Search Results

Search found 9490 results on 380 pages for 'session hijacking'.

Page 73/380 | < Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >

  • i recieved warning when set cookie

    - by jeya devan
    i used mvc concept for my project... i can set cookies index page... but i can not set cookies in view page,,, i received the following warning... Warning: Cannot modify header information - headers already sent by... thanks advance

    Read the article

  • Why is this HTTP request continually looping?

    - by alex
    I'm probably overlooking something really obvious here. Comments are in to help explain any library specific code. public function areCookiesEnabled() { $random = 'cx67ds'; // set cookie cookie::set('test_cookie', $random); // try and get cookie, if not set to false $testCookie = cookie::get('test_cookie', false); $cookiesAppend = '?cookies=false'; // were we able to get the cookie equal ? $cookiesEnabled = ($testCookie === $random); // if $_GET['cookies'] === false , etc try and remove $_GET portion if ($this->input->get('cookies', false) === 'false' AND $cookiesEnabled) { url::redirect(str_replace($cookiesAppend, '', url::current())); // redirect return false; } // all else fails, add a $_GET[] if ( ! $cookiesEnabled) { url::redirect(url::current().$cookiesAppend); } return $cookiesEnabled; }

    Read the article

  • Double Slash at end of URL when going to HTTPS?

    - by J M 4
    My site currently uses http and https sections based on the data being collected on the site (form data uses https). On my index page, I have the PHP code at the top: <?php session_start(); ob_start(); if( $_SERVER['SERVER_PORT'] == 443) { header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])); die(); } ?> However, the page will not load and I get a 404 error. Similarly, when i visit the sections with https security using the head code: <?php session_start(); ob_start(); if( $_SERVER['SERVER_PORT'] == 80) { header('Location:https://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/'.basename($_SERVER['PHP_SELF'])); die(); } ?> The site does not respond AND for some reason creates a double slash when switching from http to https. Example: http://www.abc.com/, then clicking button which should route to enroll.php shows http://www.abc.com//enroll.php why the need for the double slash and can anybody help with the 404 errors?

    Read the article

  • Sessions and uploadify

    - by Uffo
    I'm using uploadify, and i can't set sessions in my php files, my script looks like this: $("#uploadify").uploadify({ 'uploader' : '/extra/flash/uploadify.swf', 'script' : '/admin/uploads/artistsphotos', 'scriptData' : {'PHPSESSID' : '<?= session_id(); ?>'}, 'cancelImg' : '/images/cancel.png', 'folder' : '/img/artists', 'queueID' : 'fileQueue', 'auto' : false, 'multi' : true, 'onComplete' : function(a, b, c, d, e){ }, 'onAllComplete': function(event,data){ $bla = $('#art').find(':selected',this); $fi = $bla.val(); $.ajax({ type: "POST", url: "/admin/uploads/artistsphotosupload", data: "artist="+$fi, success: function(msg){ console.log(msg); } }); } }); And in php if i try: $_SESSION['name'] = 'something'; I can't access it in another file.and i have session_start(); activated Any solutions?

    Read the article

  • Recreating Cookies on another Domain

    - by Bill
    Hi, I have a site on A.com and an iframe on B.com which reads info from A.com. I realize that there is some problems with third party cookies, iframes and P3P - particularly in Safari [my problem] Is it possible to instead, use AJAX or a hidden iFrame to pass the cookie information from A.com to B.com which will then "recreate" another cookie with the same information on the iframe in B.com. I am trying to do this for authenication - i.e. a user is logged in on A.com and then goes to b.com and the iframe is also logged in ? I was hoping to perhaps pass the data in a hidden iframe and "recreate" the cookie in the iframe on B.com using JavaScript?

    Read the article

  • Using Sessions in WCF Services called from Silverlight

    - by Torbjörn Josefsson
    (Using Visual Studio 2008, and Silverlight 3) -I've really looked around for this one, and now I'm just confused by all the solutions that simply won't work for me. I'm trying to call a WCF service from a Silverlight client, which is no problem, but I can't get the service to handle sessions (I want to remember a few things about the callee between calls) I've gathered that basicHttpBinding is no good for sessions, and I haven't managed to make wsHttpBinding work... what's the matter? I would have thought this was a pretty basic thing people would want in their WCF services, or am I just completely muddle-headed not to see how it can be done?

    Read the article

  • Yahoo account remains open after using openID to login.why?

    - by hd
    hi i have added openid login with Yahoo! and Google in my site. it is ok and works fine. when users select for example Yahoo! to login to my site, they will be logged in in their yahoo mail account too. i think it is not secure because maybe they don't notice to this issue and leave computer while their email account is availble. what do you think about this and what is your solution for your own sites? as i notice the same story is for stackoverflow.com.

    Read the article

  • Php function available on other php page

    - by Vafello
    I have a function that I use on index.php page and I would like to call it from other php page (other.php). How to make this function available without redeclaration? I think it's achievable using sessions, but I am not sure how to do it exactly.

    Read the article

  • Get UserToken from Logon ID (LUID) (C++)

    - by strDisplayName
    Hey Everybody I'm trying to understand better how windows sessions work, so if I have some weird mistakes in the question, please, let me know :-) . I use LsaEnumerateLogonSessions() to get all the logged on sessions in the system. Now I have LUID that represents a log-on, and if I understand correctly, it represents a user that logged on or a build it user like SYSTEM. Now, if user X starts a process, windows gives that process a token that represents X. So here comes my question: Is there a way (in a windows service) to get the user's token from LUID? I know I can get it from a process HANDLE, but that is not what I want... Thanks a lot!

    Read the article

  • Why do I get "could not load type" error with my custom SessionStateProvider

    - by Rising Star
    My associate has created a custom SessionStateProvider for me to use with my ASP.net application. I add the file CustomSessionStateProvider to my VS2008 Web Application Project and put the appropriate reference in the web.config and it works fine. However, my supervisor wants me to set this up as a GAC reference. At my office, we have many DLLs we've created that we use as GAC references across different projects. If I add my CustomSessionStateProvider to the Global Assembly Cache, my pages throw a could not load type CustomASP.CustomSessionStateProvider error. Simple removing the DLL from the GAC makes it work again, but I want to set this up as a GAC reference. What could be causing this problem?

    Read the article

  • How to pass variable from jsf managed bean to jsp page

    - by cyberziko
    How can I pass a variable from JSF managed bean to JSP page. PS: I'm in portal context (liferay). I tried this: in Managed Bean: HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest(); request.setAttribute("var", "someTxt"); in JSP: <% String var = (String)request.getAttribute("var"); %> I don't get any result.

    Read the article

  • Why I am not that user after I load cookies?

    - by MoreFreeze
    I want to grab some site data, but it must be a login account. So I register it and login, I found some API about this site that can be used to grab data. I use this Chrome plugin "cookie.txt export" export cookies.txt, I copy all content it export and use following cmd like wget -x --load-cookies cookies.txt http://www.example.com/api/name=xxxx but it doesn't work. It download the page that need I login. So I think this site has some other verification strategy, how can I pass it? Whether I must input in browser manually?

    Read the article

  • last_login_at not working (null) w/ Authlogic Magic Columns...

    - by bgadoci
    I am using the Authlogicgem for authentication and most of it seems to be working great. Authlogic provides several columns that you can add to your Users table (for example) that it knows to fill in if they are present. i.e. login_count, current_login_ip, last_request_at and last_login_at. All seem to be working fine with the exception of the last_login_at field which is null for each user. Is there anything specific that could be causing this perhaps having to do with the user sessions, etc? I can post code if needed but wasn't sure what would relate to this.

    Read the article

  • I am confused about how to use @SessionAttributes

    - by yusaku
    I am trying to understand architecture of Spring MVC. However, I am completely confused by behavior of @SessionAttributes. Please look at SampleController below , it is handling post method by SuperForm class. In fact, just field of SuperForm class is only binding as I expected. However, After I put @SessionAttributes in Controller, handling method is binding as SubAForm. Can anybody explain me what happened in this binding. ------------------------------------------------------- @Controller @SessionAttributes("form") @RequestMapping(value = "/sample") public class SampleController { @RequestMapping(method = RequestMethod.GET) public String getCreateForm(Model model) { model.addAttribute("form", new SubAForm()); return "sample/input"; } @RequestMapping(method = RequestMethod.POST) public String register(@ModelAttribute("form") SuperForm form, Model model) { return "sample/input"; } } ------------------------------------------------------- public class SuperForm { private Long superId; public Long getSuperId() { return superId; } public void setSuperId(Long superId) { this.superId = superId; } } ------------------------------------------------------- public class SubAForm extends SuperForm { private Long subAId; public Long getSubAId() { return subAId; } public void setSubAId(Long subAId) { this.subAId = subAId; } } ------------------------------------------------------- <form:form modelAttribute="form" method="post"> <fieldset> <legend>SUPER FIELD</legend> <p> SUPER ID:<form:input path="superId" /> </p> </fieldset> <fieldset> <legend>SUB A FIELD</legend> <p> SUB A ID:<form:input path="subAId" /> </p> </fieldset> <p> <input type="submit" value="register" /> </p> </form:form>

    Read the article

  • How would a user stay logged in to a REST-based website?

    - by unforgiven3
    A year or so ago I asked this question: Can you help me understand this? “Common REST Mistakes: Sessions are irrelevant”. My question was essentially this: Okay, I get that HTTP authentication is done automatically on every message - but how? Is the username/password sent with every request? Doesn't that just increase attack surface area? I feel like I'm missing part of the puzzle. The answers I received made perfect sense in the context of a mobile (iPhone, Android, WP7) app - when talking to a REST service, the app would just send user credentials along with each request. That worked great for me. But now, I would like to better understand how one would secure a REST-like website, like StackOverflow itself or something like Reddit. How would things work if it was a user logged in via a web browser instead of logged in via an iPhone app? What happens when a user logs in? Are the credentials saved in the browser somehow? How would the browser know what credentials to send with subsequent REST requests? What if it's a JavaScript call to a webservice? How would the JavaScript call include user credentials? I'll be quite frank: my understanding of security when it comes to websites is pretty limited. I enjoyed working with REST services from an app perspective, but now I want to try and build a website that is based on REST principles, and I'm finding myself to be pretty lost. If there is anything in the above question that is unclear that you'd like me to clarify, please leave a comment and I'll address it.

    Read the article

  • ASP MVC: Keeping track of logged in users.

    - by user323395
    I'm creating a ASP MVC application. And because of the complex authorization i'm trying to build my own login system. (So i'm not using asp membership providers, and related classes). Now i'm able to create new accounts in the database with hashed passwords. But how do i keep track that a user is logged in. Is generating a long random number and putting this with the userID in the database and cookie enough? Sorry for my rather bad english! Ty in advance :)

    Read the article

  • Sharepoint UserProfileService

    - by user365984
    I've got a sharepoint site and a custom aspx portal, both under Windows Authentication. With the same machine, it happens that my sharepoint site returning me my current login, while my custom aspx returning me my domain admin account instead. Is there anyway that I could ensure both logins are the same? Otherwise, is there anyway to consume SPUserProfileService from a custom aspx portal? Mainly, I need to have the custom aspx portal to get sharepoint logon id. Nevertheless, i could still trigger AccessDenied.aspx in sharepoint to prompt for logins.

    Read the article

  • What is the pros and cons in using FormsAuthentication to persist login cookie?

    - by stacker
    What is the pros and cons in using FormsAuthentication to persist a login cookie? I see that StackOverflow ignore FormsAuthentication and instead implemented a different strategy to persist a login cookie. Pros Out of the box implementation for persistent login feature. Cons The login feature depends on the machine key which mean that I need to make sure that the machine key is the same on all the servers in the farm. The cookie contains wired encrypted values that don't really make sense to store in the cookie.

    Read the article

< Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >