The background to this question is that I need to use some user session data in a (static) WebMethod. I have created a static property that references the data I need like so: private static UserWebSession UserWebSession { get { return (UserWebSession)HttpContext.Current.Session["UserWebSession"]; } } I can then ca...
I have created a blog, it will have posts, and the posts are created by the users. I already have a login system in my blog. And I have made the relation between a user and his posts. Now when I want to add a new post I want Rails to autofill the user_id field. Should I add a hidden field and add the user_id from the session where I sav...
I have 2 pages. .#1 page: session("X") receives value from user input (textbox), redirects to #2 page. .#2 page: displays the value of session("X") to user, if user wants to change the value, redirects back to #1 page for editing. .#1 page: session("X") loads into original textbox for user to change. Value from textbox is again placed...
Every time I access data in $_SESSION, Does it immediately update the session file on the disk, or just once when the process goes down? Or every n bytes of data change (flush)? This question is not necessarily about the specific file session handler, but every handler. (Does every touch in session immediately invoke an I/O of any kin...
I work on a task that involves moving/traversing from one application to another. The applications are in separate JVMs. While traversing to the other application, I keep track of the session ID. However, as I traverse back and forth, a new session gets created. Is there any way for me to get back the same session, using the sessionId...
I'm developing my own PHP framework, and I'm trying to do things more "by the book". I want to build login system. I have done this plenty of times, but now I just want to confirm/get some feedback on a system. I know we need... A Session Object A User Object A Login Controller What my question is, is who holds what power? Here's ...
How can I secure the data that my session posts so that to reduce injections? Is there perhaps something I need to add when I use $_SESSION[''] = $var; or when I retrieve the data by $var = $_SESSION[''];? ...
Hey All, Sorry for reposting(Admins, please delete the other one!). since you guys have been a great help, I was kinda hoping that you could help me once again while having the following question: I am currently trying to work with AJAX by allowing a managerclass in PHP to communicate via an XmlHttpobject with the javascript on the clie...
I've got a "works on my machine" situation. I have a website where I'm passing session values from one page to another using Session["foo"] = 'blah'; and on page2 var foo = Session["foo"]; foo doesn't exist on page2. When tracing the page I've found it was using a different sessionid to the original page. When putting a breakp...
What do you all think? ...
Hello, I have the following implementation of HttpSessionlistener public class SessionListener implements HttpSessionAttributeListener, HttpSessionListener { public void attributeAdded(HttpSessionBindingEvent event) { ... } public void attributeRemoved(HttpSessionBindingEvent event) { ... } public void attributeReplaced(Ht...
I am considering using Unity to manage the lifetime of a custom user class instance. I am planning on extending the LifetimeManager with a custom ASP.NET session manager. What I want to be able to do is store and retrieve the currently logged in user object from my custom classes, and have Unity get the instance of User from the sessio...
Lots of sites appear to support https but don't use secure cookies. I want to make my site use secure cookies but to allow for some content to be accessed using http instead. A sensible way to do this appears to be to have a secure cookie for the real session, and a non-secure cookie which is just a flag to say if the user is logged in...
A little background: I am trying to create a lightweight cookieless database-backed user session using a highly striped down ASP.NET implementation. This site audience will be mobile users connecting via celluar networks, so the page sizes need to be very small. I am not using the .NET session, viewstate, etc. and most page contain very ...
I'm using the standard active_record_store in my app. In environment.rb I have: config.action_controller.session_store = :active_record_store And my sessions table was created with rake db:sessions:create: create_table :sessions do |t| t.string :session_id, :null => false t.text :data t.timestamps end add_index :sessions, :se...
Here are the first few lines of my page: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <?php include_once "dblogin.php"; session_start(); $loggedIn = 0; if(isset($_SESSION["login"])) {$loggedIn = 1;} ?> I'm getting the following error: Cannot send session cookie - headers al...
I've had this problem in a couple of ZF applications now and it's very frustrating: Near the top of my bootstrap I have the following two lines Zend_Session::start(); Zend_Session::regenerateId(); My application requires authentication using Zend_Auth and uses default session storage for persisting an identity. At random the session ...
I've inherited a Classic ASP app, and the former author claims that: BODY onload="javascript: history.go(1);" is required to keep the site from "losing sessions" Has anyone heard of this quirk? I can't fathom it. ...
One of the requirements proposed for an ASP.NET application is that we have Session state disabled globally. (This is not negotiable.) Another requirement is that we have some means for user authentication. I'm thinking of using ASP.NET's membership provider model. Is it possible to have user authentication without Session State? The ...
I've got a Classic ASP application that relies on session; if the user leaves a screen idle and then runs a form post or other operation, I'd like to know whether the session has expired. Currently I'm checking session in each page to see if it's timed out, but is there a better, dynamic, JavaScripty approach that will do what banks do ...