I'm in the process of building an application (a CMS to be more specific) which allows users to add Javascript to their content. There really is no way around allowing Javascript, and because of it, some security concerns are now becoming quite apparent. What we're mainly concerned about is cookie theft. To explain the system a bit more...
So I have been working on a project for a client on their current web site which has been in existence for quite some time. The version of PHP used is 4.4.7, and I am not in a position to ask them to upgrade. (The system is old and it could break something) This past week I made some changes to my project, everything worked fine cooki...
On my web server I have an HTML file that contains an applet tag: <html> <head/> <body> <applet code="Hello.class" width="100" height="100" /> </body> </html> And I have a Java class file named Hello.class in the same directory as the HTML file. Both of these files are running on a web server (IIS 6) whose host name is some...
Hi to all, I just develop an asp.net portal site and it using asp.net membership provider. I decide to develop mobile version of it. but problem with cookie. I test my site on windows mobile 5 and 6 that know support cookie.but after login, cookie lost and thereupon membership info lost because it using cookie. I just change web.conf...
wininet.dll exposes methods to Get and Set a cookie for Internet Explorer. What's the best way to get a list of ALL cookies that are set for the current user in ALL domains from a windows forms application (.net). I'm sure I could read in the Temporary Internet Files folder, but I can't imagine there isn't a more robust way. Thanks ...
Hi I am still a bit confused about something about FormsAuthenticationTicket and the actual cookie container. What does DateExpiration in FormsAuthenticationTicket() refer to? Is that when the cookie dies? Is that how long the user can stay logged in without any active actions (i.e. timeout)? <forms loginUrl="~/Account/LogOn" ...
Hi, Is there a standard technique for an ASP.NET application to check if a client's browser enables/supports cookies? I'd appreciate any solution - even a less common one, as long as it's elegant enough. 10x! ...
Using Forms Authentication, I am storing a cookie for each user if they mark Remember Me during login, using the following piece of code in the Login1_LoggedIn event. if (rememberMe.Checked) FormsAuthentication.SetAuthCookie(Login1.UserName, true); When the user arrives on my page with a cookie, I need to get his/her user name so I ca...
I am using selenium with a python client. When doing selenium.delete_all_visible_cookies I get the exception: ERROR: Command execution failure. Please search the forum at http://clearspace.openqa.org for error details from the log window. The error message is: malformed URI sequence The log window's error is: error(125...
Client has a site at a.url.com. Client creates a cookie with host as ".url.com" and path as "/". Client redirects to us at b.url.com. Client has a coding issue that requires us to delete the cookie (long story). The following code is not adjusting the expiration at all in our test or production environments but is working fine locally....
I'm getting a cookie on a page load (from 3rd party) and need to use its attributes on the same context, however it is available only after the page is refreshed (reloaded). Is there a way to programatically refresh/reload the cookies in HttpContext.Current? ...
Hi There, Currently building a site in ASP.NET MVC and have to integrate another site within it, in an IFrame. It is the wish of the client to have one login for both systems, so the user logs in in the parent site, and then are automatically authenticated on the IFramed site. Of course, if this were possible then it could be assumed tha...
Hi, Having read this article and many others out there on how to not store passwords in databases and cookies, I'm wondering now how I should do it... What I've come up so far (after reading around a bit) is taking the clear-text user password, padding it with salt till it fills up 512 bits (64 bytes => 64 chars, since the page is non-...
If a user has cookies disabled in their browser can restful authentication and role requirement still work? On our site, with cookies disabled, the system won't let you log in. Any way to fix this? Thanks in advance. ...
I've been getting some 404s with snippets of code (CSS, HTML and JavaScript) in the URL. As best as I can tell the user is progressing through the site just fine during their session - its an ecommerce site and the effected users are putting stuff in their basket and checking out OK etc. On certain pages I'm see 404 errors adjacent to ...
Hi, I'm creating an extension for the Firefox browser. I would like to read a cookie which was set by an HTML page using JavaScript in the XUL file. Is it possible? I tried using document.cookie, but it doesn't work: function readCookie(name) { var ca = document.cookie.split(';'); var nameEQ = name + "="; for(var i=0; i < ca.len...
I see many solutions for storing multiple values in one cookie in .Net and php but I have not found any good solution for Java. I dont wanna encode/decode the pair-values myself which can be risky. ...
We are currently having an issue with cache settings on a shared workstation at one of our client sites. Basically, they had set their IE browser on their machine to "never" for when to check for new versions of a site. This causes some of our pages to show another user's data after one user logs out and logs back in. What are my options...
Im using a mod_rewrite rewrite rule in apache to get access to a tomcat application. This applications is using session cookies. The application cookies works fine when accessing the tomcat application directly, but if I use the apache url, the cookie will not be sent out by the client browser. I guess this is because there is no match ...
Hello Experts! I am trying to do a POST towards a site which utilizes secure session with cookies. Ofcourse this won't work with the code I have posted below. It keeps responding with a non-authorized message. Is there any way I can use cookies in my code or at least simulate cookie usage? NSURL *url = [[NSURL alloc] initWithStri...