Search Results

Search found 1963 results on 79 pages for 'expired cookies'.

Page 61/79 | < Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >

• Spring MVC and Jetty: Prevent jsessionid from being used in RedirectView on redirect to external sit

  - by Moritz Both

  In Spring MVC 2.5 with Jetty - probably with any servlet container -, I want to redirect to an external site using RedirectView via the magic "redirect:" prefix for the view name in ModelAndView. Unfortunately, RedirectView uses response.encodeURL(), so my (otherwiese wanted) session id is appended to the URL. It is not only a security risk to carry the session id to the external site, the ";jsessionid=gagnbaba" string may also be interpreted as part of the ContextPath/PathInfo on the other site, resulting in a bad URL. Any "springish" options other than implement my own ExternalRedirectView... and also hack the ViewResolver to interpret a "externalRedirect:" prefix? (Requiring cookies is not an option.) Moritz

  Read the article

• SSL on Heroku / User Authentication Across Multiple Domains

  - by Euwyn

  Posted a previous question on this, but have a followup. I was trying to create a workaround to use SSL on the expensive custom domain. I'm willing to live with bumping a user to https://app.heroku.com from http://www.app.com for certain secure pages, and have monkey-patched SSL required to make this happen. However, now this issue is with making sure my User is logged in when I do so. As I understand, cookies aren't cross domain. Is there a way around this issue?

  Read the article

• Are Cross Domain Flash Shared Objects (LSO aka Flash Cookie) possible

  - by user85155

  Hi, I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash ) If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine. No I'm trying to load the page form www.hostA.com/index.html, which includes www.hostB.com/flashcookie.swf (different sites). But then I cannot read or store the LSO. I have tried several configurations (crossdomain.xml, Security.allowDomain("...") ), but nothing works. Is this kind of cross domain access to a LSO possible? Thanks -stephan

  Read the article

• Example website login/registration code?

  - by Phil Wright

  I am looking at building the login/registration part of a website (ASP.NET) and would like to see some example code or instructions on how to do this properly. For example, how to correctly use cookies and how to encrypt what is stored in the cookie to ensure the session persists until they logout/timeout. I do not want to use the builtin ASP.NET Membership/Provider stuff as it looks painful to use and not very flexible. Please do not answer with 'This is how easy the ASP.NET Membership/Providre stuff is to use, just check this out and you will use it!' as I don't want to use it!

  Read the article

• Inclusion Handling in MVC 2 / MVCContrib

  - by mnemosyn

  I'd like to improve my page by combining and minifying javascript and CSS files. Since MVCContrib already contains a project called IncludeHandling, I took a look at that which unfortunately left me with unanswered questions: There is quite a set of interfaces and objects involved in the process. Now I'm using Ninject.Mvc, but it seems that MvcContrib.IncludeHandling is using some additional (home-brewed?) DI? Can I work around this? Has anybody used this and can share some experiences? Secondly, advice that is often heard is to put static content on different domains so the request does not contain cookies and the like, making it much easier for the server to handle the request. But how can I combine this with automatic inclusion handling - isn't that necessarily served in the same application? EDIT: Figured that there is really just a single resolve call in the whole thing, i really wonder why they use DI for that... Thinking about a fork there...

  Read the article

• Are Cross Domain Flash Local Shared Objects (LSO aka Flash Cookie) possible

  - by user85155

  Hi, I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash ) If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine. No I'm trying to load the page form www.hostA.com/index.html, which includes www.hostB.com/flashcookie.swf (different sites). But then I cannot read or store the LSO. I have tried several configurations (crossdomain.xml, Security.allowDomain("...") ), but nothing works. Is this kind of cross domain access to a LSO possible? Thanks -stephan

  Read the article

• How do I automate navigation to a website that requires authentication?

  - by Wiz

  Here's what I'm trying to achieve. I would like to write a script that will navigate to a website that requires me to be authenticated as myself, say Facebook, Live Spaces, Twitter or any other, and then have that script search for certain information on one of the pages of the website. I've done something similar in the past with the Windows.Forms WebBrowser control, which is a full blown implementation of IE that can be controlled through code and will store whatever cookies you get once you're authenticated, but it was very unfriendly to modify and I was hoping to use a scripting language instead, maybe Powershell or something of that sort. Are there maybe some good tutorials about this out there on the web? Thanks!

  Read the article

• Ruby on Rails Mysterious Javascript Alert box with cookie information

  - by conorgil

  I have a problem in a Ruby on Rails app that I am working on. I have been working on the app for months and I have never had this problem before and after a bit of Google searches I think that somehow someone is trying to steal cookies with javascript. When I click on the link I get an alert box titled "the page at www.napkinboard.com says:" and contains the following message: __utmz=217223433.1270652009.59.3.utmcsr=localhost:3000|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=217223433.2133018314.1265749085.1271097412.1271125626.63; __utmc=217223433; __utmb=217223433.11.10.1271125626 I checked the database and all data associated with this 'food_item' looks completely normal and does not contain any javascript at all. How did this suddenly happen and how can I stop it? I appreciate any help. Thanks.

  Read the article

• Cross domain cookie reading/setting cross browsers

  - by Rac123

  I know there are already a few threads available here on this subject but I want others' opinion on this. There are two ways to set/read the cross domain cookies: Creating IFrame on A.com pointing to a page on B.com which creates the cookie and pass that information by creating another IFrame on B.com side pointing to A.com, either using window.name or in location.href.hash A.com page makes a XHR/JSONP call to B.com web service/page that has the following headers and it also sets up the cookie and returns the value. AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"") As we don't have postMessage available across all the browsers, I believe we have to go with one of the cases mentioned above. My question is which is a better way (cleaner) and why to implement for cross browser. Using any other JS framework is out of scope of this discussion. If there's another better way, please mention here! Thank you for your intelligent input in advance! :)

  Read the article

• Creating a Stack Overflow notifier

  - by Trey

  I could not find a Stack Overflow notifier Android app so I am planning on making one. I hope that my app will serve a similar purpose as the Stack Overflow Notifier Chrome extension. This will be my first Android app so I am still unfamiliar with the platform. My main concern when creating this app is, what is the proper way to access the user's Recent Activity page? I thought of two different approaches but I'm not sure how to implement either one: Make the user login to Stack Overflow through the Browser application or an embedded browser and scrape their recent activity page occasionally for updates. Ask the user for their username and password and forward this information to Stack Overflow for authentication, storing cookies somehow to keep the session active. I think Astrid uses something similar to the first approach, but I haven't been able to figure it out yet from skimming their code. What is the correct way to handle a notification application like this that requires session management?

  Read the article

• Will client side performance improve if images/scripts/styles on different subdomains?

  - by Andrey

  Hi, I have a domain specifically for static content, so cookies don't travel along with requests to images/scripts/css. Now, I think I've read somewhere that most browsers only open one download thread for each domain/subdomain, so different static content can't be downloaded in parallel if on the same domain. Will it make difference for browsers if i place scripts in script.mycdn.com, styles in css.mycdn.com and images in images.mycdn.com? Will it allow to let browser download images at the same time as scripts and styles? mycdn.com is of course a made up name :) Thanks! Andrey

  Read the article

• Handling multiple sessions for same user credentials and avoiding new browser window opening in my w

  - by Kabeer

  Hello. I want to handle following scenarios in my new web application. If multiple users log into the application with same credentials, the application should deny access. Since I have out of process session store, I would be able to make out when this situation happens. So I can deny all requests after first successful attempt. This will however not work if the user instead of logging out of the application, closes the browser. The session will continue to reflect in the store for the period of timeout value. If a user attempts to open a new browser windows (Ctrl+N), the application should defeat this attempt. Every new page can potentially fiddle with cookies. I want to therefore deny the users the ability to open new window.

  Read the article

• Can YQL parse web sites requiring cookie-based authentication?

  - by user249488

  First, my use case: I'm trying to use YQL's built in XPATH capabilities to scrape content from Yahoo! Fantasy Sports. It uses some sort of cookie-based authentication scheme. Basically, the sequence is: 1) Do an HTTP GET on the Yahoo! Login page 2) Parse the hidden inputs from the response and do an HTTP PUT with your Yahoo! Login on the form URL 3) Use the cookies returned from step 2 to GET any of the Fantasy Sports! websites that you have access to My question is, does YQL support doing this to scrape data? The only authentication based examples I've seen use OAuth, but I haven't seen any examples of using YQL to parse websites with cookie-based authentication schemes

  Read the article

• Facebook connect JavaScript with PHP

  - by skidding

  I'm using the JavaScript method to sync/login (with the popup) with Facebook Connect on my site, it seems to work. However, after I get logged in, I want to continue in backend, with the PHP library. I see the cookies are set by the JavaScript lib, but I don't know how to use them with the PHP api. I used $fb = new Facebook($api_key, $secret); $uid = $fb->get_loggedin_user(); but not user data is getting passed. How can I get the user data in PHP after I logged in in frontend? As far as I'm concerned, I would have gone PHP all the way, but I didn't manage to make the auth work, meaning that in never redirected me back to my site :). Thanks!

  Read the article

• [jQuery] JSON response is null, but the URL is echoing correctly.

  - by b. e. hollenbeck

  I have a form being AJAX'd in by jQuery on a page with multiple forms. I'm performing the following function, which is a wrapper for the $.ajax function: function do_json_get(uri){ var ret = ''; var url = AJAX_URL + uri; $.ajax({ type: 'GET', url: url, async: false, success: function(data) { ret = data.html; }, dataType: 'json' }); return ret; } When I go to the AJAX server directly (which is rendering the form in PHP), I get the raw JSON response - so I know the server is outputting to the browser, and the AJAX server is doing other things like setting the proper cookies, so I know that the connection is good (I get a 200 response code). Yet the data object is coming back null. What else could I be missing?

  Read the article

• Integrating Simple Machines Forum in my custom membership site - login not working?

  - by Ali

  Hi guys I'm trying to integrate simple machines forum into my custom made membership website. I'm using the SMF API which is available here at http://download.simplemachines.org/?tools. The thing is that its working on my localhost testing server - however on my online server where the system is hosted - its not working. I have set it up so that when the user log into my own custom CMS membership site, he/she is logged in automatically to his/her corresponding account on the forum. However it works on my localhost but online its not working at all.. I log into my site and then browse to the forum to find out I havent been logged in there :( - I think its not creating the cookies or registering the session.. where should I look here. Please do help.

  Read the article

• Extending the RoleProvider GetRolesForUser()

  - by Farinha

  The GetRolesForUser() method in the RoleProvider takes the user login name and returns the list of roles for that user. But in my application this is not enough, I need a few more pieces of information to be able to get the user's roles. How can I get this extra information into the method? I have it in the Session, but I found out that Session is not available in the RoleProvider. What I had in mind was putting this extra info in some class that extends MembershipUser, assuming I can get to it inside the RoleProvider. But I don't know how to create the CustomMembershipUser and make it part of the MembershipProvider. Is this even possible? The easy way out would be using cookies, but I'm trying to keep away from it.

  Read the article

• PHP application variable... maybe?

  - by James

  I went to a PHP job interview, I was asked to implement a piece of code to detect visitors are bots to crawl thru the website and steal content. So I implemented a few lines of code to detect if the site is being refreshed/visited too quickly/often by using a session variable to store last visit timestamp. I got told that session varaibles can be manupilated by cookies etc, so I am wondering if there is a application variable that I can use to store the timestamp information against visitor IPs eg $_SERVER[REMOTE_ADDR]? I know that I can write the data to a file but it's not very good for a high traffic website. Regards James

  Read the article

• Good way to capture/replay sessions from Apache Log?

  - by Mark Harrison

  For performance testing, I would like to capture some traffic from a production server and use that as a basis to replay the request to a test server in order to simulate a realistic load in our development environment. These are all stateless queries, so no issues regarding cookies, sessions, etc. The Apache log timestamps everything down to a 1 second resolution, but that's not fine enough granularity for our peak times. What's the best way to capture more fine-grained timestamps for replay? And is there some ab-like load generating program that can use this data to replicate load?

  Read the article

• Using Connection Based State with Apache2

  I am writing an HTTPS based application using Apache2 as the web server, and python as the language (not sure which framework or Apache2 mod yet). After clients (which are not web browsers) first establish an HTTPS connection to the server, they are expected to send an authentication message. If authentication is successful, they are able to send more commands, until the connection is closed (HTTP 1.1 will be used, with a long keep alive time). My question is, is it possible to have state associated with the connection? I don't want the client to have to send cookies or session ids -- the HTTPS application should be able to figure out the session based on the connection that each request belongs to...the question is how?

  Read the article

• Cannot login to drupal in Chrome or Firefox, but Safari works

  - by WmasterJ

  Problem: Login is not working in Firefox and Chrome but it does in Safari. Details: We just moved a drupal 6 installation to another host and followed some steps: Moved sites/site1/Themes/themeFolder to sites/all/Themes/themeFolder Made these changes in page-node-NNN.tpl.php files (searched all files in themes/themeFolder): 1) find: /oldpath/ replace: /newpath/ 2) find: oldsubdomain. replace: www. 3) find: .com/sites/ replace: .com/newpath/sites/ Then as I login it fails in any browser when the wrong information is entered but when it is correct it simply redirects to that users profile page...and then nothing. There are no admin menus, no edit buttons for content and it is a though it authenticated but somehow never stored anything that would help with the authentication later. The strange thing is that for 3 people with three different systems Firefox and Chrome don't work. But Safari does. We have ruled out that it is the database or old cookies. Any one have a good guess?

  Read the article

• Perl "Day too big" - root cause

  - by azp74

  I have been helping someone debug some code where the error message was "Day too big". I know that this springs from localtime and the Y2038 bug (most google results appear to be people dealing with cookies expiring well into the future). We appear to have 'fixed' the problem by using time to get the current date. However, given that none of our original dates should have hit the 2038 issue I'm sceptical that we've actually fixed the problem ... Are there other instances that anyone knows of where one would hit "day too big"?

  Read the article

• Google bot .net and AspxAutoDetectCookieSupport dilemma

  - by nLL

  Hi, i have a .net mobile web site where i use sesion state and due to nature of mobile networks/phones (not all supports session cookies) i had to use <sessionState cookieless="AutoDetect"/> It works fine but because each new session redirected with "AspxAutoDetectCookieSupport=1" i have a feeling that google won't like this. Here is a small sample from my server logs supportForumReadTopic.aspx id=38 80 - 66.249.71.80 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 302 supportForumReadTopic.aspx id=38&AspxAutoDetectCookieSupport=1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 200 As you see each new hit from google will get 302 to itself. I have a genericmozilla5.browser file where i define google bot as cookie supporting browser in order to get .net not to use cookieless urls but not sure how this 302 would effect me. Any one had smilar exprience? Any ideas? Suggestions? Thanks

  Read the article

• How Easy Is It to Hijack Session Vars on GoDaddy (PHP)

  - by yar

  This article states that If your site is run on a shared Web server, be aware that any session variables can easily be viewed by any other users on the same server. On a larger host like GoDaddy, are there really no protections in place against this? Could it really be that easy? If it is that easy, where are the session vars of the other users on my host so I can check them out? Edit: I didn't believe it, but here's my little program which shows that this is true! I wonder if those are really the same as the value stored in the cookies on the users' machine?

  Read the article

• Get objc_exception_throw when setting cookie with ASIHTTPRequest

  - by TuanCM

  I got objc_exception_throw when trying to set cookies for a ASIHTTPRequest request. I tried both of these but it didn't work out. ASIHTTPRequest *request = [[ASIHTTPRequest alloc] initWithURL:url]; NSMutableDictionary *properties = [[NSMutableDictionary alloc] init]; [properties setValue:@".google.com" forKey:@"Domain"]; [properties setValue:@"/" forKey:@"path"]; [properties setValue:@"1600000000" forKey:@"expires"]; NSHTTPCookie *cookie = [[NSHTTPCookie alloc] initWithProperties:properties]; [request setRequestCookies:[NSMutableArray arrayWithObject:cookie]]; or replacing initiating code for cookie with this one NSHTTPCookie *cookie = [[NSHTTPCookie alloc] init]; When I commented out the following line, everything worked fine. [request setRequestCookies:[NSMutableArray arrayWithObject:cookie]]; Can you guys tell me what the problem here!

  Read the article

< Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >