Hello, Am planning to use cookies to communicate between two browser windows. Am wondering if there are any drawbacks that I can't think of. The data is not required on the server side, thus communication via cookie should be enough for the purpose. Am I missing something or is this fine to use? I know the limit is 4K. Roughly how much...
How do I send a cookie in a functional test? How do I test to be sure that the cookie is cleared? I've had great success using TDD to build the models for a Rails application, but have hit a snag with regard to controller testing: I can set cookie values once in a test and read them, but I can't clear them. That is: test "clears cookie...
I'm currently building a web-app for a client who would like to utilise cookies to better shape their traffic, etc, etc, you know the drill. So at the end of last week I added a simple cookie write (basically set cookie="helloworld") and a cookie read with a counter to the app, which is effectively just a single page so every request to...
I want to be able to read the cookies from Apache's HTTP_COOKIE string and then add includes based on the contents of that string. I've got this far: <!--#set var="cookies" value="HTTP_COOKIE" --> <p>COOKIES: <!--#echo var="$cookies"--></p> which gives me a string with all the cookies in it. Now I want to be able to parse the strin...
While I realise that this is usually related to cross site scripting attacks, what I'm wondering is how can a session remain valid throughout multiple subdomains belonging to a single domain (example: a user logging in only once, and being able to access both subdomain1.domain.com and subdomain2.domain.com with the same session). I guess...
I have two applications and want them to share their sessions. This is trivial, at least so far. Now I am running in some stange issue. I have set the same session_key and secret in the environment.rb and the two applications did not share the same session. Verified if development.rb has something... nothing. Tried to cleanup cookies ...
There is a banking site that I cannot login to unless I allow all cookies to be accepted. I am using Firefox 3.0 and I have set it to not accept cookies except from the defined list (Tools - Options - Privacy - Cookies - Exceptions). I've added all the sites captured by Live HTTP Headers to the whitelist, but the login is still disabled....
My current document URL is http: //127.0.0.1/foo and I need to change the value of a cookie for http: //127.0.0.1/bar. document.cookie is empty because document's URL is foo. For the moment, I just want to read the cookie value. Any clue? ...
I've tried various permutations of: firefox.exe "javascript:document.location='http://site.com';document.cookies='key=val';" But with no good result; the cookie is not added for the site.com domain. Is it at all possible to accomplish using this approach? ...
Safari 4 Beta on Windows (build 528.17) has a bug. If expires is in value assigned to document.cookie, cookie is not changed. So, below cookie enable detection doesn't work anymore. var dt = new Date(); dt.setSeconds(dt.getSeconds() + 2); document.cookie = "cookietest=1; expires=" + dt.toGMTString(); var cookiesEnabled = document.cooki...
I have a question as to how / what the best approaches are to using OpenId and also providing the ability to stay logged in. If i look at Stackoverflow for example i have logged in using Google and if i close by browser and come back it still has me as logged in. However, i am not logged into Google and moreoever I have removed stackov...
Is there a way to mark classic ASP ASPSESSIONID* cookies as secure? It appears that the ASP ISAPI handler adds that session id cookie after my page is done rendering so putting code at the end of my page to loop through the Response.Cookie collection and mark them as secure doesn't seem to touch the ASPSESSIONID* cookie. Any other way ...
I'm trying to support single sign-on with JETTY and we have 2 subdomains running webservers that will support single sign-on through Jetty's SSO support. account.test.com app.test.com We have a SSOSession cookie that is set to *.test.com, but to support sign-off I need to ensure that my Jetty server running at app.test.com has it's JSE...
I am using ASP.NET and VB.NET 2.0..................................... This is my code i use when i create my Cookie If dlgLogin.RememberMeSet = True Then Dim RateCookie As New HttpCookie("LoginInfo") RateCookie.Values("Email") = dlgLogin.UserName RateCookie.Values("Password") = dlgLogin.Password RateC...
hi all, i want to know if Zend Framework has any class for handling cookies. a class that wraps php's setcookie() function for example. thanks in advance. ...
Hi, I'm currently setting up an authentication system. My current layout is to get his email from the $_POST, md5 his password, and check the database against his email and his password. If it matches, I use session_start, and I start storing data in the $_SESSION variable, like so: $_SESSION['uid'] = $uid; $_SESSION['first_name'] = ...
If I have an ASP.NET page making a request to a page in a different web site/server and that page tries to write a cookie, what will happen? Will I have a cookie in the client machine? In the server of my first site? Will it be blocked because of some security issues? Tks in advance! ...
Is using a User's IP addr as part of a Cookie's hashed value that I store in the database a bad idea? I read somewhere that since most user's have dynamic IP addresses that it was bad practice to use this as part of the hash. If so what kind of user data should I pull in the hash? Or do I really need to? Thanks. ...
Does anybody know where are cookies stored in Windows Vista? I'm looking at C:\Users\MyUser\AppData\Roaming\Microsoft\Windows\Cookies but the cookies I see there don't match the one I see through Firefox. I'm creating a cookie in ASP.NET, localhost, Firefox shows me the cookie but I cannot locate it in the file system. Any ideas? Tks ...
Can you set a cookie only for domain.tld and www.domain.tld so that if you go to any other subdomain (bla.doamin.tld for example) the cookie won't be set? ...