In my website, some of users complain about problems in logging in. Their browsers generally don't see session info and cannot understand that the user is logged in, and behave like never logged in. But after some refresh, browser see session info and show the user as logged in normally. Again, if the user try to do some action( like w...
I have problem with session and query execution, please see code below. class A implements Lifecycle{ public boolean onUpdate(Session session){ Query test=session.createQuery("select * from Unknown"); List list=test.list(); B b=new B(); session.save(b); } } class B{ C c; public B(){ ...
I came across this example from Ruby's security page (http://guides.rubyonrails.org/security.html). It poses this scenario: A user receives credits, the amount is stored in a session (which is a bad idea anyway, but we’ll do this for demonstration purposes). The user buys something. His new, lower credit will be stored in the session. ...
I'm researching the Redirect on Post method and it seems that there are a few different opinions on how to approach the problem. I'll highlight what I've found and take your advice on what is truely the best practice: Redirection: Should you use Javascript, or HTTP to redirect the page? If you redirect using HTTP, what type of redire...
When a user visits my domain, a sessionid is issued by django. When he tries to do Oauth with Facebook, he clicks a button on my site which redirects to Facebook.com. Facebook redirects back to my domain, but at this point, the user's session is lost and Django seems to be issuing a new session variable. I want the dropped session to p...
I just discovered that every request in an ASP.Net web application gets a Session lock at the begging of a request, and then releases it at the end of the request!!! I mean, WTF Microsoft! In case the implication is lost on you, as it was from me at first, this basically means the following: Anytime an ASP.Net webpage is taking a long...
I have a silverlight web application that maybe open for days. It uses a legacy web service that uses session... How can I keep the session of the web service alive as long as the Silverlight appication is alive.... Good times ...
Hi everyone, As above: Is it possible to regenerate Code Igniter sessions manually? I'm looking for something similar to session_regenerate_id in PHP sessions, so that I could call it manually when a user went through privilege escalation. Thanks, Lemiant ...
Hi All, How can i set the session time out in PHP if the user stays inactive for a certain time in a web page or when the user close the browser tab. Please help me to solve this. ...
I am trying to just set a session variable on one page, then load it on another page. This code works on Firefox on Windows 7. It does not work when accessing the same pages on my iPod Touch. The first page is like this: session_start(); $id = "e0vgrejdmkjbltrdrtqtnjgzmy1cqurfluuzodeyqjlcoey5rx0"; $_SESSION['id'] = $id; The second p...
I have a class Session.cs in the App_Code directory that needs to extract some values from the session. I define the session with this: System.Web.SessionState.HttpSessionState session = HttpContext.Current.Session; but when I run the page I get a Null Reference Exception on session. The class (Session.cs) gets called from anot...
A question with respect to Session Expiration in PHP. I need my server to throw away session information if that user has been inactive for a while (for testing purposes, 5 seconds). I've looked at this question and particular at the answer by Gumbo (+28 votes) and I've been wondering about the feasibility of this answer with respect ...
Hello everybody, I'm working on distributed web application and we decided to separate web module from business services to make it more scalable. Here is the situation: We have one server instance that keeps web application (Controllers, JSPs, etc) and lots of server instances with business services. If web application needs any data ...
I'm trying to fashion a solution which will simulate App_Offline.htm for remote access but still allow local users to test the website out. I found some various options that I am trying out but the best one doesn't seem to work for our ASP.NET(2.0) site which relies on session state being enabled on all of the pages. The HttpHandler is...
Today at work I had a discussion with my co-workers and my boss about stateless/stateful beans (we just finished a project using JSF, it was the first time anyone at this company did something JSF related) and my boss said that he doesn't really like Session scoped beans (or even conversation/KeepAlive scoped ones). One of his arguments ...
I have a rails controller I dont ever want to set a cookie. I production, all it's actions are basically page cached and served as static files. But in development it's responses are generated on each request so that we can change things on the fly and test it out. The problem is that when we have parallel requests that change cookie d...
I would like to find a way to raise an exception if the Session is written to when in readonly mode. When EnableSessionState is set to "ReadOnly", values can still be put in Session, but the next request they will not be there. This seems somewhat dangerous. One option is to create a helper class which we alway use to access session. H...
Hi I have several tomcat instances running in physically independent machines. I want to configure the tomcat to share sessions between this instances. I have tried to configure org.apache.catalina.session.PersistentManager from http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html. But I only see the session file when I shutdow...
I am following this tutoril. Though the user is logged in into facebook, but the session is showing him not logged in(NULL session). Please someone help me out. My code-segment is as follows- $facebook = new Facebook( array( 'appId' => $app_config['app_id'], 'secret' => $app_c...
Hey guys, I have a question about sessions. How do you make a secure login session/cookie. I was looking at this example where they add this array to the session: $data = array{ username = $_POST['username']; is_logged = true; } I was wondering if this is enough? Is it not possible to change the username in the cookie to an...