Search Results

Search found 9490 results on 380 pages for 'session hijacking'.

Page 67/380 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • Scraping a page from a secure URL which is possibly using a session ID

    - by VN44CA
    How to scrape a page like this. https://www.procom.ca/JobList.aspx?keywords=&Cities=&reference=&JobType=0 It is secure, and requires a referrer? I can't get anything using wget or httplib2. If you go through this page, you get a list and it works on a browser but not the command line. https://www.procom.ca/jobsearch.aspx I am interested in command line fetching. thx

    Read the article

  • Accessing session data outside Joomla

    - by Alec Smart
    Hello, I am trying to run an application outside Joomla (not as a plugin) and I would like to access the logged in user's information (userid). I am wondering how should I go about doing that? Is there a file which I can include? I tried using $_SESSION but it shows empty. Is there a simple solution to my problem? Thank you for your time.

    Read the article

  • ASP.NET - Manual authentication system

    - by Gal V
    Hello all, Wer'e developing an ASP.NET C# application, which will contain an authentication system that authenticates users in multiple levels (user, admin, super-admin, etc.). Our idea is NOT to use the built in ASP.NET forms authentication feature. Our plan is to create a whole 'new' system for it- based on the Session object, and SQL database contains users' info such as username & password. Is there any SERIOUS different between our idea to the Forms authentication feature? What security risks do we take? How do we solve them? Is this a good alternative for the forms authentication feature? Thanks in advance !

    Read the article

  • C# TCP socket with session

    - by Zé Carlos
    Is there any way of dealing with sessions with sockets in C#? Example of my problem: I have a server with a socket listening on port 5672. TcpListener socket = new TcpListener(localAddr, 5672); socket.Start(); Console.Write("Waiting for a connection... "); // Perform a blocking call to accept requests. TcpClient client = socket.AcceptTcpClient(); Console.WriteLine("Connected to client!"); And i have two clients that will send one byte. Client A send 0x1 and client B send 0x2. From the server side, i read this data like this: Byte[] bytes = new Byte[256]; String data = null; NetworkStream stream = client.GetStream(); while ((stream.Read(bytes, 0, bytes.Length)) != 0) { byte[] answer = new ... stream.Write(answer , 0, answer.Length); } Then client A sends 0x11. I need a way to know that this client is the same that sent "0x1" before.

    Read the article

  • Good way to make Authentication and Authorization information available between application layers

    - by DutrowLLC
    I have a web application running on Google App Engine (GAE) for JAVA. I'm authenticating the client at the Servlet layer but would like to make the client information available to my business and data layers without having to pass the client object through the arguments of every single function. I'm considering setting up a "session" type object using ThreadLocal. That way any function can just say something like: CurrentUser.getRoles(); Is this a good way to do this or is there something else that is a more accepted solution? Thanks!

    Read the article

  • ASP.NET MVC pass information from controller to view WITHOUT ViewData, ViewModel, or Session

    - by josh
    I have a unique scenario where I want a base controller to grab some data and store it in a list. The list should be accessible from my views just as ViewData is. I will be using this list on every page and would like a cleaner solution than just shoving it in the ViewDataDictionary. After attempting to come up with a solution, I thought I would create a custom ViewPage with a property to hold my list. My custom ViewPage would inherit from System.Web.MVC.ViewPage. However, I do not know where MVC passes the viewdata from the controller off to the view. More importantly, how do I get it to pass my list down to the view? Thanks for the help.

    Read the article

  • How to update the session values on partial post back and how to make Javascript use the new values

    - by Mano
    The problem I am facing is the I am passing values to javascript to draw a graph using session values in the code behind. When page loads it take the value from the session and creates the graph, when I do partial post back using a Update Panel and Timer, I call the method to add values to the session and it does it. public void messsagePercentStats(object sender, EventArgs args) { ... if (value >= lowtarg && value < Toptarg) { vProgressColor = "'#eaa600'"; } else if (value >= Toptarg) { vProgressColor = "'#86cf21'"; } Session.Add("vProgressColor", vProgressColor); Session.Add("vProgressPercentage", "["+value+"],["+remaining+"]"); } } I use the update panel to call the above method <asp:ScriptManager ID="smCharts" runat="server" /> <asp:UpdatePanel runat="server" ID="Holder" OnLoad="messsagePercentStats" UpdateMode="Conditional"> <ContentTemplate> <asp:Timer ID="Timer1" runat="server" Interval="5000" OnTick="Timer_Tick" /> and the timer_tick method is executed every 5 seconds protected void Timer_Tick(object sender, EventArgs args) { ScriptManager.RegisterStartupScript(this, this.GetType(), "key", "r.init();", true); ResponseMetric rm = new ResponseMetric(); Holder.Update(); } I use ScriptManager.RegisterStartupScript(this, this.GetType(), "key", "r.init();", true); to call the r.init() Java script method to draw the graph on post back and it works fine. Java Script: var r = { init : function(){ r = Raphael("pie"), data2 = [<%= Session["vProgressPercentage"] %>]; axisx = ["10%", "20%"]; r.g.txtattr.font = "12px 'Fontin Sans', Fontin-Sans, sans-serif"; r.g.barchart(80, 25, 100, 320, data2, { stacked: true, colors: [<%= Session["vProgressColor"] %>,'#fff'] }); axis2 = r.g.axis(94, 325, 280, 0, 100, 10, 1); } } window.onload = function () { r.init(); }; This Java Script is not getting the new value from the session, it uses the old value when the page was loaded. How can I change the code to make sure the JS uses the latest session value.

    Read the article

  • How to communicate/share a session between pages over HTTP and HTTPS

    - by spirytus
    What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, let's say homepage? As far as I know sharing sessions in between HTTP and HTTPS parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on HTTP page like homepage, shopping cart data (items) that users ordered on HTTPS pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (SSL) and the rest not? I'm using PHP if it makes any difference.

    Read the article

  • Unable to pass variable data

    - by JM4
    I am trying to use the following code to pass information to another site but it keeps giving me an error: Invalid Code: $a = $b->doIt("James",$_SESSION['JNum'],"Frank"); Valid Sample Code: $a = $b->doIt("James","123456","Frank"); In the first example, the page returns "number field is required". The second piece of sample code returns valid results. Do to the nature of this project though I need to pass the id number as they are stored in SESSION variables. What am I missing?

    Read the article

  • Java: InitialContext.lookup(String) - what should the value o the parametr be?

    - by bguiz
    To instantiate a Stateful Session Bean inside of a JSP/ servlet, I am using: InitialContext ic = new InitialContext(); SomeStateful state = (SomeStateful) ic.lookup("java:comp/env/SomeStatefulBean"); Trial and error had me prefix the name of my EJB with java:comp/env/, so the above works (on Glassfish 2.1). However I want to know what the proper way to obtain this prefix is. Is there a CLI tool or function somewhere in the admin panel that will allow we to examine/ alter this? Is this platform/ application server dependant? Is there a setting within my ear, EJB-jar or war which I can examine or alter for this? (Forgive the beginner question) Thanks!

    Read the article

  • Best Tomcat6 JNDI + Hibernate configuration for session/transaction support

    - by EugeneP
    I use tomcat6 as a servlet container, and need to integrate Hibernate 3.2 into the project. I found a document how to configure SessionFactory lookup through JNDI, though it does not work as expected. Quote: Hibernate works in any environment that uses JTA, in fact, we recommend to use JTA whenever possible as it is the standard Java transaction interface. End of quote. In hibernate config I indicate current_session_context_class = jta and now I get an error "No TransactionManagerLookup specified". The problem is that Tomcat does not support JTA, and to get it worked, if I understand it correctly, you need to add JOTM or other library to Tomcat. But according to quote it is recommended to use JTA. What can you recommend in this situation?

    Read the article

  • How to configure grails and shiro to mark cookies secure?

    - by j4y
    I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http. This is the attribute I want to set: securityManager.sessionManager.sessionIdCookie.secure = true The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting? // If the legacy 'security.shiro.filter.config' option is set, // use our custom INI-based filter... if (application.config.security.shiro.filter.config) { log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead." 'filter-class'('org.apache.shiro.grails.LegacyShiroFilter') 'init-param' { 'param-name'('securityManagerBeanName') 'param-value'('shiroSecurityManager') }

    Read the article

  • force all session log-out

    - by cometta
    i'm using spring+tapestry for authenticate webuser. I wonder is there any technique i can force all users that currently login in to logout let say i'm on scenario where the site is 'under maintenance mode'

    Read the article

  • Convert Google Analytics cookies to Local/Session Storage

    - by David Murdoch
    Google Analytics sets 4 cookies that will be sent with all requests to that domain (and ofset its subdomains). From what I can tell no server actually uses them directly; they're only sent with __utm.gif as a query param. Now, obviously Google Analytics reads, writes and acts on their values and they will need to be available to the GA tracking script. So, what I am wondering is if it is possible to: rewrite the __utm* cookies to local storage after ga.js has written them delete them after ga.js has run rewrite the cookies FROM local storage back to cookie form right before ga.js reads them start over Or, monkey patch ga.js to use local storage before it begins the cookie read/write part. Obviously if we are going so far out of the way to remove the __utm* cookies we'll want to also use the Async variant of Analytics. I'm guessing the down vote was because I didn't ask a question. DOH! My questions are: Can it be done as described above? If so, why hasn't it been done? I have a default HTML/CSS/JS boilerplate template that passes YSlow, PageSpeed, and Chrome's Audit with near perfect scores. I'm really looking for a way to squeeze those remaining cookie bytes from Google Analytics in browsers that support local storage.

    Read the article

  • Using POST or SESSION to capture data

    - by Karinne
    Hi all! I'm currently working on web application using VB in ASP.NET. Right now I have 1 page with panels that we are using to show/hide depending on the flow. When the user first comes in, he/she is presented with a gridview containing a list of clients. Then the user, clicks a link from a row and is presented a form where he/she can update the clients' info. Originally, I had a HYPERLINKFIELD that put the clientId in the url, then I'd grab the url and do the code appropriately <asp:HyperLinkField Text='<%$ Resources:Resource, ManageClient %>' DataNavigateUrlFields="CLIENT_ID" DataNavigateUrlFormatString="~/clients/manage.aspx?clientId={0}" /> Now, I'm rethinking that and wondering if it's better to use SESSIONs to grab the clientID via this instead <asp:TemplateField Visible="false"><ItemTemplate><asp:Label runat="server" ID="hidClientId" Text='<%# Bind("CLIENT_ID")%>' Visible="false" /></ItemTemplate></asp:TemplateField> <asp:ButtonField Text='<%$ Resources:Resource, ManageClient %>' CommandName="Manage" /> Or use the POST method, which I'm not sure how it works in .NET (but I've used it in PHP) Any help would be greatly appreciated.

    Read the article

  • Third party Application's Idle Session expiry

    - by Manjoor
    We have a third party application running. It shows login dialog when idle for 20 minutes. We need to prevent the application to display login screen. We do not have any idea how idle state is handled internally in that application. We have done the follwoing with no luck. Created an small application in c# which focus it after every 5 minutes (using SetForegroundWindow()) and send a BM_CLICK message to one of its child window. Does not work. focus it after every 5 minutes (using SetForegroundWindow()) and move the cursor few pixels then restore cursor at its previous position. This does not work too! Is there any other way to achieve the goal?

    Read the article

  • How to handle Application_BeginRequest using a custom filter in asp.net mvc?

    - by denis_n
    How to handle Application_BeginRequest using a custom filter in asp.net mvc? I want to restore session only for one route (~/my-url). I would be cool, if I could create a custom filter and handle that. protected void Application_BeginRequest(object sender, EventArgs e) { var context = HttpContext.Current; if (string.Equals("~/my-url", context.Request.AppRelativeCurrentExecutionFilePath, StringComparison.OrdinalIgnoreCase)) { string sessionId = context.Request.Form["sessionId"]; if (sessionId != null) { HttpCookie cookie = context.Request.Cookies.Get("ASP.NET_SessionId"); if (cookie == null) { cookie = new HttpCookie("ASP.NET_SessionId"); } cookie.Value = sessionId; context.Request.Cookies.Set(cookie); } }

    Read the article

  • tomcat session replication without multicast

    - by Andreas Petersson
    i am planning to use 2 dedicated root servers rented at a hosting provider. those machines will run tomcat 6 in a cluster. if i will add additional machines later on - it is unlikely that they will be accessible with multicast, because they will be located in different subnets. is it possible to run tomcat without multicast? all tutorials for tomcat 6 clustering include multicast heartbeat. are there any alternatives to SimpleTcpCluster? or are other alternatives more appropriate in this situation?

    Read the article

  • Losing session after Login - Java

    - by Patrick Villela
    I'm building an application that needs to login to a certain page and make a navigation. I can login, provided that the response contains a string that identifies it. But, when I navigate to the second page, I can't see the page as a logged user, only as anonymous. I'll provide my code. import java.net.*; import java.security.*; import java.security.cert.*; import javax.net.ssl.*; import java.io.*; import java.util.*; public class PostTest { static HttpsURLConnection conn = null; private static class DefaultTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public X509Certificate[] getAcceptedIssuers() { return null; } } public static void main(String[] args) { try { SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom()); SSLContext.setDefault(ctx); String data = URLEncoder.encode("txtUserName", "UTF-8") + "=" + URLEncoder.encode(/*username*/, "UTF-8"); data += "&" + URLEncoder.encode("txtPassword", "UTF-8") + "=" + URLEncoder.encode(/*password*/", "UTF-8"); data += "&" + URLEncoder.encode("envia", "UTF-8") + "=" + URLEncoder.encode("1", "UTF-8"); connectToSSL(/*login url*/); conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; String resposta = ""; while((line = rd.readLine()) != null) { resposta += line + "\n"; } System.out.println("valid login -> " + resposta.contains(/*string that assures me I'm looged in*/)); connectToSSL(/*first navigation page*/); rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); while((line = rd.readLine()) != null) { System.out.println(line); } } catch(Exception e) { e.printStackTrace(); } } private static void connectToSSL(String address) { try { URL url = new URL(address); conn = (HttpsURLConnection) url.openConnection(); conn.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); } catch(Exception ex) { ex.printStackTrace(); } } } Any further information, just ask. Thanks in advance.

    Read the article

  • Global temporary tables getting data from different session in Oracle

    - by Omnipresent
    We have a stored procedure in Oracle that uses global temporary tables. In most of our other stored procedures, first thing we do is delete data from global temporary tables. However, in few of the stored procedures we do not have the delete's. Are there any other options other than adding the delete statements? Can something be done on the Server side to forcefully delete data from those temporary tables when that SP is ran?

    Read the article

  • Awk appears to disconnect my DB2 session when piping

    - by greggannicott
    Hello. I'm attempting to run the following command in Korn Shell (ksh): set -A INDEXES `db2 "describe indexes for table ${TABSCHEMA}.${TABNAME} show detail" | awk '{print $1"."$2}'` What I'm attempting to achieve is place a list of the indexes over a particular table into an array which I can later iterate through. The problem is, when I run the above command the contents of the array starts with the error message of 'SQL1024N' (which is telling me that the database connection does not exist). However, if I remove the 'awk' at the end of the statement as so: set -A INDEXES `db2 "describe indexes for table ${TABSCHEMA}.${TABNAME} show detail"` it works just fine (well, to the extent its returning data. Obviously without the awk I'm not capturing the correct data). Does anyone know why the awk is having this affect? I appreciate there is more than one way to get this data, but it baffles me as to why this is happening. Thanks in advance. Greg.

    Read the article

  • the best way to make codeigniter website multi-language. calling from lang arrays depends on lang se

    - by artmania
    Hi friends, I'm researching hours and hours, but I could not find any clear, efficient way to make it :/ I have a codeigniter base website in English and I have to add a Polish language now. What is the best way to make my site in 2 language depending visitor selection? is there any way to create array files for each language and call them in view files depends on Session from lang selection? I don't wanna use database. Appreciate helps! I'm running out of deadline :/ thanks!!

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >