Search Results

Search found 10480 results on 420 pages for 'session cookies'.

Page 63/420 | < Previous Page | 59 60 61 62 63 64 65 66 67 68 69 70  | Next Page >

  • (php) how to properly 'save' info in forms completed thus far

    - by hatorade
    So i have a form that on paper is 40 pages long. I was going to take the natural sections of this form, and make separate html forms for each section, with the idea that on the first page there would be a first form, then you hit 'Continue to next section' which essentially is the 'submit' button, which moves the user to section two, etc, until they hit the last section. i am not actually storing the results of the form in a database, but rather sending an email. the idea then is to store the separate form answers (one html form per section in the real form) as arrays or objects in the session, so that if they go back to a section in the form, it repopulates the values they entered since they are stored in the session. the result would be an array in the session storing the results for each of my forms, and i have one form for each section. my question is: is it secure to temporarily store things like SSNs or driver's license numbers as session variables? why or why not?

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • How to keep an Hibernate's Session open until the page is rendered

    - by Neuquino
    I'm having the following problem: I'm using Oracle ADF for the view and controller of my app. With OpenSessionInViewFilter, I intercept the request and open an Hibernate's Session, and it is closed as soon as the bean's method finishes. What I need is to keep the Session opened until the page is rendered, because in my JSP y use the lazy attributes of the object i load from the DB. For example: When I enter index.jspx the IndexBean#main() is executed: public class IndexBean{ private DBObject myDBObject; public String main(){ this.myDBObject = this.myDAO.loadObjectFromDB(); return null; } } in index.jspx I have: ... <af:inputText value="#{myDBObject.lazyAttribute}" /> ... I'd like that the Hibernate's Session keeps open until the af:inputText is processed. Is this possible? How? Thanks in advance

    Read the article

  • Could not initialize proxy - No Session again

    - by Iapilgrim
    I get these error log when viewing a page ERROR [TP-Processor11] (LazyInitializationException.java:42) - could not initialize proxy - no Session org.hibernate.LazyInitializationException: could not initialize proxy - no Session at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:132) at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:174) at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:190) at org.osmoz.contents.model.enm.ContentType_$$_javassist_71.getDefaultShortMode(ContentType_$$_javassist_71.java) at org.osmoz.contents.web.tapestry.components.EnmContentZone.getTemplate(EnmContentZone.java:67) at org.osmoz.contents.web.tapestry.base.AbstractRawContentZone.getContent(AbstractRawContentZone.java:67) at $PropertyConduit_1276091af82.get($PropertyConduit_1276091af82.java) at org.apache.tapestry5.internal.bindings.PropBinding.get(PropBinding.java:58) at org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl$1.read(InternalComponentResourcesImpl.java:510) at org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl$1.read(InternalComponentResourcesImpl.java:496) at org.apache.tapestry5.corelib.components.OutputRaw._$read_parameter_value(OutputRaw.java) at org.apache.tapestry5.corelib.components.OutputRaw.beginRender(OutputRaw.java:43) at org.apache.tapestry5.corelib.components.OutputRaw.beginRender(OutputRaw.java) at I know the problem is Session has been closed. But I really don't know why this error occur not so often that why I don't know the root cause is. Enviroment: Tapestry5, JPA, Hibernate 3.3.2.GA I've set <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class> in web.xml also

    Read the article

  • How to (simply) create new service objects in java jax-ws webservices?

    - by cibercitizen1
    Is it possible in jax-ws to have a webmethod that creates a new object (of a service class) and returns a reference to it to the client caller (for the client, it's a remote reference) so that the client and this new service object maintain a session? (Therefore each client is served by a different instance). Schematically: client server o:Session -------- -------- ---------- s = server.access() ------------------> o = new Session() return o <--- o.doSomething() ----------------------------------------------> make it <--- o.doMore() --------------------------------------------------> make it <---

    Read the article

  • Zend_Auth and database SaveHandler

    - by takeshin
    I have created Zend_Auth adapter implementing Zend_Auth_Adapter_Interface (similar to Pádraic's adapter) and created simple ACL plugin. Everything works fine with default session handler. So far, so good. As a next step I have created custom Session SaveHandler to persist session data in the database. My implementation is very similar to this one from parables-demo. Seems that everything is working fine. Session data are properly saved to the database, session objects are serialized, but authentication does not work when I enable this custom SaveHandler. I have debugged the authentication and all works fine up till the next request, when the authentication data are lost. I suspected, that is has something to do with the fact, that I use $adapter->write($object) instead $adapter->write($string), but the same happens with strings. I'm bootstrapping Zend_Application_Resource_Session in the first Bootstrap method, as early as possible. Does Zend_Auth need any extra configuration to persist data in the database? Why the authentity is being lost?

    Read the article

  • Is it possible to use .ASPXAUTH for my own logging system?

    - by J. Pablo Fernández
    For a web application I switched from using ASP.NET Membership to using my own log in system which just does something like this to mark a user as logged in: Session["UserId"] = User.Id Is it possible to store the user id in the ASPXAUTH cookie, piggybacking on its encryption, instead of using the standard session? The goal is for the logged in state to last longer than a session and survive both browser and server restarts.

    Read the article

  • Is this a legitimate implementation of a 'remember me' function for my web app?

    - by user246114
    Hi, I'm trying to add a "remember me" feature to my web app to let a user stay logged in between browser restarts. I think I got the bulk of it. I'm using google app engine for the backend which lets me use java servlets. Here is some pseudo-code to demo: public class MyServlet { public void handleRequest() { if (getThreadLocalRequest().getSession().getAttribute("user") != null) { // User already has session running for them. } else { // No session, but check if they chose 'remember me' during // their initial login, if so we can have them 'auto log in' // now. Cookie[] cookies = getThreadLocalRequest().getCookies(); if (cookies.find("rememberMePlz").exists()) { // The value of this cookie is the cookie id, which is a // unique string that is in no way based upon the user's // name/email/id, and is hard to randomly generate. String cookieid = cookies.find("rememberMePlz").value(); // Get the user object associated with this cookie id from // the data store, would probably be a two-step process like: // // select * from cookies where cookieid = 'cookieid'; // select * from users where userid = 'userid fetched from above select'; User user = DataStore.getUserByCookieId(cookieid); if (user != null) { // Start session for them. getThreadLocalRequest().getSession() .setAttribute("user", user); } else { // Either couldn't find a matching cookie with the // supplied id, or maybe we expired the cookie on // our side or blocked it. } } } } } // On first login, if user wanted us to remember them, we'd generate // an instance of this object for them in the data store. We send the // cookieid value down to the client and they persist it on their side // in the "rememberMePlz" cookie. public class CookieLong { private String mCookieId; private String mUserId; private long mExpirationDate; } Alright, this all makes sense. The only frightening thing is what happens if someone finds out the value of the cookie? A malicious individual could set that cookie in their browser and access my site, and essentially be logged in as the user associated with it! On the same note, I guess this is why the cookie ids must be difficult to randomly generate, because a malicious user doesn't have to steal someone's cookie - they could just randomly assign cookie values and start logging in as whichever user happens to be associated with that cookie, if any, right? Scary stuff, I feel like I should at least include the username in the client cookie such that when it presents itself to the server, I won't auto-login unless the username+cookieid match in the DataStore. Any comments would be great, I'm new to this and trying to figure out a best practice. I'm not writing a site which contains any sensitive personal information, but I'd like to minimize any potential for abuse all the same, Thanks

    Read the article

  • Writing in two sessions from the same file (PHP)

    - by bellesebastien
    Hi, I want to make it possible for the administrator to log in as a fontend user from the backend. Right now I'm using two sessions (sessions with different names), one for the admin and one for the frontend. Is it possible to write in the first session, close it and then open a new session? This is a simplified version of what I attempted but failed: session_name('admin_session'); session_start(); // use first session without generatring any output session_close(); session_name('frontend_session'); session_start(); // use the second session Thanks.

    Read the article

  • Eliminating static properties - What patterns do I have at my disposal?

    - by Jamie Dixon
    I currently have a type that I inject into my controllers that's used for getting and setting session data. I use this so that I can obtain relevant session information as _sessionData.Username rather than using Session["username"]. I'd like to use this session information across all of my views and would previously have done this by making the SessionData members static instead of injecting the SessionData class into my controller. I want to avoid using static members as well as having to pass the object to the view in each controller. What patterns best suit this type of scenario? What do you do to solve this same problem?

    Read the article

  • session timeout urgent help needed

    - by nandu
    hi! in my website when session gets timed out nd after that we click on any button or perform action it gives random error as input string not in correct format.. how do i resolve problem?? i've 500 pages in whole website...and 20 master pages...so can't check for session on each page... i wrote code in global.asax application_error method...tht if error occur and session is null than redirect to default page..it worked....but when page is in frame..it does not refresh the whole pahe..only frame redirects the page...so the panel of master page remains same..

    Read the article

  • Save in Sessions to reduce database load

    - by Kovu
    at the moment I try to reduce the load on my database extremly, so I had a look in my website and think about - what database calls can I try to avoid. So is there a rule for that? Sould I save every information in a Session that is nearly never changed? e.g.: The User-Table is a 35-coloumn-table which I need so often in so different ways, that in the moment I got this user-object at nearly every PageLoad AND in the master-site-page-load (Settings, display the username for a welcome message, colors etc etc.). So is that good to avoid the database query here, save the User-Object in a Session and call it from the session - and of course destroy the session whereever the User-Object get changed (e.g. User change his settings)?

    Read the article

  • Securing an ajax request

    - by asdasdsa
    i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

    Read the article

  • Is there any difference in which order I createCriteria and beginTransaction using Hibernate?

    - by user2519543
    Just wondering is there any difference when I beginTransaction [org.hibernate] before or after creating Criteria/Query etc.? example 1: ... Transaction tx= session.beginTransaction(); Criteria c = session.createCriteria(class); result = c.uniqueResult(); tx.commit(); ... example 2: ... Criteria c = session.createCriteria(class); Transaction tx= session.beginTransaction(); result = c.uniqueResult(); tx.commit(); ... Thanks.

    Read the article

  • Programmatically create and launch and RDP session (without gui)

    - by Adun
    Hello, I'd like to know if there is a way to create and launch a Remote Desktop Session on a Windows Server programmatically. I'm trying to make an automatic tool to create Local Users and then launch the associate RDP session. I've already made LocalUser creation and adding them to Remote Desktop Users (using net.exe). But I'm struck with the next step : create and launch user's rdp-session. I don't know how to handle this problem without having the Remote Desktop Client Gui. I'm working on a Windows Server 2003 and I'm using VS2008 with .NET 3.5. Regards.

    Read the article

  • Best place to store large amounts of session data

    - by audiopleb
    I'm building an application that needs to store and re-use large amounts of data per session. So for example, the user selects a large list of list items (say 2000 or significantly more) which have a numeric value as their key then they save that selection and go off to another page, do something else and then come back to the original page and need to load their selections into that page. What is the quickest and most efficient way of storing and reusing that data? In a text file saved with the session id? In a temp db table? In the session data itself (db sessions so size isn't a limit) using a serialised string or using gzcompress or gzencode? Any advice or insight would be great! Thank you!!!!

    Read the article

  • messages stuck permanently in session

    - by Tim Whitlock
    I am getting Drupal messages stuck permanently in session, so that after being displayed they are not cleared. The unsetting code in function drupal_get_messages in bootstrap.inc is firing - It's as if the session is sleeping (i.e. serializing to disk) before the messages array is cleared. Have you witnessed such a thing? UPDATE The call that commits the session starts from drupal_page_footer at the bottom of index.php - for some reason this is executing twice per request! once with the emptied messages and then again with the messages back in the array.

    Read the article

  • Amazon EC2 multiple servers share session state

    - by Theofanis Pantelides
    Hi everyone, I have a bunch of EC2 servers that are load balanced. Some of the servers are not sharing session, and users keep getting logged in and out. How can I make all the server share the one session, possibly even using a partitionresolver solution public class PartitionResolver : System.Web.IPartitionResolver { private String[] partitions; public void Initialize() { // create the partition connection string table // web1, web2 partitions = new String[] { "192.168.1.1" }; } public String ResolvePartition(Object key) { String oHost = System.Web.HttpContext.Current.Request.Url.Host.ToLower().Trim(); if (oHost.StartsWith("10.0.0") || oHost.Equals("localhost")) return "tcpip=127.0.0.1:42424"; String sid = (String)key; // hash the incoming session ID into // one of the available partitions Int32 partitionID = Math.Abs(sid.GetHashCode()) % partitions.Length; return ("tcpip=" + partitions[partitionID] + ":42424"); } } -theo

    Read the article

  • Spring + Hibernate session management

    - by toc777
    I have been reading about using Spring with Hibernate and I am really confused about session management. Hopefully someone can clear a few things up for me, First of all I have no idea how sessions are managed when using HibernateTemplate. Is a session opened and closed when you call a method Eg Save() on the template? When you use the find() method, are detached objects returned? I have read the Spring section on transactions but it mostly talks about handling exceptions. I was hoping to find some way of binding a hibernate session to a Spring transaction so that I can commit changes to hibernate objects when the transaction finishes. Is there a way to achieve this?

    Read the article

  • Getting info about a screen session from an external script

    - by valadil
    I have a screen session. I'd like to be able to figure out what's running in it from an external script. I've gotten this far: ps --ppid $PID -o comm= That prints a list of all the child processes of the screen. What I haven't been able to figure out so far is: What window is selected/active in a screen session. If $PID is an attached screen it has no children. How do I find out what session it's attached to? I imagine the solution will involve some 'screen -X' voodoo, but I haven't figured out how to make that happen yet and google has been less than helpful.

    Read the article

  • Classic asp paging and session state

    - by flavour404
    Hi, Working on a classic asp page that uses paging. The error I am having a problem with is this: Lets say that you have 5 pages returned in your record set and you are on page 2. You leave and come back, you then press the link for page 3, the trouble is your session has timed out. I don't know why this happens but the page is reloaded, but the session check is bypassed and of course when the page attempts to retrieve the record set the session variables are now empty so I am getting a message stating: error near ',' line 1, because now the query is defunct. How do I get around this? Thanks, Ron.

    Read the article

  • I just discovered why all ASP.Net websites are slow, and I am trying to work out what to do about it

    - by James
    I just discovered that every request in an ASP.Net web application gets a Session lock at the begging of a request, and then releases it at the end of the request!!! I mean, WTF Microsoft! In case the implication is lost on you, as it was from me at first, this basically means the following: Anytime an ASP.Net webpage is taking a long time to load (maybe due to a slow database call or whatever), and the user decides they want to navigate to a different page because they are tired of waiting, THEY CANT! The ASP.Net session lock forces the new page request to wait until the original request has finished its painfully slow load. Arrrgh. Anytime an UpdatePanel is loading slowly, and the user decides to navigate to a different page before the UpdadePanel has finished updating... THEY CANT! The ASP.Net session lock forces the new page request to wait until the original request has finished its painfully slow load. Double Arrrgh! So what are the options? So far I have come up with: Implement a Custom SessionStateDataStore, which ASP.Net supports. I haven't found too many out there to copy, and it seems kind of high risk and easy to mess up. Keep track of all requests in progress, and if a request comes in from the same user, cancel the original request. Seems kind of extreme, but it would work (I think) Don't user Session! When I need some kind of state for the user, I could just user Cache instead, and key items on the authenticated user's name, or some such thing. Again seems kind of extreme I really can't believe that the ASP.Net Microsoft team would have left such a huge performance bottleneck in the framework at version 4.0! Am I missing something obvious? How hard would it be to use a ThreadSafe collection for the Session? Arrrrghhhhhh. Any advice much appreciated.

    Read the article

  • Issue with storing items in session in MVC

    - by Sundeep
    I have a customer page on which user can enter multiple locations for customer. I am using telerik ajax grid to display locations, and when a new location is added, I am adding it to session and returning back to the grid. Finally, when user submits, customer and all locations using customerid as reference key gets inserted. I am clearing the session, when user enters create/edit page and on successful commit or any exception occurs. Problem is when user adds the locations for one user and then opens another tab, to create another user then all locations get cleared for previous user. Coz of session, this issue is occuring. Something of viewstate would be page specific. But for ajax grid actions, viewdata/viewbag is not working. Any thoughts on how to implement this. Thanks in advance.

    Read the article

  • Get user's session outside of Facebook Application from a windows service or desktop app

    - by softwaremonster
    Hi, I've a flash facebook application, i can take the session info from flash client and send the session information to server. I need to check if the user connected to the server via facebook application or not. That's why i need to get the user's session from facebook page directly by my server. How can i do it? I use C# for all database and communication system. Flash interface does only application responsibilities. Thanks.

    Read the article

  • Does every browser open a new HTTPSession

    - by user496934
    I am working on a webbased application which has JSP and servlets. In my application, I am binding some objects to sessions like the following code -- HttpSession session = p_req.getSession(); session.setAttribute(DOWNLOAD_With_WARNINGS, downloadMap); Later I am retrieving them using session.getAttribute. I would like to know if every time I open a new browser does it open a new HTTP session. Because , if I do a setAttribute with some value in one browser instance, that change is visible when I do a getAttribute using the other browser instance.

    Read the article

< Previous Page | 59 60 61 62 63 64 65 66 67 68 69 70  | Next Page >