When a page includes third party javascript (via script src=...) and that javascript that sets a cookie, that cookie "becomes" a first party cookie, even though it's originally set by a third party source. My question is this. If someone has disabled third party cookies in their browser, does that also apply cookies set by third party j...
I am trying to set a session cookie from server side : import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; public class Login { @POST @Produces("application/json") @Consumes("application/json") public Response login (String RequestPacket){ NewCookie cookie=null; CacheControl cc=new CacheControl(); cookie = Lo...
When i'm trying to put russian text in cookie via javascript and then output it via php it returns: %u043F%u0440%u043E%u0432%u0435%u0440%u043A%u0430 How to decode this to normal cyrillic characters? This is the function i'm using to pass to document.cookie: function setCookie(c_name,val,c_expiredays,c_path,c_domain,c_secure) { v...
Hi folks, I need to access a few HTML pages through a Python script, problem is that I need COOKIE functionality, therefore a simple urllib HTTP request won't work. Any ideas? ...
Hi, I have a piece of code using the DefaultHttpClient and it makes a post request to login to a website. However subsequent requests appear to have forgotten the fact im signed in. How do i turn on automatic cookie handling of the DefaultHttpClient I am using? Cheers, Andy ...
Hi guys, Ok, here goes a very strange problem... Our team is using cakephp to develop a large application. Everything session related is working properly so far. The only issues we've had so far are related to iframes and opening windows in other subdomains. I'll explain: User opens up site A and logs into it, creation a User in...
On websites where you have to enter a user name and password, I notice that I can browse the site with one browser and it will know who I am no matter where I go on the site. But if I open a different browser it doesn't know who I am in that browser unless I log on in that browser. After I log in to a website, does it store some kind o...
After you enter your name and password on a website, a cookie is stored on your computer. Your computer then sends information from that cookie to the website whenever you browse to another page on that site so that the site knows who you are. How is information from the cookie sent? Does the browser append information from within the...
How do I stop BP from overriding default parameters passed to the template loop? For example, on the Activity page, let's say you want BP to "forget" the user's last viewed parameter (like "My Forums" or "@user Mentions") and go right back to All Members or My Friends every time you reload the page. I tried deleting the contents of aja...
I have a weird quirk with cookies in IE. When a user logs into the site, I'm generating a new session id and hence need to overwrite the cookie. The flow is basically: Client goes to https://secure.example.com/users/login page, automatically receiving a session id Client POSTs login credentials to same address Client receives the follo...
I am working on a project that has a requirement such that login details can only be accessed from one machine at one time. For example, if I grant you access to my website and you login from your home machine, the system will store this settings in a cookie/database. Now if you try the same login details on your work machine or any oth...
We have a cookie management library that writes a cookie containing some sensitive information, encrypted with Rijndael. The cookie encrypts and decrypts fine in unit tests (using Moq), works fine for MVC web applications, but when called from an ASP.net 2.0 website, the cookie cannot be decrypted. "Padding is invalid and cannot be rem...
I have an asp.net web app that has Session state stored in sql server. I need to keep track of the time spent by a user on each page. How can i do that using cookies? ...
I'm trying the following code to send post data to the login form, then reload that page in the browser as a logged in user. somehow it's not saving the cookie, and reusing it for the header() function, can the same thing as header be done by calling curl again after sending the login details? .. $ch = curl_init(); curl_setopt($ch, C...
I am trying to write a program that will verify that all cookies sent out from the machine are in fact going to the domain they came from. This is part of a larger security project to detect cookie based malicious attacks (such as XSS). The main snag for this project is actually detecting the out-going cookies. Can someone point me in th...
Anyone have any "best practices" tips for Rails and sessions? The default session type for Rails3 is still cookie store, right? I used SqlSessionStore for a while and it worked well, but I may move away from that in favor of CookieStore. Is it still not a good idea to use CookieStore for sensitive info, even with salted info or is that...
This is an interview question asked a month ago.... Do session use cookies? If so,how do they do so? Assume Session["UserId"]=1 how does this session variable uses cookies internally? If so, what will be the name of the cookie and what is the value of that cookie.... ...
Hi, I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash ) If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine. No I'm trying to load the page form www.hostA.com/index.html, which includes www....
I am writing a firefox extension that interacts with a JSON server interface. I receive a url to the server which then redirects to the client site that provides the cookie. I need to be able to set this cookie in the users browser without physically loading it in the browser. Is this possible through an AJAX call? I tried using a hi...
I have a rails app that is a CMS that uses dynamic subdomains for each site. For some reason when I deployed to production the session cookie is not getting set. I'm thinking this is leading to the "Invalid Authenticity Token" errors that are being thrown everywhere. I have my production.rb setup so that I can share sessions across ...