session

How to work with Session and Include statement in PHP?

I am having many files with multple includes one into another like below, File1 is included in File2 and then File2 is under File3 Now I want to declare a session variable site_user_conutry from File1 and then I am checking on File2 that if there is any no value in the session variable then Only I am including File1.php I have added ...

How do all these web platforms achieve a long-time login session that does not require the user to login over and over again?

I really don't get that: Some platforms have some kind of "persistent" login sessions. Like Stackoverflow and many other boards and platforms. I've logged in here a month ago. And even if I quit my browser totally and have another internet connection with different IP, I come back here with no login. I can't belief that's just done with...

Tomcat: Session count. What is it?

Okay, I think I already know, but I want to make sure, and this surprisingly simple question was surprisingly hard to google. :P In the tomcat manager, I have some session stats, like so: Active sessions: 1 Session count: 1 Max active sessions: 1 Rejected session creations: 0 Expired sessions: 0 Longest session alive time: 0 s Average ...

Zend Sessions Problem (beginner)

Hey out there, I'm teaching myself Zend am and having a problem with using my session to call a View Helper action. My controller: <?php class SessionController extends Zend_Controller_Action { protected $session; public function init() //Like a constructor { $this->_helper->viewRenderer->setNoRender(); // Will no...

Session replication across JVMs in WebSphere

We have an infrastructure set up where in the webservers are clustered and the application servers are not. The webservers route the request to the application servers based on round-robin policy. In this scenario, the session data available in one application server is not available in the other application server. Is there anyway by w...

OpenID in a load-balanced situation

Hi, I'm looking at implementing an OpenID provider ('OP') using Java + Tomcat/JBoss. Now one of the key things about OpenID is that The user communicates with both the OP and the RP and has a session with both sites. The OP and RP communicate with each other to ensure the user hasn't faked anything. A subject I've not been able to ...

Oracle ODP.NET and double clicking hyperlink

I've installed ODP.NET and am using the session state service through Oracle for an ASP.NET website. I tested it, I thought, pretty thoroughly and didn't see any major problems. Some of the users have been complaining of exception errors however when they use the system. I added some extra logging and found out how to reproduce the is...

Can I access SessionState from within an NUnit test?

One of my methods in an NUnit test checks a Session-State variable : if (Sesssion[variableName] == null) ... and the NUnit test is failing with err: System.Web.HttpException: Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make s...

How long should you let a user stay signed in for on a web application?

Background to question: We are building an online web application that requires the user to sign in. We will add the ability to "keep me signed in on this computer for x weeks." Question: What is the normal standard for how long you should allow a user to stay signed in for? * 2 weeks? * 4 weeks? * Forever? And why? Is there a reason ...

Portlets - Keeping session alive from server side

Hi, I am implementing jsr 186 portlets, with some servlets to the mix to implement some ajax. The problem is if I only make AJAX calls for some time, I lose the session. Strangely, keeping alive the servlet session does not prevent the portlet session from timing out. Is there a way I can keep the session alive from within my servlets,...

ASP session expiration issue

Hello everyone, Some of my legacy program is using ASP (not ASP.Net), and even if I set long session expire time for example to 20 minutes, sometimes in short time (e.g. in several minutes) I will still notice session expire error box -- "too much idle time, please login again". Any ideas to analalyze further? Not sure whether it is my...

looking for some ASP session management tutorials

Hello everyone, I need some tutorials or samples which cover the following topics, does anyone have any recommendations? For ASP.Net, how to manage session and especially manage correctly when there is large number of concurrent user requests, access session and various ways to manage session expire; For old ASP, how to manage session...

ASP.Net session life time issue

Hello everyone, I am confused about ASP or ASP.Net session life time (or life cycle) concepts. More specifically, my confusions are, how did IIS magically knows a new session starts and an existing session ends? Especially how IIS treats whether a session continues or ends when we call redirect code; how many differnet ways to set ses...

legacy (classic) ASP code session issue

Hello everyone, My question is about classic ASP, not ASP.Net. I ask expert here since search engine always tell me ASP.Net answers. My confusions are, How to set session expiration time in classic ASP code or through configuration? How to extend session expire time? Is there a session expire event? How to know when session will expir...

How to secure classic ASP ASPSESSIONID cookie?

Is there a way to mark classic ASP ASPSESSIONID* cookies as secure? It appears that the ASP ISAPI handler adds that session id cookie after my page is done rendering so putting code at the end of my page to loop through the Response.Cookie collection and mark them as secure doesn't seem to touch the ASPSESSIONID* cookie. Any other way ...

How can I get HttpServletRequest when in an HttpSessionListener?

How can I access request headers from a SessionListener? I need to set a timeout on the current session when it is created. The timeout needs to vary based on a header in the HttpServletRequest. I already have a SessionListener (implements HttpSessionListener) that logs the creation and destruction of new sessions, and it seems to be th...

Server.ScriptTimeout

Hello everyone, In MSDN, it is said, "The timeout will not take effect while a server component is processing." -- what does this statement mean? Could anyone show a scenario it is referring to please? http://msdn.microsoft.com/en-us/library/ms524831.aspx A related question is, whether it is good code to judge that, if a session varia...

Hacking session variables in Asp.NET

Is it possible to hack someone's session variables and create a new shadow user? What are the common ways of avoiding such surprizes? SSL certificate installation or ....? ...

Session for a Tab in ASP.NET.

In ASP.NET a session is for the browser. But how can I create a session for a tab? ...

Supporting Single sign-on changing domain of JSESSIONID session cookie domain on Jetty

I'm trying to support single sign-on with JETTY and we have 2 subdomains running webservers that will support single sign-on through Jetty's SSO support. account.test.com app.test.com We have a SSOSession cookie that is set to *.test.com, but to support sign-off I need to ensure that my Jetty server running at app.test.com has it's JSE...