On my site i can trigger certain things using GET request like the ability to hide or delete a comment. I am not very worried but it would be pretty annoying if someone design an attack using img src= url to delete comments or emails. Is there a way to prevent this? I am using httponlycookies for the login data. if someone does img src ...
IE works fine, but FireFox does not. I am setting a cookie on my default.aspx page: HttpCookie hc = new HttpCookie("guid", guid.ToString()); hc.Expires = DateTime.Parse("12/12/2010"); Response.Cookies.Add(hc); My upload control (I'm using SWFUpload) submits to upload.aspx. On upload.aspx I call: if (Request.Cookies[...
I have cookies set when the user log in to the application. Yet I need to modify that when the user updates his profile. Can anyone tell me how to update an existing cookies? Thanks in advance.(I'm using perl). ...
In my web project setting to turn on httpOnlyCookies is not there. It is false by default. Also there is no place in code where cookie is being set to HttpOnly. However, when I browse to the site I can see that ASP.NET_Session cookie is being passed as HttpOnly. How is it set to HttpOnly? ...
in my web.config file when i put the following code for eliminating vulnerability, i get the following error. Code - Error - HTTP 500 Internal Server Error What is the problem? why is this happening? i have asp.net with IIS7. ...
I have cookies = session_ser = "MTQzMzI5LSotMTI2NTg3MDM4OS0qLTkuNDguMTEyLjUxLSotSmF2YS8xLjYuMF8xMC1yYw%3D%3D-%2A-eb5fdd26da5e7e0a7c5a096b412dcae3" With this cookies i want to access protected page from particular site its working with HttpURLConnection ,but is not working with HttpClient -------------code snipet for HttpURLConnectio...
On my application, a session is created whenever the user is logged in, and this session is updated on the db and session is saved on cookies as well (using perl) Now I modified the code to update the session using javascript. However when I log out then in again, the session found in the database is different from that found in the coo...
Possible Duplicate: Clearing all cookies with javascript I would like to have a checkbox assigned to activate and wipe out all cookies previously stored in my forms in one go. How would I do that with jquery cookie plugin? I can't seem to find examples in Klaus site and here. Any hint would be very much appreciated. Thanks ...
I have created a simple shopping cart application. We needed something specific to our needs, long story. Anyway, I am storing the cart object in a cookie. That work fine, but I am having trouble with deleting the cart cookie from within the class. The cart object contains a collection of products (iList). Here is the code I use to del...
Hi, I have a following architecture: 1) client logins to ASP.NET web site (www.site.com) where the session expired in 3000 minutes and cookieless set to false. 2) After some time client opens Activex in browser. Activex connects to Session Enabled Web Service (www.site.com/Service.asmx) through .NET managed classes. What I need t...
How can I do one login script that uses cookies for login and for example I want to check if the visitor is logged in without querying the database. For example I want on frontpage to show some menu's only for logged in users . so I must do if(isLoggedIn()) show the menu . But that's a query everytime the page loads so it's not very go...
Expire values have always confused me, since the time settings of the client can be completely different from the server's. I'd like to know how what happens behind the scenes. Say my server's timezone is GMT +1 and the client's timezone is GMT + 2. If I now create a cookie with as expires value: current_timestamp + 31 * 86400 (expire i...
In my iPhone app, every time I relaunch my cookies are cleared. This is using the NSURLRequesst and NSHTTPCookieStorage. And no, they are not session only cookies. How can I get NSHTTPCookieStorage to keep my cookies around, and if I can't, what is the proper way to store them (preference, keychain, etc.). ...
We have a problem with our SAAS site. We sometimes have users kicked out because our authentication cookie is not there (or possibly corrupted). This happens rarely enough that it is hard to find, but often enough that I want to know why. I want to install a monitor / sniffer for one of our support engineers. They get the problem ever...
I'm using gwt on my glassfish server, and I'm attempting to make some of my RPC calls authenticated via cookies. Is this possible? Are there any examples out there of how to code it? ...
I am using urllib2 and HTTPCookieProcessor to login to a website. I want to login to multiple accounts concurrently and store the cookies to be reused later. Can you recommend an approach or library to achieve this? ...
Hi All I have a page that displays data which is read from a cookie. The cookie expires after an hour. Frequently, a user will navigate to the page and keep it open. When they come back to it later, the cookie has expired and the data on the page is no longer relevant. Can anyone suggest how I can set the cookie's expiration time to la...
I have done some research on HttpOnly cookies and the problem that exist with the possibility to use an XHR request in combination with the TRACE method to get the cookie value echoed back from the server. For a secure webapplication I currently have the following setup: Session cookie is sent at login with secure and httpOnly propert...
We have a single sign on implementation for a family of websites where the authentication cookie comes from the root domain (e.g. bar.com), allowing them to be logged into a child domain (e.g. foo.bar.com). The implementation is in C# using standard .net forms authentication. Unfortunately, some of our users are having their authenticat...
Hi, We have 2 web servers, one secure and one normal. Is it possible to set a cookie like this setcookie("basket[id]", $newID, time()+60*60*24, "/", SITE_URL, 0, true); setcookie("basket[id]", $newID, time()+60*60*24, "/", SECURE_SITE_URL, 1, false); Where SITE_URL = www.sitename.com SECURE_SITE_URL = xxxxx.securesitename.com ...