Is there a way to print the cookies stored in a cookielib.CookieJar in a human-readable way? I'm scraping a site and I'd like to know if the same cookies are set when I use my script as when I use the browser. ...
I am trying to configure authentication using a few tutorials I have found on the Membership Providers paradigm found in ASP.NET v2.0. I've followed the examples in the tutorial but can't seem to get the FormsAuthentication.RedirectFromPage method to work appropriately. When I attempt a login, the user credentials are validated via Membe...
I'm sure there's still plenty of sites out there that, for some inexplicable reason, use Javascript to manipulate cookies, but there's really no good reason to allow this in light of all the XSS that can occur. Why do browsers still allow this? Why not simply prevent JS from seeing cookies? ...
I finally realised the problem with swfupload... I have a page used to process the uploaded file in swfupload but previous problem I had, I couldn't reach to the page to do the processing. Now I know why, it is because the authentication problem. The server thought the user hasn't been authenticated when the swfupload trying to upload...
When a person registers on my site, or logs in, they are sent to "thanks.php". The page checks is you're logged in or not and if so, tells you what you can do and if not, gives you a link to the register.php page. However, anyone can make their own cookie and trick the script like that. How do I protect myself from this? One thing I ...
This is very similar to a question posted last September, but I haven't come across any working solutions for it (and am not versed well-enough in session cookies to do it myself). If I'm having the user authenticate in WordPress, how do I read that session cookie with MediaWiki such that the user then has permission to edit the wiki? I'...
According to RFC 2109, the value of a cookie "is opaque to the user agent and may be anything the origin server chooses to send, possibly in a server-selected printable ASCII encoding." As a consequence of this, different languages/platforms/server send a different cookie value even when the original value is the same. For example, C#/...
I've been thinking a lot about this recently, and I wanted to know if anyone has thought of/implemented any intuitive ways of securing cookies from manipulation. I've always used the "sign it with a hash and check against the hash later" approach, but it doesn't strike me as a particularly brilliant way of going about it, and just like a...
We have an ASP.NET application that uses Forms Auth. When users log in, a session ID cookie and a Forms Auth ticket (stored as a cookie) are generated. These are session cookies, not permanent cookies. It is intentional and desirable that when the browser closes, the user is effectively logged out. Once a user logs in, a new window is p...
I've been trying to use CookieTempDataProvider to pass a basic message between a post (entity update) and a get (entity list) using the RedirectToAction method. When using the default TempData implementation this works fine, however when I use the cookie-based version from the MVC Futures project, the TempData dictionary is empty after t...
I'm creating a facelets template for all my company's internal applications. Its appearance is based on the skin which the user selects (like gmail themes). It makes sense to store the user's preferred skin in a cookie. My "user-preferences" WAR can see this cookie. However, my other applications are unable to find the cookie. They a...
How can I check/detect if the user is accepting cookies or not? Using ASP.NET (C#) ...
I heard some firewalls and browsers disable cookies, and I think I may have heard blocking POST data. What are reasons a company may want to block cookies? (and alternatively post data. Which I am not interested in ATM.) ...
Hi, Does every web request sent the browsers cookie? I'm not talking page view, but a request for a image, .js file, etc. Update If a web page has 50 elements, that is 50 requests. Why would it send the SAME cookie(s) for each request, doesn't it cache or know it already has it? ...
I am trying to pass a session_id in a URL with Rails (2.3.1). The passing of the id is working through default_url_options, I am using memcache as a session store and I've set :cookie_only to false in environment.rb However it still does not seem to work. If I log in successfully, the first page is shown correctly, however when I contin...
When cookies are created purely client-side in javascript by setting document.cookie(), what effect does the "secure" attribute have on them? In particular: are client-created cookies sent to the server in the "Cookie:" header of subsequent requests? can client-created be modified by subsequent Set-Cookie headers from the server? in t...
hey i am building mobile website and i want to integrate facebook connect. in my regulat site i am using facebook connect that uses the cookie for getting the session key, on mobile this cookies method for getting the session is not recommended, i think. what ivgot so far is that i call to login rest server and then it return to me...
I am looking for the best-practice solution regarding how to secure a "shopping-cart" part of an otherwise (relatively) unsecure website. The existing setup in the site uses an unsecure-cookie, and only secures (via SSL) the transaction of credentials. The rest of the site is accessed via HTTP and thus, data is transmitted unsecurely. ...
Why cant I change cookie? If you chose a language you cant change. You have to empty your cookies if you want to change language. Why is that? if (isset($_GET['setLang']) && $_GET['setLang'] == 'en' || isset($_COOKIE['setLang']) && $_COOKIE['setLang'] == 'en') { setcookie("setLang", 'en', time()+(3600*12)); //expires in 12 hours incl...
Yo, guys do you know how to create cookies for IE manually? I mean create programmatically a cookie from scratch with custom domain, expiration time, path and token value. Thanks a lot in advance! ...