Hi All,
I have a PHP site that uses a fairly common authentication scheme.
The entire login area requires ssl.
A user enters their username and pw, if they match the db, a session is started and a value set for them.
If they try to visit a page that requires authentication, it checks to see if that value is present in the session, and...
Hello,
is there any reason (safety?) why someone should rename the ASP.NET Session Cookie Name or is it just a senseless option of ASP.NET?
...
Hello,
is it possible to instantiate a session from a session cookie? I have a scenario, where (due to pipeline) I have the cookie available, but I my ASP.NET Http Context did not construct the Context.Session object yet. Can I do this manually, referencing the cookie or its contents somehow?
...
I used frames in my application. After 60 mins if i press any link or refresh the frame its taking me to login screen since the cookie got expired.
But When I press refresh (f5) even after 60 minutes it is still keeping the login cookies alive and can access all pages.
...
Hi,
We have 2 web servers, one secure and one normal.
Is it possible to set a cookie like this
setcookie("basket[id]", $newID, time()+60*60*24, "/", SITE_URL, 0, true);
setcookie("basket[id]", $newID, time()+60*60*24, "/", SECURE_SITE_URL, 1, false);
Where
SITE_URL = www.sitename.com
SECURE_SITE_URL = xxxxx.securesitename.com
...
i used mvc concept for my project...
i can set cookies index page...
but i can not set cookies in view page,,,
i received the following warning...
Warning: Cannot modify header information - headers already sent by...
thanks advance
...
I have an iphone (jqtouch based) web app that uses cookies for authentication. The use flow is as follows :
user goes to the mobile landing page and is instructed to save the page as a bookmarklet on their home page.
they launch the bookmarklet to go to a login page to login and get a cookie.
the cookie works and they can navigate thr...
Hello,
I'm trying to login automatically in a website using Perl with WWW::Mechanize.
What I do is:
$bot = WWW::Mechanize->new();
$bot->cookie_jar(
HTTP::Cookies->new(
file => "cookies.txt",
autosave => 1,
ignore_discard => 1,
)
);
$response = $bot->get( 'http://blah...
Hi there,
I am working with Google Analytics - Goals and Funnels for quite sometime, but one thing is is not clear for me. I would very much appreciate if you could help me.
We are advertising on several sites rotating several different ads. Our main goal is to collect as many sign-ups (new users) as possible for as low price as possib...
Hi!
I am developing application using J2EE (JSF,RichFaces, Jetty/Glashfish).
Sometimes when I click on some link I get nothing returned to the browser at all (blank page).
But when i refresh the page all contents appears in page.
After some trail and error i found that it is cookies problem:
It happens bez some old cookie not deleted ...
I am serving dynamic image content which is generated by PHP. But for such requests to a .php file, the PHPSESSID cookie is being sent along, which is a waste.
Is it possible to prevent PHP from sending this cookie with requests to a PHP file? Or is it completely necessary for PHP to work?
Thanks for your time!
...
I currently have a website that allows my visitors to login via a simple script i've pasted together and wrote. Currently I only use sessions to keep visitors logged in. Are there any advantages to adding cookies to my website to store user logged in status?
Or is there a better way altogether?
using PHP
...
Hi everyone, I need your help
I've a MVC project that uses Jquery, where I've implemented a mechanism of "Remember Me" using cookies to save, clear and retrieve the login and password.
I also have two screens where the user does the login. I want that both logins manipulate the same cookie. I've got to implement it, but I've realized ...
Hi,
I have a site on A.com and an iframe on B.com which reads info from A.com. I realize that there is some problems with third party cookies, iframes and P3P - particularly in Safari [my problem]
Is it possible to instead, use AJAX or a hidden iFrame to pass the cookie information from A.com to B.com which will then "recreate" anothe...
Situation: I have a "dumb" Javascript frontend that can contact some kind of SSO middleware (MW). The MW can obtain sessions by issuing requests that contain authentication credentials (username, password). I.e. the session will be created for a certain user.
My frontend needs to "restart" the session to gain the user's permissions to t...
Hello all,
Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?
This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.
~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~
Can anyone please help me with this?
I need to know how to set HTTPONLY on the AS...
I want to, upon loading the page, store a cookie in the user's browser. Then, using AJAX, count the number of users with that cookie and send it off to a database row every 1 second or so. How is this accomplished?
...
I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie.
My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So fa...
I'm creating josi, a web framework for node.js. And I'd like to add session storage. What would be the best way to implement this? I'm assuming it probably has to be cookie based, but I'm interested in knowing if any other frameworks have a different approach.
...
Just want to get input from people who know. I was considering CSRF vulnerabilities, and the seemingly the most popular method I know to fight against it. That method is to create a token in the returned html and adding a cookie with the same value. So if a script tries to do a post they would have to guess the token thats embedded in th...