Search Results

Search found 1397 results on 56 pages for 'cookies'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 9/56 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • PHP - login to a remote server, trough my own server, with HTTPS, cookies and proxy, and downloading the html

    - by Yunga Mohani
    Hello, so what i am trying to do is this: login to the other server with a PHP on my own server (either with my username and pass/or with my cookies) then have access to the page i want to display/download i want to write a PHP script that is located on my own server, that automatically does a login to another server, that uses HTTPS and a web form for login. after the login i have access to that page that i am trying to download. i dont know if it would be possible to login and download the html only with the cookies that i have in my browser through a previous login, or if i need to do the login in my php script through some https login method. can i do any of this with curl or fsocksopen or what would be the best way to realize this? thanks in advance!

    Read the article

  • How to get Cookies using HttpClient

    - by Sunil
    Hello I am using HttpClient to get Cookies but I am unable find any cookies.My Code is given below public class LoginTab { private Cookie[] cookies; HttpClient httpClient; HttpState httpState; HashMap postData; public LoginTab() { httpClient = new HttpClient(); httpState = new HttpState(); httpClient.getHttpConnectionManager(). getParams().setConnectionTimeout(300000); httpClient.setState(httpState); // RFC 2101 cookie management spec is used per default // to parse, validate, format & match cookies httpClient.getParams().setCookiePolicy(CookiePolicy.RFC_2109); postData= new HashMap(); } public String getMethod(String url) { GetMethod getMethod = new GetMethod(url); String pageSoure=""; try{ httpClient.executeMethod(getMethod); pageSoure=getMethod.getResponseBodyAsString(); extractUsefulPostData(pageSoure, postData); getMethod.releaseConnection(); }catch(Exception ex) { ex.printStackTrace(); } return pageSoure; } public static void main(String[]arg) { LoginTab loginTab= new LoginTab(); System.out.println(loginTab.getMethod("http://tab.com.au/")); Cookie [] cookies=loginTab.httpState.getCookies(); System.out.println(cookies.length); for(int i=0;i<cookies.length;i++) System.out.println(cookies[i]); } } Please suggest me where is the mistake. Thanks in advance

    Read the article

  • How to get Cookies using HttpClient

    - by Sunil
    Hello I am using HttpClient to get Cookies but I am unable find any cookies.My Code is given below public class LoginTab { private Cookie[] cookies; HttpClient httpClient; HttpState httpState; HashMap postData; public LoginTab() { httpClient = new HttpClient(); httpState = new HttpState(); httpClient.getHttpConnectionManager(). getParams().setConnectionTimeout(300000); httpClient.setState(httpState); // RFC 2101 cookie management spec is used per default // to parse, validate, format & match cookies httpClient.getParams().setCookiePolicy(CookiePolicy.RFC_2109); postData= new HashMap(); } public String getMethod(String url) { GetMethod getMethod = new GetMethod(url); String pageSoure=""; try{ httpClient.executeMethod(getMethod); pageSoure=getMethod.getResponseBodyAsString(); extractUsefulPostData(pageSoure, postData); getMethod.releaseConnection(); }catch(Exception ex) { ex.printStackTrace(); } return pageSoure; } public static void main(String[]arg) { LoginTab loginTab= new LoginTab(); System.out.println(loginTab.getMethod("http://tab.com.au/")); Cookie [] cookies=loginTab.httpState.getCookies(); System.out.println(cookies.length); for(int i=0;i<cookies.length;i++) System.out.println(cookies[i]); } } Please suggest me where is the mistake. Thanks in advance

    Read the article

  • My jquery cookies are not resetting, even though am using the correct code.

    - by Adam Libonatti-Roche
    My problem is that I am trying to reset some form cookies so when someone has completed their form, they are reset so it is possible for someone else to complete the form. Simple and obvious. But However many different lines of code I put in, the cookies just do not seem to be disappearing. I am using the remember function from the site below: Komodo Media So the details stay when they move away from the page: the code i have for the page starting is as follows: <script type="text/javascript"> function remember( selector ){ $(selector).each( function(){ //if this item has been cookied, restore it var name = $(this).attr('name'); if( $.cookie( name ) ){ if( $(this).is(':checkbox') ){ $(this).attr('checked',$.cookie( name )); }else{ $(this).val( $.cookie(name) ); } } //assign a change function to the item to cookie it $(this).change( function(){ if( $(this).is(':checkbox') ){ $.cookie(name, $(this).attr('checked'), { path: '/', expires: 1 }); }else{ $.cookie(''+name+'', $(this).val(), { path: '/', expires: 1 }); } }); }); } // JQUERY FOR THIS PAGE $(document).ready( function(){ remember("[name=username]"); remember("[name=firstname]"); remember("[name=lastname]"); remember("[name=email]"); remember("[name=password]"); remember("[name=address1]"); remember("[name=address2]"); remember("[name=postcode]"); remember("[name=country]"); } ); </script> And the code for resetting them is simple enough, as it takes the cookie name and sets it to null. However, this does not work as on returning to the form, all fields from before are still there. Any help with this would be brilliant.

    Read the article

  • How do I use cookies to store users' recent site history(PHP)?

    - by ggfan
    I decided to make a recent view box that allows users to see what links they clicked on before. Whenever they click on a posting, the posting's id gets stored in a cookie and displays it in the recent view box. In my ad.php, I have a definerecentview function that stores the posting's id (so I can call it later when trying to get the posting's information such as title, price from the database) in a cookie. How do I create a cookie array for this? **EXAMPLE:** user clicks on ad.php?posting_id='200' //this is in the ad.php function definerecentview() { $posting_id=$_GET['posting_id']; //this adds 30 days to the current time $Month = 2592000 + time(); $i=1; if (isset($posting_id)){ //lost here for($i=1,$i< ???,$i++){ setcookie("recentviewitem[$i]", $posting_id, $Month); } } } function displayrecentviews() { echo "<div class='recentviews'>"; echo "Recent Views"; if (isset($_COOKIE['recentviewitem'])) { foreach ($_COOKIE['recentviewitem'] as $name => $value) { echo "$name : $value <br />\n"; //right now just shows the posting_id } } echo "</div>"; } How do I use a for loop or foreach loop to make it that whenever a user clicks on an ad, it makes an array in the cookie? So it would be like.. 1. clicks on ad.php?posting_id=200 --- setcookie("recentviewitem[1]",200,$month); 2. clicks on ad.php?posting_id=201 --- setcookie("recentviewitem[2]",201,$month); 3. clicks on ad.php?posting_id=202 --- setcookie("recentviewitem[3]",202,$month); Then in the displayrecentitem function, I just echo however many cookies were set? I'm just totally lost in creating a for loop that sets the cookies. any help would be appreciated

    Read the article

  • Getting all the cookies including those from google analytics from one webpage

    - by DixieFlatline
    Hello! I use apache 4 java libs for http get connections. I get all cookies from 2 other pages. But one other webpage contains google analytics cookies(utma,utmz...) and classic session id cookie (checked with firebug). When i try to get the cookies i only get sesson id cookie. Is there any trick to get all the cookies from java in connection with google analytics? If i want to make a http post, it seems that i have to send google analytics cookies too. I can copy my code if somebody wants, but it works on other pages(for printing cookies). Thank you

    Read the article

  • Cookie Settings Storage Method

    - by Paul
    I've got an web app that needs to store some non-sensitive preferences for the user. Right now I'm storing their language preference and what mode they want a window opened in by default in two cookies: "lang" can be "en" or "de" "mode" can be "design" or "view" I might add a few more in the future. I'm not sure how many, but probably never more than a dozen. Language is parsed on every request, whereas the mode cookie is only used occasionally. I saw a recommendation that made sense I shouldn't try to do what I was originally planning to do and strongly type a user settings class deserialized on each request because of the overhead involved. I see three options here and I'm not sure which is the best overall. Keep things as they are, add a new cookie for each new setting Combine the cookies into a single settings cookie and add future values to it Change the mode cookie to settings (leaving language alone), add new user settings values to the settings cookie All would work obviously. I'm leaning toward option three, but I'm not sure if there's a best practice for this?

    Read the article

  • Why do some cookies have a '.' before the domain?

    - by Blankman
    Trying to share cookies accross 2 domains in asp.net, for some reason 1 domain has a '.' before the domain, and the other doesn't. Why is that? e.g: .staging.example.com and staging.example.com Is this something to do with how I create the cookie, or a web.config change? I am not using forms authentication, just creating a cookie manually.

    Read the article

  • How to set cookies via PHP in the middle of a document?

    - by Sam
    Hi all, how can I set cookies in the middle of a document, without incurring a 'headers already sent' error? What I'm trying to do is make a log out script (the log in cookie setting works...so odd. Is it because it's enclosed in an if statement?) however I've already echoed the page title and some other stuff at the top of the page, before I've made this logout happen. Thanks!

    Read the article

  • Sharing Authentication Across Subdomains using cookies

    - by Jordan Reiter
    I know that in general cookies themselves are not considered robust enough to store authentication information. What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID. Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database. The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).

    Read the article

  • Can AdSense crawler view pages that require cookies?

    - by moomoochoo
    Details I require users to agree to terms and conditions before they can view several pages on my site. Once they have agreed a cookie is set and they can proceed to the webpage. If a user somehow manages to end up on the webpage without a cookie they will not be able to access the page's content. My question(s) Is the AdSense crawler able to set the cookie and visit these pages? If yes, how will it know to agree to the TOS? Is there some way to allow it access to the pages even if it couldn't use cookies?

    Read the article

  • Parse the HTTP_COOKIES string from Apache for use in #if clause

    - by Ambrose
    I want to be able to read the cookies from Apache's HTTP_COOKIE string and then add includes based on the contents of that string. I've got this far: <!--#set var="cookies" value="HTTP_COOKIE" --> <p>COOKIES: <!--#echo var="$cookies"--></p> which gives me a string with all the cookies in it. Now I want to be able to parse the string for something like Name=Bob. I thought I'd be able to do this: <!--#if expr="$cookies = /Name=([a-zA-Z]+)/"--> <p>Your name is <!--#echo var="$1"--></p> <!--#endif--> But it doesn't seem to work. What should I be doing -- or isn't this possible?

    Read the article

  • ActiveRecordStore InvalidAuthenticityToken

    - by Andy
    I have recently been using cookie store and I want to transition to active record store. However I keep getting an invalid authenticity token. After deleting my cookies, I was able to access the page just fine, but I don't want all my users to come to my page, get a huge error and then figure out that I want them to delete their cookies. So I made a function called delete cookies: after_filter :delete_cookie def delete_cookie puts "deleting cookies" cookies.to_hash.each_pair do |k, v| puts k cookies.delete(k) end end In application controller, but it doesn't seem to be working correctly. I still see my cookie after visiting any page. I feel like there really should be a better solution but I can't seem to find any so far. Any hints?

    Read the article

  • Running isolated Internet Explorer instances side by side? (separate cookie sets)

    - by GJ
    I'm using PAMIE (http://pamie.sourceforge.net/) to automate some testing routines on a client's web site via IE8, and would like to be able to run multiple tests under different user credentials. The site which I'm testing is using cookies to remember the user (without a "remember me" option I can deselect). Therefore, when I run a second instance of IE8 the cookies get shared and I can't log in as a different user. Is there any way to get IE8 to use isolated sets of cookies in each window?

    Read the article

  • How can I delete current session in Chrome?

    - by Eric
    I'm using Google Chrome and want to delete the current session data on the fly. I can do this on Firefox with the web developer extension, but Chrome doesn't seem to have the same option in their webdev extension. So how can I do this? I realize that session data is stored on the server side and tracked in the browser with cookies. So really, I think what I want to do is delete cookies that are set to live for the session lifetime. Is there a way to do THAT in Chrome? "Delete browsing data" lets me delete all cookies from within a certain time period (for example, the last hour), but that could delete OTHER cookies on the site that I don't want to erase. I just want to delete the cookie being used to track my current session. Thanks y'all...

    Read the article

  • How to configure grails and shiro to mark cookies secure?

    - by j4y
    I'm using Grails 2.2.4 with the Shiro plugin (v1.1.4) and would like to mark the cookies as secure so the session information won't be sent over http. This is the attribute I want to set: securityManager.sessionManager.sessionIdCookie.secure = true The shiro source says to use the Grails bean property override mechanism, which is grails-app/conf/spring/resources.groovy How can I override just the one setting? // If the legacy 'security.shiro.filter.config' option is set, // use our custom INI-based filter... if (application.config.security.shiro.filter.config) { log.warn "security.shiro.filter.config option is deprecated. Use Grails' bean property override mechanism instead." 'filter-class'('org.apache.shiro.grails.LegacyShiroFilter') 'init-param' { 'param-name'('securityManagerBeanName') 'param-value'('shiroSecurityManager') }

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • Setting existing cookies to use with libcurl

    - by Dave18
    does current version of libcurl support firefox 3.0 and above cookies file (cookies.sqlite) ? I'm trying to set the file to allow cookies to be used when retrieving the data from web address. int return_val = curl_easy_setopt(hCurl, CURLOPT_COOKIEFILE, \..\cookies.sqlite); return_val is zero but i don't get to see the expected data.

    Read the article

  • Are cookies enough for storing login data? (PHP)

    - by jpjp
    I am reading the Head First PHP/Mysql book and they say to store both the user's username, email into cookies and sessions. Is it safe to assume that everyone know a day has cookies? Or should I store both in sessions and cookies? I am not storing any sensitive data in cookies such as password, etc.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >