This was always a problem for me, as rails doesn't have some mechanisms for session tracking like java frameworks do, what methods do you use to track who is currently logged on your site? I use a simple method by setting up last_visited field with current time every time user clicks somewhere on the site, and then checking for users whi...
Preamble: My app is mod_rewrite enabled and I have index.php page that downloads vaious pages based on Request_URI and prints them as page content. Problem: File() or File_get_contents() function is excellent at downloading my other app pages. But as soon as I try to use it to download a page that is session enabled, I start having prob...
While implementing a flash-based uploader, we were faced with an issue: Flash doesn't provide the correct cookies. We need our PHP Session ID to be passed via a POST variable. We have come up with and implemented a functional solution, checking for a POST PHPSESSID. Is POSTing the Session ID as secure as sending it in a cookie? Possib...
I have an ASP.NET application that uses Session.SessionID to prevent multiple users viewing the same data at the same time. I have a table that contains a set of images (stored in BLOB) that require processing. Only one user is supposed to be able to view the same image at the same time. To achieve this, as each record is retrieved by...
Context: I was going to build app using mod_rewrite (front page loading child pages), but got stuck on loading session_enabled pages from the front controller page. Problem: The problem is that I use session_start() call twise, PHP page stops responding. Which is strange, the session_start function is harmless and they are called on di...
I am having some trouble with one of my ASP.NET 2.0 application's connection string. There are instances that I would get a ConnectionString Property Has not Been Initialized problem which occurs randomly and intermittently and without any reason. My Connection string is actually coming from a webservice, because different kinds of use...
If I store a String value in my Session variable, do I need to Serialize / Deserialize it? I read that when you use in your web.config you need to serialize before you can store the value in session variable and you would then deserialize when you retrieve the value. I wonder if for example, you just place the string value to a ses...
we have a lot of users on a VBulletin forum. now i want write few more apps on rails for the same userbase. Until now all the authentication and session management is being taken care of by VBulletin. What is the best way to provide SSO for my users both onVBulletin and on the rails apps i am writing ...
As the title states, I have a session variable that is set during a login script with asp.net and vb.net code-behind. Can I call a javascript function when a link is clicked that will destroy that session variable? If it is possible, can I use jQuery to make that process easier? ...
I'm working on a mobile site where we can't rely on the phone hitting the site to have cookie support. I'm using the cookieless option for sessions and wondering if there's a way to specify where in the URL that the sessionId gets placed? Here's what it looks like now: http://www.somesite.com/(S(qnxbzt45h2yxpr45tj3hpr45))/Default.aspx...
I currently have a roll-your-own application security service that runs in my enterprise and is - for the most part - meeting business needs. The issue that I currently face is that the service has traditionally (naively) relied on the user's source IP remaining constant as a hedge against session hijacking - the web applications in the...
Let's say that in my app I have an object instance created on page 1. The user then goes to some other part of app and I want the instance to remain. How can I 'save' the instance? Sessions? ...
I'm building a PHP-based web app and am integrating a Flash-based charting engine. The Flash chart needs to make a AJAX request for its data. This request fails because it is seen as a new user agent and doesn't contain the PHP session cookie to identify it. So, it gets redirected to the login page. I've read a few hacks to make this...
I have a PHP script that is called in 2 ways from a Dojo Ajax xhrGet call. The first time it is called with an "init" argument which causes the script to create an instance of the StateList class and read in a file of state names. session_start(); @include('StateList.php'); require_once('phplog.php'); //start executing here $comd=$_GET...
I am trying to implement a Flash uploader in my Zend framework application but I am having problems with the session. The Flash does not send any cookie headers and this is why the session is lost. I am trying to send the sessionId as a post param and in my bootstrap file I added a session_id($_POST['session_id]) but this doenst seem to...
Here is the situation: User logs in via username/password stored in an MSSQL database If the user is authenticated, the system makes a session variable with username/SHA1'd password and boolean if the user is logged in or not (for subsequent pages) I need to be able to destroy the session variable. I want a confirmation box as well. ...
I have two apps that I'm trying to unify. One was written by me and another is a CMS I am using. My authentication happens in the one I coded and I'd like my CMS to know that information. The problem is that the CMS uses one session name, and my app uses another. I don't want to make them use the same one due to possible namespace confli...
I have a requirement for an explicit logout button for users in a ASP.NET web app. I am using IIS6 with Basic Authentication (SSL). I can redirect to another web page but the browser keeps the session alive. I have googled around and found a way to do it by enabling an active x control to communicate with IIS and kill the session. I am i...
I've tried to research this mechanism but only find hints and these are not very consistent. How is the session _id sent to the browser and how is the browser instructed to return it when the user requests a new page? Thanks, Chris ...
We have several ASP.NET applications deployed to a few servers. Is there a standard way to reuse session data or some other method to not require users to log in to the next application when moving from application to application if they've already authenticated? I'm hoping there's a best practices way of doing this that you guys know ab...