Hi, It keeps running in my mind the last couple of days, but I read some articles about how to make your PHP sessions more secure. Almost all of these articles say that you need to save the useragent in the session WITH an additional salt. Something like this: $fingerprint = md5('SECRET-SALT'.$_SERVER['HTTP_USER_AGENT']); The salt wo...
Also, does the object that is being set have to be thread safe in order to guarantee that we know what the state of the object stored in session is known. Also, I was reading on the web that some suggest using: synchronized(session) { session.setAttribute("abc", "abc"); } Is this a valid suggestion? ...
I'm experimenting with MVC, and my question is - where I had Page_Load logic in Master Pages with WebForms, where should it go in MVC? Here's the business case: Different Host Headers should cause different Page Titles to be displayed on the site's (one) Master Page, therefore all pages. For example, if the host header is hello.mydomai...
In my Rails app, I have a login page. After that person logs in, what is the best way for my app to continue tracking the person that has logged in. For example, if the user moves to different pages, my controllers/actions will lose track of that user unless I keep passing a variable between each page the user subsequently visits. Is the...
I was told this works, but... I guess I'm just not getting this, it seems there's a hidden step I may be missing, can anyone correct this or point out my mistake? Thanks. I have a blank solution: - inside is two .net 2.0 web applications 1) webapp1 2) webapp2 I want them to share the same session data. My page setups: Application 1:...
What is the difference between a Session and a Cookie? What circumstances should each be used? ...
I wonder if there is a .NET library that mimics a browser in terms of HTTP transactions. In other words I am going to make multiple GET/POST requests and I want the cookies to be persisted to a storage, so that consecutive request will be identified by the remote host. AFAIK cURL has support for this functionality. ...
I'd like to add something like the "remember me" option into a Rails application and I need to create a persistent session that doesn't expire when the user closes his browser. The only solution I found right now is to use a plugin: http://blog.codahale.com/2006/04/08/dynamic-session-expiration-times-with-rails/ Are there any other (bet...
I have user control on a ASP.NET web page, which contains a GridView and a radio button selector. In the underlying middle tier I have a thread which goes to the database and then raises an event to say "I have some data" my User control handles this event and sets a Session Variable. This works and I can see the event being handle...
i would like a working example, that uses a asp.net session state server, to share a session variable between two .net 2.0 web applications both running on the same domain, just in different folders ( same parent folder) directory structure: parent site: [localhost/testSite] web app 1 site: [localhost/testSite/webapp1] web app 2 site: ...
We've been having a problem with a mass mailer component that I wrote for a long time and the exact nature of the difficulty, how to measure it and how to mitigate it have all remained elusive. It's got to the point where these problems are becoming critical and I need some straight answers so I'm hoping someone here can provide them. ...
We have a flex application that works with ASP.NET. (through weborb). And we use several data at the .NET Side to load data, ex: UserId, ChannelId, ... For now only userid is stored in the name of the HttpContext.Current.Identity. So the flex side doesn't need to push the user id all the time, but now we want to disable the "push" of the...
The session timeout in web applications typically denotes the idle time - i.e. the period of time when the user doesn't work with the application. Now, what if there is an automated script written that posts a request every 5 minutes - wouldn't that user's session go on endlessly? This being the case, won't this approach heavily load th...
I am interested on how to make a regular HttpCookie object into a cookie that expires at the end of a session. I am not interested in someone showing me HttpContext.Session. How does a session cookie look in the response headers compared to a normal cookie? How can I modify a HttpCookie to expire at the end of a session? Thanks! ...
I have an iframe keep alive (iframe that hits a page, defibrillator.aspx, on my site every few minutes to keep the session alive) on my masterpage for an asp.net app. This works most of the time but every so often my session variables return null during the page load on my defibrillator page. At first, I thought the session was being t...
Hi, how to check if a session is invalid or not. there is no method in the API. is it the same as isNew(), and what is the difference if not. Thanks, Ido ...
How do I use php sessions in XSLT for example for making a shopping cart for a webshop? A user can browse the site and click "Add to cart" on several items. Each item should then be stored in a session variable. The user can at all time view the items selected by clicking "View cart". ...
GUIDs get used a lot in creating session keys for web applications. I've always wondered about the safety of this practice. Since the GUID is generated based on information from the machine, and the time, along with a few other factors, how hard is it to guess of likely GUIDs that will come up in the future. Let's say you started 1000...
Hello I use php sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.com they are immediately "logged out" untill then remove the subdomain. Is there a way to accept sessions from all domains as long as its *.mydomain.com thanks! ...
Hi, iam building a small webservice in axis2 (buttom up, i write the java classes and let eclipse wtp generate the service). I would like to use sessions so that a user can login with a username and pass if it exist in a database and than use the webservice but within the context of his session. I quite frankly don't know where to start....