I've been told that it is insecure to store things such as passwords, usernames, and user ID's in cookies, and that instead you should store a sessionID in a cookie. Here's where I get lost. My objective is to have a basic 'remember me' feature. Normally I would store user login information in a cookie, but as this is unsafe, I'm wonder...
Building pizza delivery site. Currently using: Language: PHP Framework: codeigniter class: Cart Class Autoloaded: session Products can be easily added into the cart in FF,safari,chrome. but does not seem to be working in Internet Explorer. Tried all solutions posted on the codeigniter forums but nothing works. ...
Hi I am intersted in learning more about the SECURE parameter of the function session_set_cookie_params can you tell me how to utilize this properly? if this function is executed on a page that is not secure (but on a server that does have SSL) will it somehow send it securely or do I have to force SSL on the page this function is execu...
Hi, I am a bit confused on how ASP.NET session works with my site, when a user opens up the site in multiple browsers, and/or multiple tabs. I see that after logging in with IE, i can open a new tab and not have to log in, and that if I log out of one tab, the other one will redirect to login after I try to do something. I also notice...
Hello, I have a question about session management. Here's the scenario. There are 3 groups of users on the same network. There is a J2EE application that is set to end a user's session after 60 minutes. The groups are A, B and C. Now Group A, B and C all log into the J2EE application and start using it. Group A users can use the appli...
I am currently doing a website in php, we are using a Session variable to store the permission level of each user. For example, if any one of you would go on the website, you would automatically get a session variable with a value of "member". What I am asking is: Is it possible for an attacker to go on the website and modify the value...
I wish to use JMeter to login to my site, run some reports and log out again as a load test. Is JMeter the best tool for this? I'm concerned it doesn't maintain the browser session between requests. ...
Hi I have a php web site. It’s a shopping cart site. When a user purchases two or more item the session will expire. But we don't put the session unset code in any where in the site. Cloud you please help me what is the problem hare? Please give me a solution. The main issue is that user can't proceed the check out. Thanks in advanc...
Hi, I encountered with a weird problem at one of our machine. Machine has: Microsoft Windows 7 Professional (6.1.7600 Build 7600) Internet Explorer 8 (8.0.7600.16385) Consider below case: Page1 renders an anchor link with window.open("page2.aspx",some attributes etc) When user clicks on above link, page2.aspx opens but no sessions ...
Hi All, I have a website installed on one of our sales guys laptops and am having issues with the website hanging if left for 2 minutes. This doesn't happen on my dev box, my live machine or the other sales guys machine. The website will hang. It's not just limited to this page, it will happen on all pages when I leave it for more tha...
Hi We have a site where the user gets a navigation bar to allow navigation of search results. When the user goes away for lunch or whatever, and the session times out, clicking next in the navigation which is still on the screen will show the next page, but will then lose the navigation since it was stored in the now stale session. Thi...
in my pageload i have got the session["name"] When i use this code to save: Stream stream = null; request = (HttpWebRequest)WebRequest.Create(url); response = (HttpWebResponse)request.GetResponse(); When it comes to this line: response = (HttpWebResponse)request.GetResponse(); it again move on to the pageload and that time the ses...
We have a tomcat application which works fine in IE7/8 and Firefox. The only browser we are having issues with (that we care about at this point) is google Chrome. Users can navigate to the application fine and log in and do whatever they need to do in Firefox and IE. However, when trying to log in with Chrome, the session is apparently ...
Possible Duplicate: How do I expire a PHP session after 30 minutes? Hi All, The problem I am running into is that my host will not let me overwrite PHP.ini settings. They currently have the max lifetime of a session set to 24 minutes (ridiculous). My idea is to destroy the session completely and then recreate it (ideally gi...
Out of my head. How to fix this one. My session not working on hostgator server. But on other server it working fine. Here an example the code. <form action="/payment-select/" method="post"> <select name="payment" onchange="this.form.submit()"> <option value=""<?php if(empty($_SESSION['payment'])) { echo ' selected="selected"'; } ?>>...
Hi Guys, I am working on a web app for the iOS. When the app is opened, it check's to see if the user has a cookie with the users email stored in it, then either lets the user proceed to the homepage, or redirects the user to the authentication page. This works perfectly when using safari. The problem I am experiencing occurs only whe...
The question says pretty much everything. My point is, is the user able to change his cookie's values in order to appear "logged", when he's not really logged? ...
Hi, I ran into something that I never thought of before and it stumped me. I have a site done using servlets and JSPs. There is an auth mechanism that works well and is much liked. There is now the need to add a static directory containing static HTML pages under the same umbrella. The requirement is that these pages should not be con...
Okay, I am attempting to use PHP Sessions to maintain my Facebook Session info (user, access_token, etc.) so that I can pull in data feeds from other pages securely for my members. I thought it might be as simple as attaching the access_token to a $me graph api call and catching an expired/invalid session or if the access_token is valid...
Hi All, Multiple applications are sharing the same session cookie at the moment and I don't want this to be the case, however, I would like to set the value in code rathr than hardcode a value using the web.config. Does anyone know how thi can be done? ...