hi there what tool wold you recommend me to use in order to see what data are stored in my cookies while i'm browsing the net. I'm a beginner into webdev field(6 months php experience) and i'm curious to see what data are stored into my computer while i'm browsing besides default OS file explorer? ...
So I have this black box authentication method, handed down to me from the accounts people, which basically amounts to ldap_bind($connection, $username, $password). But of course, I want my users to be able to log in for, say, 30 days at a time. The naive but insecure way to handle this is to store the username and password in plaintext...
As you are probably aware, more often than not, an HTTP server will send more than just a session_id cookie; however, httplib2 handles cookies with a dictionary, like this: response, content = http.request(url, 'GET', headers=headers) headers = {'Cookie': response['set-cookie']} url = 'http://www.example.com/home' response, content...
Our servers that processes REST client requests currently is not mapped to a public domain name. Is it mandatory to have a domain name when generating Client side cookies ? ...
Hey there, I am trying to get up a simple authentication system with Rails' Restful-Authentication plugin, and am just wondering how it works, b/c I can't seem to figure out what the requirements are for cookies, and how to make it so the browser always remembers you (for 6+ months). Few questions: 1) How do you do remember_me's for r...
I am working on a DotNetNuke application using the iFinity URL Master module. (that may be irrelevant, as a solution may be platform independent) What I have is a site with addresses based on language. so www.thesite.com/en/products/towels/redtowel is the english version and www.thesite.com/de/products/towels/redtowel is the german ver...
Hi, what I'm looking for is the ability for nginx to detect that a url has the query string variable cid. for example www.adomain.com/froggy?cid=12&as=false (query string can be solo or mixed with others and cid is not necessarily the first variable in the query string) If cid is detected, it must send out a set cookie header with the ...
A Note I have a very good understanding of sessions and the theory of secure web-based authentication, etc., so please don't start with the basics, or give ambiguous answers. I am not looking for Best Practices, because I am aware of them. I am looking for the real risks behind them, that make the Best Practices what they are. I have r...
Hello, I was attempting to encrypt de cookie data with md5, but I can not validate the hash back. It has got to do, with the fact that cookie_data is a serialized array, because normal stringvalues work ok. It's actually from a codeigniter class, but it does not work?? Does anyone know what the problem might be? $hash = substr($s...
Is it possible to use session cookies across browser sessions (specifically Internet Explorer). I would like a user to log in to my site and therefore get a cookie and when the user opens another IE process have that session cookie authenticate the user. At the moment it is find if the user opens a new window or tab as this resides in t...
Authentication cookies seem to timeout after a short period of time (a day or so). I am using Forms Authentication and have the timeout="10080" with slidingExpiration="false" in the web.config. With that setting, the cookie should expire roughly 7 days after the user is successfully authenticated. This worked as advertised with IIS6, bu...
The documentation for pyWebKitGTK is pretty scarce. I've looked through their python .def files but they don't seem to contain the words cookie, session, (lib)soup or (lib)curl.. so maybe it isn't possible, huh. I've also looked through the WebKitGTK docs (for the C-based library) and aside from a brief mention of libsoup there doesn't a...
Hi, How do I set a P3P compact privacy policy from Django so that IE accepts cookies from my site when the security settings are on HIGH - i.e. no cookies accepted unless there's a Compact Privacy Policy. Cheers Guy ...
I'm looking for a way for users to be able to connect to my application easily, but rarely. What I want to do is be able to store a cookie with a 1 year life on the user's computer. If they access the website while the cookie is active, they will be automatically logged in. My proposed solution is this: Upon initial login, create a c...
How to store object or hashtable in cookies? I am trying to store multiple values in hastable/class to the cookie in my asp.net mvc (C#) application. How to do it? ...
I have a Dotnetnuke environment with multiple portals running at different subdomains (serviceA.company.com, serviceB.company.com). I can allow users the access to each portal by adding rows to UserPortals table, but since DNN uses full domain name in the auth cookie, the users need to log separately to each portal. I'd like to have the...
Hi, I've been asked to analyse an old web app which stores sensitive information in cookies rather than sessions/similar. (To be precise, it's classic ASP and uses cookie families). The only clients are IE 6/7/8 After the process in question has been completed on the web app, the cookies are cleared down. The question I need to answer...
I am using the following code to set a cookie in my asp.net mvc(C#) application: public static void SetValue(string key, string value, DateTime expires) { var httpContext = new HttpContextWrapper(HttpContext.Current); _request = httpContext.Request; _response = httpContext.Response; HttpCookie co...
Bizarrely my javascript and css files have cookies (says Firebug). I use Zend Framework and I think it has to do with it. Could I change the .htaccess that CSS or JS files don't link to the ZF or is there another solution? .htaccess: RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] Rewri...
I need to suppress an already set session cookie header, but I cannot find any way to do this. Why? I need to make an image, sent by a PHP script, cacheable by the end user; this image is used to track if a newsletter has been read by the receiver, so if the image is requested I know the newsletter has been read. I only need to know whe...