NHibernate - ISession vs. IStatelessSession
What is the pros and cons using IStatelessSession over ISession in NHibernate? ...
session
How do I set the session cookie's HttpOnly setting to false?
In Ruby on Rails, how do I set the session cookie's httpOnly setting to false? ...
Zend framework session expiration
Hi I wast to perform some action like freeze application if session expires. if user clicked on any thing after session expiry it should ask for logout and relogin. Currently Am using setExpirationSeconds( ) function. but it always takes me on index (login) page. How can i change default behaviour of setExpirationSeconds( ) and perfo...
removing data from session
I am using the following code to remove a attribute from session List<User> l=(List<User>) sess.getAttribute("allUserslist"); for(int ii=0;ii<l.size();ii++){ System.out.println("bef"+l.get(ii).getLoginName()+optionSelected[i]); if(l.get(ii).getLoginName().equals(optionSelected[i])){ System.out.println("in iteration"); ...
Old user credentials in FluorineFx after resetting a session?
We have a FluorineFx / ASP.Net application which uses forms authentication to identify the current user. To use these credentials in FluorineFx, we use FluorineContext.Current.User.Identity. When I log in the first time, the current context neatly reflects the right identity. When I log out, I perform a FormsAuthentication.SignOut() an...
Is there a useDirtyFlag option for Tomcat 6 cluster configuration?
In Tomcat 5.0.x you had the ability to set useDirtyFlag="false" to force replication of the session after every request rather than checking for set/removeAttribute calls. <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" managerClassName="org.apache.catalina.cluster.session.SimpleTcpReplicationMana...
Facebook API - fql_query, Invalid session
Hey I'm trying to query Facebook with the PHP Library and what I've read it shouldn't required a session key, or rather it shouldn't require one for my case, but my code below gives me the following error: "Session key invalid or no longer valid". http://wiki.developers.facebook.com/index.php/Fql.query "For example, querying the user t...
Advice on Session var and Shared SSL
Hi, I got a client which is website is under SSL only on the payment proccess. But he bought shared SSL so the actual domain is different (although I think its the same server). So when a user is logged in at for example: www.mydomain.com/login.php and tries to buy something he redirected to https://secure20.livessl.com/mydomaincom/pay...
Can I extend the CI_Profiler class to display SESSION variables as well?
If so.... any idea how? ...
Usage of values stored in $_GET / $_SESSION in Javascript
Hi, i'm pretty new to Javascript and PHP so please bear with me if i'm asking some really dumbed down questions. Ok, say i need to use values stored in a PHP $_GET or $_SESSION, is it advisable to just do something like var something = PHP echo $_SESSION or $_GET ...
Using Session State in Public Class in ASP.NET?
I'm trying to move some reusable portions of code into a class. This is working okay except when I attempt to use Session within this class. I get an error: "Cannot refer to an instance member of a class from within a shared method or shared member initializer without an explicit instance of the class." My code looks something like thi...
Approaches to timing out sessions on a web app using AJAX autorefreshes
I'm writing a web application that autorefreshes data with an AJAX call at set intervals. Because it's doing that, server side user sessions never time out, since the last activity is refreshed with every ajax call. Are there good client side rules I could implement to time out the user? I.e. should I track mouse movements in the brow...
PHP sessions: pageview count double incrementing in firefox3 and chrome4
I have some basic pageview incrementing code set up on a LAMP server (see code below). The code starts a session, checks if pageviews is set, increments it if not and prints the variable. The page links to itself with a single href, and clicking on that link causes the pageviews count shown on screen to increment by one. It works correc...
ASP MVC: Keeping track of logged in users.
I'm creating a ASP MVC application. And because of the complex authorization i'm trying to build my own login system. (So i'm not using asp membership providers, and related classes). Now i'm able to create new accounts in the database with hashed passwords. But how do i keep track that a user is logged in. Is generating a long random...
php variable persistance
I have two files: index.php /lib/user.php Index contains the form: <div class="<? echo $msgclass; ?>"> <? echo $msg; ?> </div> <form id="signin" action="/lib/user.php" method="post"> ... </form> User.php makes all the processing. It sets $msg to 'some error message' and $msgalert to 'error' in case of any error. At the end of proc...
Securing an ajax request
i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=somethin...
How do I pass a cookie to a Sinatra app using curl?
I'm using the code from the example titled "A Slightly Bigger Example" from this tutorial http://rubylearning.com/blog/2009/09/30/cookie-based-sessions-in-sinatra/ to figure out how to send a cookie to a Sinatra application but I can't figure out how to set the values correctly When I set the name to be "brandon" in the application it c...
Spring Security: session expiration without redirect to expired-url?
I'm using Spring Security 3.0.2 form based authentication. But I can't figure out how I can configure it so that when a session expires that the request is not redirect to an other page (expired-url) or displays a 'session expires' message. I don't want any redirect or messages, I want that a anonymous session is started just like when ...
Load balancing and sessions
Hi there, What is the better approach for load balancing on web servers? My services run in .NET and Mono, so they could be hosted on IIS or Apache2, and the will have to provide SSL connection. I've read two main approaches, store the state in a common server and use sticky sessions, there is any other else? I've read 3 diffent thin...
PHP cookies in a session handler
I have run into a very interesting problem trying to debug my custom php session handler. For some reason unknown to me I can set cookies all the way through the session handler right up until the very start of the write function. As far as I know session handler calls go in this order. open -> read -> write -> close The open function...