session

How do I best detect an ASP.NET expired session?

I need to detect when a session has expired in my Visuial Basic web application. This is what I'm using... Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If CurrentSession.IsNew AndAlso (Not Page.Request.Headers("Cookie") Is Nothing) AndAlso (Page.Request.Headers("Cookie").IndexOf("ASP.N...

FOSS ASP.Net Session Replication Solution?

I've been searching (with little success) for a free/opensource session clustering and replication solution for asp.net. I've run across the usual suspects (indexus sharedcache, memcached), however, each has some limitations. Indexus - Very immature, stubbed session interface implementation. Its otherwise a great caching solution, th...

What is the best way to prevent session hijacking?

Specifically this is regarding when using a client session cookie to identify a session on the server. Is the best answer to use SSL/HTTPS encryption for the entire web site, and you have the best guarantee that no man in the middle attacks will be able to sniff an existing client session cookie? And perhaps second best to use some sor...

Most efficient way to get data from the database to session

What is the quickest way to get a large amount of data (think golf) and the most efficient (think performance) to get a large amount of data from a MySQL database to a session without having to continue doing what I already have: $sql = "SELECT * FROM users WHERE username='" . mysql_escape_string($_POST['username']) . "' AND password='"...

Rails - recovering database from Production.log

Hello, We recently lost a database and I want to recover the data from de Production.log. Every request is logged like this: Processing ChamadosController#create (for XXX.XXX.XXX.40 at 2008-07-30 11:07:30) [POST] Session ID: 74c865cefa0fdd96b4e4422497b828f9 Parameters: {"commit"=>"Gravar", "action"=>"create", "funcionario"=>"6" .....

Always including the user in the django template context

I am working on a small intranet site for a small company, where user should be able to post. I have imagined a very simple authentication mechanism where people just enter their email address, and gets sent a unique login url, that sets a cookie that will always identify them for future requests. In my template setup, I have base.html,...

Can I put an ASP.Net session ID in a hidden form field?

I'm using the Yahoo Uploader, part of the Yahoo UI Library, on my ASP.Net website to allow users to upload files. For those unfamiliar, the uploader works by using a Flash applet to give me more control over the FileOpen dialog. I can specify a filter for file types, allow multiple files to be selected, etc. It's great, but it has the f...

Django Sessions

I'm looking at sessions in Django, and by default they are stored in the database. What are the benefits of filesystem and cache sessions and when should I use them? ...

Secure session cookies in ASP.NET over HTTPS

I got a little curious after reading this /. article over hijacking HTTPS cookies. I tracked it down a bit, and a good resource I stumbled across lists a few ways to secure cookies here. Must I use adsutil, or will setting requireSSL in the httpCookies section of web.config cover session cookies in addition to all others (covered here)? ...

ASP.Net: If I have the Session ID, Can I get the Session object?

This question is related to this one, though I think I was a little too long-winded there to really get a good answer. I'll keep this brief. I'm working on a web handler (ashx) that accepts a form post from an aspx page. When the handler receives this form post, in order to do what it needs to do, it needs to know the user who is logged...

Logging image downloads

I'm trying to find a way of finding out who is downloading what image from an image gallery. Users can download using a button beside the thumbnail or right click and use the "save link as" Is it possible to relate a user session or ID to a "save link as" action from all browsers using either PHP or JavaScript. ...

ASP.Net Session_Start event not firing

I have an ASP.Net 2.0 application in which the Session_Start event is not firing in my Global.asax file. Can anyone tell why this is happening and how I can get it working? The application worked fine on my Windows XP development machine, but stopped working when deployed to the server (Win Server 2003/IIS 6/ASP.Net 2.0). I'm not sure...

How much data can/should you store in a users session object?

We have several wizard style form applications on our website where we capture information from the user on each page and then submit to a backend process using a web service. Unfortunately we can't submit the information in chunks during each form submission so we have to store it the users session until the end of the process and subm...

What is the best way to handle sessions for a PHP site on multiple hosts?

PHP stores its session information on the file system of the host of the server establishing that session. In a multiple-host PHP environment, where load is unintelligently distributed amongst each host, PHP session variables are not available to each request (unless by chance the request is assigned to the same host -- assume we have n...

PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable

One thing I've started doing more often recently is retrieving some data at the beginning of a task and storing it in a $_SESSION['myDataForTheTask']. Now it seems very convenient to do so but I don't know anything about performance, security risks or similar, using this approach. Is it something which is regularly done by programmers ...

Is there a way to specify a different session store with Tomcat?

Tomcat (version 5 here) stores session information in memory. When clustering this information is periodically broadcast to other servers in the cluster to keep things in sync. You can use a database store to make sessions persistant but this information is only written periodically as well and is only really used for failure-recovery ra...

Best way for allowing subdomain session cookies using Tomcat

By default tomcat will create a session cookie for the current domain. If you are on www.example.com, your cookie will be created for www.example.com (will only work on www.example.com). Whereas for example.com it will be created for .example.com (desired behaviour, will work on any subdomain of example.com as well as example.com itself...

Different values of GetHashCode for inproc and stateserver session variables

I've recently inherited an application that makes very heavy use of session, including storing a lot of custom data objects in session. One of my first points of business with this application was to at least move the session data away from InProc, and off load it to either a stateserver or SQL Server. After I made all of the appropriat...

What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?

What are the advantages and disadvantages of the Session Façade Core J2EE Pattern? What are the assumptions behind it? Are these assumptions valid in a particular environment? ...

In Classic asp, can I store a database connection in the Session object?

Can I store a database connection in the Session object? ...