This is something of a rant, as well as a question. There are some sites, like Facebook, where you would only want to be logged into one account at a time. But everything from blogging sites to email always force you to logout before you can login to another account. And I understand the security implications, and how it would make c...
Hi all, I am developing a C# application that does this (by the way, this is also my first C# app.): gets login information from the user (id, pass), opens a new HttpWebRequest connection to a ASP.NET web page tries to login to this page with the obtained [id,pass] tuple. If login is successful, my HttpWebRequest object contains a c...
I have a web app that authenticates against a SQL DB and sets a cookie with credentials, like a "remember me" sort of thing. Part of the app involves using a bookmarklet to add things into your personal slice of another DB. This works fine if you authenticate and, in the SAME TAB, begin using the bookmarklet. However, if you authenticate...
i'm using form based authntication in my WAR. i want to implement a 'remember me' cookie so: 1) how can i intercept the authentication before user is redirected to the form? 2) say i checked the cookie and its fine, how do i actually login the user? ...
Using in-process session state is evil when it comes to scaling web applications (does not play well with clusters, bombs out when server recycles). Assuming you just need to keep a small amount of information in the session state, what is the downside of using encrypted cookie items for this purpose rather than specific state servers/d...
I've realised for the first time a couple of weeks ago that when setting an http cookie, while the domain name is not case sensitive, the path is. So a while a cookie stored for http://SomeWebSite.com can be read using http://somewebsite.com a cookie stored for http://somewebsite.com/SomePath cannot be read using http://somewebs...
Look at this situation: www.websitea.com displays an img tag with a src attribute of www.websiteb.com/image.aspx?id=5 and style="display:none" www.websiteb.com returns an clear image, in addition to a cookie with a name of referrer and value of 5 (created server-side from validated querystring.) Would the cookie be created on domain ...
Hello, I am developing a PHP-based login system. Each user has an ID(a number) and a password, which is stored as a salted hash. I am able to figure out if a login is sucessful or not, but now I need to store that information somewhere(so that the user is not permanently logged out). In the past, I've played with $_SESSION variables. H...
Haven't been able to find anything particular to this situation online so here i go... I need to set/get the cookies stored at "first.com" while browsing "second.com", I have full access of "first.com" but i only have javascript access (can manipulate the DOM as i want) on "second.com". My first approach was to create an iframe on secon...
Evernote's bookmarklet is able to do this, therefore the most upvoted answer does not answer this even though the bounty will go to it (in a non-productive manner). I have to call domain A.com (which sets the cookies with http) from domain B.com. All I do on domain B.com is (javascript): var head = document.getElementsByTagName("head"...
Are there any helper libs to read a cookie file in php. I have a cookie file on my local disk and I would like a better way of reading it. I am currently just reading to file like by line and parsing out the values. ...
It's the weirdest thing. When I ran the Rails WEBrick debugger yesterday I could do things like cookies[uid] = s.session_id where 'uid' is a passed argument that has a user id in it, and then expect cookies[uid] to give me back, say: 29b93443d9ec18168a26e1ab12957b0dd0b799ff Today, I always get back 'nil'. I can read existing va...
I have two copies of IE7, same exact security settings and same exact builds. Two different machines, both running WinXP. In my application, my cookie headers are being properly sent to the server on one version of IE. No other cookies are being sent in another version. What are some points to troubleshoot in this scenario? ...
I am working in ASP.net cookie while using forms authentication I came to know about aspxauth cookie What is the purpose of this cookie? What is the location of this cookie? ...
Our workflow in Workflow Foundation used to call ASMX web services using the InvokeWebService activity, which has a property SessionId to correlate multiple activities in the same session (by sending the ASP.NET session cookie on every request). It worked. Now we have switched to WCF web service interface, and we have changed our workfl...
I'm having a WCF client which communicates with a WCF service (running AspNetCompabilityMode), and I would like to add a cookie (on the client) to every call to this web service. I have looked at the HttpTransportBindingElement, but I cannot find where to add my cookie - is it possible to add a cookie to the HttpTransportBindingElement,...
I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes. I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1. The client is Internet Explorer 7.0 Below are the web.config settings: <!-- Au...
I am currently running an application with the following properties: Java-based with Spring and Acegi Running on Tomcat 5 I need the ability to support user sessions without cookies. Could someone please point me in the right direction. Thank you. ...
I am building a site in asp.net and have multiple subdomains. For example, one.cookies.com two.cookies.com I want my users to be able to login at either subdomain and be logged in for both websites. In addition, I'd like the sessions and cookies to be in sync. So far I haven't found a reliable way to do this. ...
I'm sure I must be doing something wrong. But can't for the life of me figure out what is going on. I have a problem where it seems that the HttpWebRequest class in the framework is not correctly parsing the cookies from a web response. I'm using Fiddler to see what is going on and after making a request, the headers of the response lo...