I am building a Facebook Connect application that runs inside a Google gadget. Being a gadget means that the application runs inside an iframe. Inside the application, there is a form that allows registered users to post comments. The submission is made using AJAX, but I get the same results with a normal form. The problem is that I need...
I know the security risk associated and have brought it up with the business, but they want to have their 5 domains to share the login cookie. We are using and have no plan to stop using ASP.Net Membership and Profiles. Is this possible? A hack would even be greatly appreciated. ...
This is regarding this problem here http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer I have set up my p3p fine as far as I know (The p3p validater doesnt return any errors), but i still get blocked cookies. The src of my iframe is an external website, is there anything special i have to ...
We have a couple of Django applications deployed on the same subdomain. A few power users need to jump between these applications. I noticed that each time they bounce between applications their session cookie receives a new session ID from Django. I don't use the Django session table much except in one complex workflow. If the use...
My website uses ASP.NET's forms authentication and i am inserting user specific information into the UserData portion of the authentication ticket/cookie. Since the UserData is inside the authentication ticket it is encrypted like so authCookie.Value = FormsAuthentication.Encrypt(newTicket); Now I am not too worried about the data bei...
i am using asp.net forms authentication and the asp.net Login control. the login control has a "RememberMe" checkbox. after the user is authenticated it raises the LoggedIn(object sender, EventArgs e) method and inside this method i am viewing the authentication cookie created by using this HttpCookie authCookie = FormsAuthentication....
I am basically trying to export a configuration file, once a week. While the product in question allows you to manually log in via a web client, enter some information, and get an XML file back when you submit, there's no facility for automating this. I can get away with using Python 2.5 (have used for a while) or 2.6 (unfamiliar) to d...
Is there any way to automatically handle cookies in .NET with the HttpWebRequest/HttpWebResponse objects? I'm preferably looking for an equivalent to LWP::UserAgent and its behaviour (perl), only in a .NET environment. Any suggestions or advise? Thanks in advanced. ...
I'm a .Net developer starting to dabble in Java. I have a simple question concerning cookies. In .Net, I can set the value of a cookie to a string with white space in it - new HttpCookie("myCookieName", "my value") - and when I read that value on the client side (javascript), I get the value I expected (my value). If I do the same thi...
Let say I have a website with domain: www.example.com If I set a cookie with path '/' the cookie will be accessible via all pages in the domain, eg: www.example.com/page1.html www.example.com/subfolder1/page1.html www.example.com/subfolder1/moresubfolder1/page1.html, etc. What if we set the cookie to path '/subfolder1', will the coo...
Do you have some information regarding browsers that implement/plan to implement this part of the HTTP 1.1 specification? Additionally, what frameworks have already implemented this feature. I've done my Google research but I'd like to know if there's something else. Also, do/would you use it? Do you find it better than the Cookie/Set-C...
I want to write a Java program that'll access a few web pages that requires logging in. How would I keep the session cookie resulting from logging in so I can access those pages? ...
How can I implement single sign on across domains? I have two or more domains and I want all of them to authenticate through one server using SqlMembershipProvider (ASP.NET 2.0 membership database) I have domain foo.com which hosts the asp.net membership database and another domain bar.com which wants to authenticate through foo.com. I f...
While implementing a flash-based uploader, we were faced with an issue: Flash doesn't provide the correct cookies. We need our PHP Session ID to be passed via a POST variable. We have come up with and implemented a functional solution, checking for a POST PHPSESSID. Is POSTing the Session ID as secure as sending it in a cookie? Possib...
We use hash validation to prevent cookie tampering. I've been tracking false positives -- cookies in the request that fail validation but show no signs of tampering -- and typically we see a handful of failures per hour. However, we have also seen our sites experience periods where every request fails the hash check. We're in an extended...
How do I implement a "Remember Me" function in Grails so that the user can check it and he won't have to log in again for 2 weeks? I'm using the jSecurity plugin and want to change the cookie's lifetime beyond the browser session. ...
I have written code to save the cookies in Javascript. Now I need to clear the cookie irrespective of values that I assigned. Are there any script modules to delete all cookies that were generated by javascript? My Sample Code: document.cookie = 'ppkcookie2=another test; expires=Fri, 3 Aug 2001 20:47:11 UTC; path=/' function create...
I currently have a roll-your-own application security service that runs in my enterprise and is - for the most part - meeting business needs. The issue that I currently face is that the service has traditionally (naively) relied on the user's source IP remaining constant as a hedge against session hijacking - the web applications in the...
If my cookie is set like this: Response.Cookies("Employees")("UserID") = 43 How do I get this value from within an ObjectDataSource SelectParameters CookieParameter? <asp:ObjectDataSource ID="odsProducts" runat="server" TypeName="MyCompany.Products" SelectMethod="GetAll"> <SelectParameters> <asp:CookieParameter CookieNam...
I am learning mechanize. mechanize is a python module to automate web browsing. One of its features is automated handling of cookies. I would like a hint about the way to dump the cookies for a mechanize.Browser instance. I can't seem to figure this out myself. I need this for debug purposes. ...