: already initialized constant JAVASCRIPT_DEFAULT_SOURCES during startup. What's the correct way of changing this value? In the source code it checks for the constant before setting it, but apparently that happens before it runs the initializer scripts. The Rails 3.0 release will provide much greater flexibility with choice of JS libraries, so I guess this is a problem with an expiration date.

    Read the article

  • Best way to deal with session handling in Zend Framework

    - by JACK IN THE CRACK
    So I'm starting up in Zend framework and looking to implement a site-wide "User" session.... something I can easily access from ALL modules/controllers in the application. I'm like, should I make a new namespace in the library and extend the controller, like: MyLib_Controller_Action extends Zend_Controller_Action { protected $_userSession; function preDispatch(Zend_Controller_Request_Abstract $req) { $this->_userSession = new Zend_Session_Namespace('user'); } } ANd then have all my controllers/modules/etc extend from that? Or should I create a Plugin or what? How would you go about making this plugin to pass the user session to the controller? Or do I do it in the bootstrap?? Again how to pass to controller? Also should I use Zend_Session_Namespace or Zend_Http_Cookie and also how do I encrypt and xss clean the cookie or is that did automagically?

    Read the article

  • Machine restricted login access

    - by Sunil Shenoy
    I am working on a project that has a requirement such that login details can only be accessed from one machine at one time. For example, if I grant you access to my website and you login from your home machine, the system will store this settings in a cookie/database. Now if you try the same login details on your work machine or any other machine, the system will not let you log into the system. The login will now only work from home machine. Any suggestions on how to achieve this would be helpful. Any resources you can point me towards would also be appreciated.

    Read the article

  • Remove HTTP headers from a raw response

    - by Ed
    Let's say we make a request to a URL and get back the raw response, like this: HTTP/1.1 200 OK Date: Wed, 28 Apr 2010 14:39:13 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: PREF=ID=e2bca72563dfffcc:TM=1272465553:LM=1272465553:S=ZN2zv8oxlFPT1BJG; expires=Fri, 27-Apr-2012 14:39:13 GMT; path=/; domain=.google.co.uk Server: gws X-XSS-Protection: 1; mode=block Connection: close <!doctype html><html><head>...</head><body>...</body></html> What would be the best way to remove the HTTP headers from the response in C#? With regexes? Parsing it into some kind of HTTPResponse object and using only the body? EDIT: I'm using SOCKS to make the request, that's why I get the raw response.

    Read the article

  • Google bot .net and AspxAutoDetectCookieSupport dilemma

    - by nLL
    Hi, i have a .net mobile web site where i use sesion state and due to nature of mobile networks/phones (not all supports session cookies) i had to use <sessionState cookieless="AutoDetect"/> It works fine but because each new session redirected with "AspxAutoDetectCookieSupport=1" i have a feeling that google won't like this. Here is a small sample from my server logs supportForumReadTopic.aspx id=38 80 - 66.249.71.80 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 302 supportForumReadTopic.aspx id=38&AspxAutoDetectCookieSupport=1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 200 As you see each new hit from google will get 302 to itself. I have a genericmozilla5.browser file where i define google bot as cookie supporting browser in order to get .net not to use cookieless urls but not sure how this 302 would effect me. Any one had smilar exprience? Any ideas? Suggestions? Thanks

    Read the article

  • Can't get Zend Studio and PHPunit to work together

    - by dimbo
    I have a created a simple doctrine2/zend skeleton project and am trying to get unit testing working with zend studio. The tests work perfectly through the PHPunit CLI but I just can't get them to work in zend studio. It comes up with an error saying : 'No Tests was executed' and the following output in the debug window : X-Powered-By: PHP/5.2.14 ZendServer/5.0 Set-Cookie: ZendDebuggerCookie=127.0.0.1%3A10137%3A0||084|77742D65|1016; path=/ Content-type: text/html <br /> <b>Warning</b>: Unexpected character in input: '\' (ASCII=92) state=1 in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> <br /> <b>Warning</b>: Unexpected character in input: '\' (ASCII=92) state=1 in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> <br /> <b>Parse error</b>: syntax error, unexpected T_STRING in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> The test is as follows: <?php require_once 'Zend/Application.php'; require_once 'Zend/Test/PHPUnit/ControllerTestCase.php'; abstract class ControllerTestCase extends Zend_Test_PHPUnit_ControllerTestCase { public function setUp() { $this->bootstrap = new Zend_Application( 'testing', APPLICATION_PATH . '/configs/application.ini' ); parent::setUp(); } public function tearDown() { parent::tearDown(); } } <?php class IndexControllerTest extends ControllerTestCase { public function testDoesHomePageExist() { $this->dispatch('/'); $this->assertController('index'); $this->assertAction('index'); } } <?php class ModelTestCase extends PHPUnit_Framework_TestCase { protected $em; public function setUp() { $application = new Zend_Application( 'testing', APPLICATION_PATH . '/configs/application.ini' ); $bootstrap = $application->bootstrap()->getBootstrap(); $this->em = $bootstrap->getResource('entityManager'); parent::setUp(); } public function tearDown() { parent::tearDown(); } } <?php class UserModelTest extends ModelTestCase { public function testCanInstantiateUser() { $this->assertInstanceOf('\Entities\User', new \Entities\User); } public function testCanSaveAndRetrieveUser() { $user = new \Entities\User; $user->setFirstname('wjgilmore-test'); $user->setemail('[email protected]'); $user->setpassword('jason'); $user->setAddress1('calle san antonio'); $user->setAddress2('albayzin'); $user->setSurname('testman'); $user->setConfirmed(TRUE); $this->em->persist($user); $this->em->flush(); $user = $this->em->getRepository('Entities\User')->findOneByFirstname('wjgilmore-test'); $this->assertEquals('wjgilmore-test', $user->getFirstname()); } public function testCanDeleteUser() { $user = new \Entities\User; $user = $this->em->getRepository('Entities\User')->findOneByFirstname('wjgilmore-test'); $this->em->remove($user); $this->em->flush(); } } And the bootstrap: <?php define('BASE_PATH', realpath(dirname(__FILE__) . '/../../')); define('APPLICATION_PATH', BASE_PATH . '/application'); set_include_path( '.' . PATH_SEPARATOR . BASE_PATH . '/library' . PATH_SEPARATOR . get_include_path() ); require_once 'controllers/ControllerTestCase.php'; require_once 'models/ModelTestCase.php'; Here is the new error after setting PHP Executable to 5.3 as Gordon suggested: X-Powered-By: PHP/5.3.3 ZendServer/5.0 Set-Cookie: ZendDebuggerCookie=127.0.0.1%3A10137%3A0||084|77742D65|1000; path=/ Content-type: text/html <br /> <b>Fatal error</b>: Class 'ModelTestCase' not found in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>4</b><br />

    Read the article

  • Session caching problem

    - by Levani
    I have a strange problem with php sessions. I use them for authorization on my site. I store two variables - currently logged in user's id and username in session. When I log in with one username, than log out and log in again with another username the previous user's id is returned using the session variable instead of the current user. The most strange thing is that this happens only when it comes to insert some data into database. When I directly echo this variable the correct id is displayed, but when I insert new record into database this variable sends incorrect id. Here is the php code I use for sending data into database: <?php session_start(); //connect database require_once 'dbc.php'; $authorID = $_SESSION['user_id']; if ( $authorID != 0 ) { $content = htmlentities($_POST["answ_content"],ENT_COMPAT,'UTF-8'); $dro = date('Y-m-d H:i:s'); $qID = $_POST["question_ID"]; $author = 'avtori'; $sql="INSERT INTO comments (comment_ID, comment_post_ID, comment_author, comment_date, comment_content, user_id) VALUES (NULL, '$qID', '$author', '$dro', '$content', '$authorID')"; $result = mysql_query($sql); } else { echo 'error'; } ?> Can anyone please help? Here is the logout function: function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); header("Location: index.php"); } Here is the authentication script: include 'dbc.php'; $err = array(); foreach($_GET as $key => $value) { $get[$key] = filter($value); //get variables are filtered. } if ($_POST['doLogin']=='Login') { foreach($_POST as $key => $value) { $data[$key] = filter($value); // post variables are filtered } $user_email = $data['usr_email']; $pass = $data['pwd']; if (strpos($user_email,'@') === false) { $user_cond = "user_name='$user_email'"; } else { $user_cond = "user_email='$user_email'"; } $result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE $user_cond AND `banned` = '0' ") or die (mysql_error()); $num = mysql_num_rows($result); // Match row found with more than 1 results - the user is authenticated. if ( $num > 0 ) { list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result); if(!$approved) { //$msg = urlencode("Account not activated. Please check your email for activation code"); $err[] = "Account not activated. Please check your email for activation code"; //header("Location: login.php?msg=$msg"); //exit(); } //check against salt if ($pwd === PwdHash($pass,substr($pwd,0,9))) { // this sets session and logs user in session_start(); session_regenerate_id (true); //prevent against session fixation attacks. // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name'] = $full_name; $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //update the timestamp and key for cookie $stamp = time(); $ckey = GenKey(); mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error()); //set a cookie if(isset($_POST['remember'])){ setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/"); } if(empty($err)){ header("Location: myaccount.php"); } } else { //$msg = urlencode("Invalid Login. Please try again with correct user email and password. "); $err[] = "Invalid Login. Please try again with correct user email and password."; //header("Location: login.php?msg=$msg"); } } else { $err[] = "Error - Invalid login. No such user exists"; } }

    Read the article

  • CSRF error when trying to log onto Django admin page with w3m on Emacs23

    - by Vernon
    I normally use Firefox and have had no problems with the admin page on my Django website. But I use Emacs23 for writing my posts, and wanted to be able to use w3m in Emacs to copy the stuff across. When I try to log into my admin pages, it gives the CSRF error: CSRF verification failed. Request aborted. Help Reason given for failure: No CSRF or session cookie. ... Is there a way that I could get w3m to work with my admin page? I am not sure if the problem lies with the way the admin is set up on Django or with the Emacs or w3m settings.

    Read the article

  • Dynamic notifications using jQuery

    - by sparkymark75
    I'm currently building a homepage for our staff which is to be set as the homepage in their browser. I'm currently building the facility whereby nominated members of staff can send notifications to all staff. These will popup on their home page without the need for them to refresh the page. I've currently got the code below which worked fine for 1 notification, but there may be more than 1 at a time waiting to be shown. I've switched to outputting json but I'm not sure how to modify my code to consume it. I'm using the PeriodicalUpdater and jGrowl plugins to get this functionality, if there's better alternatives then feel free to sugget them. $.PeriodicalUpdater({ url: 'getNotifications.aspx', maxTimeout: 6000, type: 'json' }, function(data) { var message = data; if (message != '') { $.jGrowl(message, { sticky: true }); } }); As an additional piece of functionality, would it be possible to store in a cookie when a user has closed a notification so they don't see it again? Thanks.

    Read the article

  • Concepts a web application developer should know?

    - by iama
    I think it is imperative for web application developers to know the answers surrounding the following general questions on web development irrespective of the programming language/framework used. What authentication mechanisms HTTP offer & what are their pros and cons? Why should one go for FORMS authentication? How to secure authentication or for that matter any transactions via HTTP? How to maintain state in HTTP? What are the downsides to maintaining state via cookie & what happens when browsers disable them? Security issues like cross site scripting, session hijacking etc. What other questions a web developer should have answers for similar to the ones above that are programming language/web framework agnostic?

    Read the article

  • Displaying Google Calendar event data on FullCalendar

    - by aurealus
    I am using Google Calendar as a storage engine for a calendar system I am building, however, I am using a single Google user account with multiple calendars, i.e. each user on my system has their own calendar within the one user account. I'm able to create a calendar per user just fine, but I would like to have FullCalendar retrieve the events for display purposes, without manually getting the magic cookie url from Google Calendar settings. I would like to be able to retrieve it programmatically or 'proxy' the feed via an authenticated call to get event data that I'm doing in Django. $('#calendar').fullCalendar({ events: $.fullCalendar.gcalFeed( "http://www.google.com/calendar_url/" <-- or /my/event/feed/url ) });

    Read the article

  • Programmatic Bot Detection

    - by matt
    Hi, I need to write some code to analyze whether or not a given user on our site is a bot. If it's a bot, we'll take some specific action. Looking at the User Agent is not something that is successful for anything but friendly bots, as you can specify any user agent you want in a bot. I'm after behaviors of unfriendly bots. Various ideas I've had so far are: If you don't have a browser ID If you don't have a session ID Unable to write a cookie Obviously, there are some cases where a legitimate user will look like a bot, but that's ok. Are there other programmatic ways to detect a bot, or either detect something that looks like a bot? thanks!

    Read the article

  • Is using GET with a tokenID for security a good idea?

    - by acidzombie24
    I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

    Read the article

  • Avoiding cookies while requesting static content

    - by Abdel Olakara
    I just did an audit of one of my web application page (built using ASP.Net and running on development server) using Google chrome's developer tool. One particular warning caught my eyes: Serve static content from a cookieless domain (5)! Here is my screen shot (http://yfrog.com/7eauditresultp) as well. I would like to know is it possible to avoid cookies for these kind of requests. I see that there is no cookie requests for javascript files as well. I it possible to avoid cookies in the header for these files as well? and why didn't the browser attach cookies for javascript files and attach for CSS and image? Any thoughts and suggestions are welcome

    Read the article

  • Request error "enable cookies" while posting app request to LinkedIn

    - by Jay
    Cookie error Hi, I am running S60 SDK 5th with Eclipse pulsar on win 7. I have oauth_token using with this Url https://www.linkedin.com/uas/oauth/authorize?oauth_token=. To get that grant access screen by LinkedIn. I am loading above Url using htmlComponent, and adding HtmlComponent to form and show it. Occasionally when I click on the "Ok I'll Allow It" button (i.e. after the button has been pressed) I get the following error message. "We’re sorry, there was a problem with your request. Please make sure you have cookies enabled and try again." but i'm receiving the response with oauth_token, oauth_token_secret, oauth_callback_confirmed = true, xoauth_request_auth_url, oauth_expires_in. Some buddy please help.

    Read the article

  • How to make Requests HttpOnly in strus1.1 [on hold]

    - by WSDL
    I am using struts1.2 with jboss4 sever.I have to make my requests HttpOnly.How do I make this with jobss4 and struts1.2.Please Help me .It is urgent private void validateToken(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(true); String token = (String)session.getAttribute(TOKEN_KEY); if (token == null) { token = getRandomString(); session.setAttribute(TOKEN_KEY, token); // System.out.println("Executing the Filter............XSS1"); response.addHeader("Set-Cookie", "httpOnly"); } } private String getRandomString() { return String.valueOf(System.currentTimeMillis()); }

    Read the article

  • Sharing Session between webservice and asp.net application

    - by Alex Mendez
    I have an asp.net application and webservices (asmx) that reside in the same application but not in the same folder of the aspx files. I aslo have a winform application that uses the webservices. I have marked the webservice methods with [WebMethod(EnableSession = true)] but I am not able to share the same session values that are on the application in the webservices. The winform application has access to the sessionID from the application and I am using the following code Uri uri = new Uri(ServerServiceUrl); _cookieContainer = new CookieContainer(); _cookieContainer.Add(new Cookie("ASP.NET_SessionId", SessionID, "/", uri.Host)); My question is: Is there something that I am missing or doing wrong that I cannot access the application sessioin from the webservices?

    Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >