session

How to disable the back button after Session has destroyed?

I want that after Logging Out any user should not be able to go to the Back Page. How can i do that? ...

MySQL Session Table Approach

Hi all, I am developing a multi-tenant web application using LAMP. All my user session data is currently stored in mysql with table type InnoDB. Is there any way that I can use MEMORY (used to be HEAP) table type to store the current sessions and use the garbage collector function of the session handler to move sessions between the Inn...

How does one store and retrieve custom session variables in Drupal 6?

Drupal employs a custom session handler that changes the familiar...: $_SESSION['foo'] = 'bar'; echo $_SESSION['foo']; ...behavior. The above session variable of "foo" would not persist from page to page. Many comments and forum entries at Drupal.com raise the issue that Drupal uses a custom session handler for performance reasons an...

Is in-process the only way classic ASP can store session state?

I know it's a simple question, but I can't seem to drag it out of Google noise. I know .NET can use a session state service or a SQL database to back its session state, but I don't know if ASP offers any out-of-process options for storing it. Does it have any, or am I stuck with losing session variables on ASP applications when a load-ba...

Can NHibernate Criteria Pull From Cache

I'm loading a lot of data into the database with NHibernate. As I'm inserting, I want to check for duplicates. I call saveorupdate in each loop without flushing the session. Is there a way to query this session for duplicates without flushing? ...

Rails - List of active sessions

Hi there, I am trying to figure out the most straightforward and safe way to count the number of active sessions using a memcached storage option. With DB based session storage, I can just count the number of rows in the table but can't do the same thing with memcached. Thanks, Vikram ...

Best library for PHP Sessions

I have been using the CodeIgniter system for a while now - but it has it's short comings. I am grateful for what it taught me, but now I need a library for a new non-codeigniter project and so I am looking around for ideas on which libraries have things right and which don't. I will probably have to take pieces from several libraries to ...

Good way to demo a classic ASP web site

What is the best way to save data in session variables in a classic web site? I am maintaining a classic web site and want to be able to allow my users to demo all functionality of the site, this means allowing them to delete records. The closet example I have seen so far are the demos of Telerik controls where they are saving the data...

Shopping cart implementation

I want to integrate a shopping cart in my site. The cart should be such that it resets once the user signs out of the application. This can be either achieved via sessions or using the database tables. What should be prefered out of the above two? Are there any security loop holes if this is handled via sessions? ...

OWASP Consider regenerating a new session upon successful authentication or privilege level change.

On the OWASP web site one of their top ten items states that we should consider regenerating a new session upon successful authentication or privilege level change. What would be the correct way of doing this? One thing a co-worker has told me but I haven't tested is that when a user uses browser tabs each tab does not get it's own se...

Maintaining the same Session in Child Window

When a user arrives at my site, a session is started for them. There is a point where a child window is spawned using JavaScript on my sites home page. This child window goes to Twitter site to authenticate the user and it gets redirected back to a script on my site which stores some variables in a SESSION. I have found out that the P...

ASP.NET Cached page. State is saved but requires refresh

I have a webforms page that makes quite extensive use of AJAX. There are a number of links on it that take the user off to a different page. I want to maintain the state that the page was in should the user come back to it using the browser's back button. How I've gone about this is to store the page's state in session each time the use...

For Rails apps, keeping your environment.rb file in your repository seems unsecure...

Many Rails apps use the CookieStore method of storing sessions. The security of this method depends mainly on the security of the session secret key which is defined by default in config/environment.rb: config.action_controller.session = { :session_key => '_some_name_session', :secret => 'long secret key' } Most people i...

Eliminating certain Django Session Calls

Hi, I was wondering if I could eliminate django session calls for specific views. For example, if I have a password reset form I don't want a call to the DB to check for a session or not. Thanks! ...

Obtain Session List from Web Application Server

Some one at work found out about the: com.ibm.ws.webcontainer.httpsession.IBMTrackerDebug servlet. Which can be invoked like this: http://localhost:9080/servlet/com.ibm.ws.webcontainer.httpsession.IBMTrackerDebug Now, a "manager" wants me to make a similar servlet, that list the current active sessions in the a web aplication. I've tr...

php session and path setting

I would like to separate my source folders into two: The folders that contain the code that you type into the address bar and those that make up parts of the page (tiles) and other code (classes, etc). So at the start of every php file I added: <?php // index.php include("config.php"); include("session.php"); ?> Config contains just t...

nhibernate save() generated isnert statement but no actual record was inserted into db

I have the following code. In SQL Server profiler I can see the isnert statement being generated however no actual record has been inserted. I just can't figure out why this is happening! private ISessionFactory _sessionFactory; private Configuration _configuration; _configuration = new Configuration(); _configuration.Configure(); _con...

ASP .NET Check for Session

I'd like to check for the existence of the Session in a base page class before I use it, but I've found that if it does not exist, it'll throw an exception just by checking: if (Session != null) { Session.Remove("foo"); } Will throw this exception: Session state can only be used when enableSessionState is set to true, either i...

Ninject and named item in session state

Hi there, is there a way to inject an object into the session state automatically with Ninject? For example: I have a provider that gets me a list of objects. In my views I have something that reads state from session like <%=Session["MyKey"].Data%> Now I want to be able to inject the value of Session["MyKey"] with Ninject instead of ...

How can I preserve session information when redirecting from one subdomain to another?

I'm programming with PHP. I want to redirect https://abc.example.com/blah1/blah2 to https://www.example.com/blah1/blah2 but I don't want to redirect https://abc.example.com redirect to https://www.example.com Is it possible while preserving session information across the redirections? Thank you. ...