Search Results

Search found 9490 results on 380 pages for 'session hijacking'.

Page 51/380 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >

  • How can I get sessions to work if I'm using Google App Engine + Django 1.1?

    - by user341642
    Is there a way for me to get sessions working? I know Django has built in session management, and GAE has some tools for it if you're using their watered down version of Django 0.96, but is there a way to get sessions to work if you're trying to use GAE w/ Django 1.1 (i.e. use_library() call). I assume using a db-backed session doesn't work, and a file system backed one won't work b/c we don't have access to the filesystem if we deploy to the Google production servers. This kinda worked (as in didn't crap out) when I used SessionMiddleware backed by a local-memory backed cache and a non-persistent cache (i.e. setting SESSION_ENGINE to django.contrib.sessions.backends.cache). But the session never seems to persist in this case, no matter how I set the timeouts. A new session key is generated on every page reload. Maybe this is b/c the GAE assumes complete statelessness with each request and blows away my local cache? Apologies in advance, I'm pretty new to Python. Any suggestions would be greatly appreciated.

    Read the article

  • Firefox Add-on for Opening Pages in Separate "Sandboxes"

    - by cosmic.osmo
    Is there a Firefox add-on that will allow someone to easily open up a page in a new tab or window so it will not share cookies and other session information with other windows? Basically, I want to be able to run Facebook, GMail, Google Search, etc, in separate sandboxes using different accounts. I recall seeing a blog posting about an add-on that did this without forcing you to set up different Firefox profiles, but I can't remember where I saw it or what it was called.

    Read the article

  • kill sessions for other machines

    - by LipKee
    I've an admin and client site. Multiple users will view at client site at the same time. It is possible that I can force the users logout of my client site from admin site? I'm now using classic ASP and the In Proc session is used. Is there a way where I can kill all the sessions of the users and force them to logout?

    Read the article

  • Transitioning from Firefox to Chrome

    - by cool-RR
    I'm considering moving from using Firefox to using Chrome. (I'm on WinXP) Two questions: What is the best way to achieve adblockplus-like functionality on Chrome? Is it possible to save my session when I close the Chrome window so when I open it again I'll see the same tabs?

    Read the article

  • Session lost and application end, after file download

    - by Amr ElGarhy
    I have this code in the end of link button click: Response.ContentType = "application/zip"; Response.AppendHeader("content-disposition", "attachment; filename=download.zip"); Response.TransmitFile(Server.MapPath("download.zip")); Response.End(); to download a zip file from an aspx page. In the previous page i set a session variable, after going to this download page and download the file, then press back i find the session=null "this happen after downloading more than 1 time", and the application_end in global.ascx called. Do you know why this may happen??

    Read the article

  • Flex secret for session using Facebook API

    - by Mike
    In this video, it mentioned not to embed the Facebook secret key inside the application, http://www.adobe.com/devnet/facebook/articles/video_facebook_quick_start.html, so I passed null to this function facebookSession = new FacebookSessionUtil(MYAPI, null, stage.loaderInfo); but it didn't work. How can I hide my secret key? In the doc it mentioned: http://facebook-actionscript-api.googlecode.com/svn/release/current/docs/com/facebook/utils/FacebookSessionUtil.html secret:String — Your application's secret key. If this parameter is passed a value of null, the constructor looks for a special session secret stored in the fb_sig_ss property of the loaderInfo object. For web sessions, even if you pass a non-null value for this parameter, the constructor will always look for a session secret and use that instead of the value that you pass for this parameter.

    Read the article

  • DAL, Session, Cache architecture

    - by subt13
    I'm attempting to create Data Access Layer for my web application. Currently, all datatables are stored in the session. When I am finished the DAL will populate and return datatables. Is it a good idea to store the returned datatables in the session? A distributed/shared cache? Or just ping the database each time? Note: generally the number of rows in the datatable will be small < 2000. Thanks

    Read the article

  • Facebook Iframe App with multiple pages in Safari Session Variables not persisting

    - by Bathan
    I have a facebook Iframe application with multiple PHP pages in it. I have some links that point relatively to the files inside my "iframe folder". Having some issues with session variables inside the iframe. I set some session variables but they do not persist from one page to another. This does work on other browsers. I've been reading that Safari does not support Cross-Domain cookies and this might be the problem , but im not sure how to fix this. Any help?

    Read the article

  • Symfony2: automatically logging in users from their Windows session

    - by Paul Maclean
    In Symfony2 I have built an intranet. It currently uses the FOSUserBundle and an LDAP bundle to log users in, and I would like to add the functionality to log in user from their session in Windows. I found an NTLM script for PHP and an updated version of it, but I haven't been able to incorporate them into Symfony2. I also found an NTLM bundle for Symfony2, but it was written for an older version of Symfony and it is not maintained anymore. I was unable to rewrite it and get it to work. My question is; how could I automatically log in users from their Windows session in my Symfony2-app, in addition to the already present LDAP functionality? What would be the best and easiest way?

    Read the article

  • Rails cookie session sharing and "www.example.com" or "example.com" problem

    - by Rafael Mueller
    When people access my app on www.example.com and log in, they get a cookie. I'm using the cookie option to store session on Rails. Accessing example.com (without the www), they must log in again, because Firefox does not recognize the previous session. So, what do you think is the best way to avoid this? I guess I will use a small .htaccess rule (Apache + Passenger) like this: RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.com RewriteRule ^(.*)$ http://www.example.com/$1 [R=permanent,L] Do you guys think that is a good solution?

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • Session bug using facebook-connect-with-authlogic in Rails

    - by Jesse
    I'm trying to follow this article: http://ryanbigg.com/2010/03/testing-facebook, but I'm stuck. I think the problem is with my session, in that the current_usermethod comes up with nil for session[:facebook_session]. According to the original authlogic, it says to use the active_record_store for sessions: # config/environment.rb config.action_controller.session_store = :active_record_store # db/schema includes create_table "sessions", :force => true do |t| t.string "session_id", :null => false t.text "data" t.datetime "created_at" t.datetime "updated_at" end The article calls for the use of cookies. I'm confused; can I use cookies and the active record sessions? I'm also confused by the use of cattr_accessor :current_user from within the User model -- current_user still goes in the application controller, right? Please help.

    Read the article

  • Best way for allowing subdomain session cookies using Tomcat

    - by Andrew Ingram
    By default tomcat will create a session cookie for the current domain. If you are on www.example.com, your cookie will be created for www.example.com (will only work on www.example.com). Whereas for example.com it will be created for .example.com (desired behaviour, will work on any subdomain of example.com as well as example.com itself). I've seen a few Tomcat valves which seem to intercept the creation of session cookies and create a replacement cookie with the correct .example.com domain, however none of them seem to work flawlessly and they all appear to leave the existing cookie and just create a new one. This means that two JSESSIONID cookies are being sent with each request. I was wondering if anybody has a definitive solution to this problem.

    Read the article

  • Upgrading to IIS7 stopped Firefox from receiving cookies?

    - by Ted Spence
    Our website has been using IIS6 for a long time. We test on IE8, Firefox, and Chrome. All browsers worked fine. We recently did an upgrade to IIS7, and Chrome and IE8 continue to work normally, but Firefox appears to be unable to get the ASP session cookie. As a result, when our code checks the Session[] object, we see nothing, we think the user has logged out, and the site resets your session. Does anyone know why upgrading to IIS7 would cause this behavior in Firefox? We've: 1) Reverted our application pool back to classic mode (no change); 2) Added a dummy value in the Global.asax object (no change); and 3) changed the web.config file from "authentication cookieless=autodetect" to "cookieless=usercookie" and back (no change).

    Read the article

  • using second level cache vs pushing objects into the session

    - by AhmetC
    I have some big entities which are frequently accessed in same session. For example, in my application there is a reporting page which consist of dynamically generated chart images. For each chart image on page, client makes requests to corresponding controller and the controller generates images using some entities. I can either use asp.net's session dictionary for "caching" those entities or rely on nhibernate's second level cache support with using cached queries for example. What is your opinion? By the way I will use shared hosting, is second level cache hosting friendly? Thanks.

    Read the article

  • JMS Session pooling for large numbers of Topic subscribers

    - by matthewKizoom
    I'm writing an app that will create lots of JMS topic subscribers. What is best practise regarding reusing sessions? A session per subscriber? A pool of sessions? With a session per subscriber the thread count seems unreasonable. Is this a job for something like a ServerSessionPool? What I've seen so far seems to suggest that ServerSessionPool is more geared towards one receiver consuming messages concurrently rather than lots of receivers. I'm currently working with HornetQ 2.0.0GA embedded in JBoss 4.3.0CP6.

    Read the article

  • Relying on nhibernate's second level cache vs pushing objects into the session

    - by AhmetC
    I have some big entities which are frequently accessed in the same session. For example, in my application there is a reporting page which consist of dynamically generated chart images. For each chart image on this page, the client makes requests to corresponding controller and the controller generates images using some entities. I can either use asp.net's session dictionary for "caching" those entities or rely on nhibernate's second level cache support with using cached queries for example. What is your opinion? By the way I will use shared hosting, is nhibernate's second level cache hosting friendly? Thanks.

    Read the article

  • Outlook MAPI session exception when outlook interface is closed

    - by michele
    I'm developing a email sender that retrieve data from a database, build up a MailItem with the Outlook Interop and send it. My email sender is running by a windows service that is notified everytime there's some data to send. I'm logging on the MAPI session of Outlook without problem and everything seems to work. But... when someone open Outlook interface and then close, my service crash at the first attempt i call a SendAndReceive method, with an exception that report that the session is assigned to another thread. I'm googling around for hours and i'm listening to the application_quit event, raised by the interface closing, trying to logoff and logon again to the application...but i'm still falling in the same error. Where am i wrong?Any suggestion? Thank you in advance

    Read the article

  • How to prevent session timeout in Symfony 1.0?

    - by Thomas Kohl
    I've used the PHP MVC framework Symfony to build an on-demand web app. It has an annoying bug - the session expires after about 15-30 minutes of inactivity. There is a config directive to prevent session expiration but it does not work. Even workarounds such as this one did not help me. I intend not to migrate to Symfony 1.1 (which fixes this bug) in the foreseeable future. Has anyone been there and solved it? I would be most grateful for a hint or two!

    Read the article

  • How to secure Java webservices with login and session handling

    - by hubertg
    I'd like to secure my (Java metro) webservice with a login. Here's how I'm planning to do that: Steps required when calling a webservice method are: call login(user,pwd), receive a session token 1.1 remember the token call servicemethod (token, arg1, arg2...) webservice checks if the token is known, if not throw exception otherwise proceed logout or timeout after x time periods of inactivity my questions: 1. what's your opinion on this approach? does it make sense? 2. are there any libraries which take the burden of writing a session handling (maybe with database persistence to survive app restarts) (the solution should be simple and easily usable with Java and .NET clients) thanks!

    Read the article

  • Setting a session variable in Global.asax causes AJAX errors

    - by Fly_Trap
    I'm getting a very peculiar problem with my asp.net application, it took me an age to track down but I still don't know what is causing this behaviour. If I set a session variable in the Application_PreRequestHandlerExecute event, then my external JavaScript files are ignored, and therfore causing a raft of errors. I have simplified the problem below. E.g. I have file called JScript.js containing the code: function myAlert() { alert("Hi World"); } And in my Default.aspx file I reference the js with the code: <script src="JScript.js" type="text/javascript"></script> And in the body onload event I call the myAlert() function: <body onload="myAlert()"> And finally in the Global.asax file: Private Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs) HttpContext.Current.Session("myVar") = "MyValue" End Sub If you run the Default.aspx file you will see the js function isnt called, however, if you comment out the line of code Global.asax then the external js is called and the function executed when the page loads. Why is this?

    Read the article

  • How implement the Open Session in View pattern in NHibernate?

    - by MCardinale
    I'm using ASP.NET MVC + NHibernate + Fluent NHibernate and having a problem with lazy loading. Through this question (http://stackoverflow.com/questions/2519964/how-to-fix-a-nhibernate-lazy-loading-error-no-session-or-session-was-closed), I've discovered that I have to implement the Open Session in View pattern , but I don't know how. In my repositories classes, I use methods like this public ImageGallery GetById(int id) { using(ISession session = NHibernateSessionFactory.OpenSession()) { return session.Get<ImageGallery>(id); } } public void Add(ImageGallery imageGallery) { using(ISession session = NHibernateSessionFactory.OpenSession()) { using(ITransaction transaction = session.BeginTransaction()) { session.Save(imageGallery); transaction.Commit(); } } } And this is my Session Factory helper class: public class NHibernateSessionFactory { private static ISessionFactory _sessionFactory; private static ISessionFactory SessionFactory { get { if(_sessionFactory == null) { _sessionFactory = Fluently.Configure() .Database(MySQLConfiguration.Standard.ConnectionString(MyConnString)) .Mappings(m => m.FluentMappings.AddFromAssemblyOf<ImageGalleryMap>()) .ExposeConfiguration(c => c.Properties.Add("hbm2ddl.keywords", "none")) .BuildSessionFactory(); } return _sessionFactory; } } public static ISession OpenSession() { return SessionFactory.OpenSession(); } } Someone could help me to implements Open Session in View pattern? Thank you.

    Read the article

  • struts 2 bean is not created

    - by Dewfy
    Hello colleagues! At first some precondition to my question, I'm using struts2 + tiles2 + toplink. NO spring at all. The simplest scenario - is to display list of entities on the page. To optimize resolving JPA's EntityManager I would like to create helper (JPAResourceBean) that implements lazy load of entity manager. For this purposes I'm going to use struts2's bean declaration: <bean name="myfactory" class="my.model.JPAResourceBean" scope="session" optional="false"/> Why bean is not instantiated neither in session? (I'm using s:property just for debug) ... <s:property value="#session.myfactory" default="buka.1"/> ... nor in plain bean list: ... <s:property value="#myfactory" default="buka.2"/> ... May be the second part of question is - how to resolve this bean from java code?

    Read the article

  • Google App Engine - Calling getSession().invalidate(); causes app engine to act weird.

    - by Spines
    When I call hreq.getSession().invalidate(); app engine slows down tremendously. I looked at appstats and saw that on a page where no database calls are made, it was calling memcache.get and datastore.get 23 times each. The stack trace of these calls showed that it was being called from getSession(). This only happens on the production server. Every time I make a request to a page, it makes a bunch of memcache and datastore calls. This slow down goes away though when i restart my browser. When I changed the code to simply set the isLoggedIn property of the session to false, rather than calling hreq.getSession().invalidate();, everything was fine. As a test, I didn't invalidate my session, but I changed the value of my browser's session cookie, and the app engine exhibited the same behavior. Is this a bug with the app engine?

    Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >