Whenever you authenticate, your application should change the session identifier it uses. This helps to prevent someone from setting up a session, copying the session identifier, and then tricking a user into using the session. Because the attacker already knows the session identifier, they can use it to access the session after the user...
I have an ASP.NET application and in the golbal.asax ' Application Error Event, i am calling a method to trace/log the error.I want to use the session variable content here .I used the below code void Application_Error(object sender, EventArgs e) { //get reference to the source of the exception chain Exception ex = Server....
Coming from an Classic ASP background I'm pretty cautious about placing objects into Session. Would it be a bad idea for me to store an object of type Dictionary into Session within .NET? ...
Can some one explain what is a session overflow error in WAS? Is it advantageous or disadvantageous to have a session overflow base in memory value set? Please do enlighten on this. ...
Is there any way to specify that a given Controller or Action uses Session state in a read-only manner? In "old" ASP.NET we used to do something like this: <%@ Page EnableSessionState="ReadOnly" %> Is there an ASP.NET MVC equivalent? I'm looking to allow my application to serve multiple requests from the same client simultaneously, an...
I am wondering if it is viable to store cached items in Session variables, rather than creating a file-based caching solution? Because it is once per user, it could reduce some extra calls to the database if a user visits more than one page. But is it worth the effort? ...
Hello. I'm using PHP5 here. I have made a login system that check's the username and password against the records in the database. I want to use sessions to store the logged value. For example, when I reach the zone where I "log in" the user succesfully: if($errors = 0) { $_SESSION['logged'] = "1"; } The problem is that I want the...
Hi, I want to get a "permanent" session, i.e. in my app i ask the user for permission for offline_access FB.Connect.showPermissionDialog("offline_access"); In the POST url I get the fb_sig_session_key, and I understand that all i need to do now is to use this fb_sig_session_key, and the user would not need to login with user/password...
I am using the app_error script to deal with broken links on my site, and in the error404() action I write a session value like this: $this->controller->Session->write("visitor", $visitorId); This all works as I can successfully read the session back if I reload app_error. Once I have written this session value I redirect to a control...
I'm using sessions in my Catalyst app via Session, Session::Store::DBIC, and Session::State::Cookie. I have a few controllers and methods that send out data with a Cache-Control: public header, so its essential that the Set-Cookie: header not go out with those responses (otherwise, it'd be cached and sent to other clients, leading to p...
Hello everyone, I met with strange session issue. I have developed a web site which uses session to track user specific information to determine whether a specific user has permission to access some part of the web site. I am using VSTS 2008 + .Net 3.5 + C# to develop ASP.Net web site. In my design, when I access http://mysite/sitemana...
What does the following line mean? Put the boolean variable isLogin to your session such that you check the session each time your user goes to the secured site. I would like to know how you can put a variable to a session. I know at the abstract level that session is a semi-permanent interactive information interchange, al...
This question is based on this answer. I'm looking for a function similar to PHP's session_start() for Python. I want to access a dictionary like $_SESSION in PHP which becomes available after running the command. ...
I'm making a login system, but when a user logs in, it doesn't actually store any of the data i want it to in the session. I even checked the session's file, and it was empty. I have session_start(); on all the pages. what else could i be doing wrong. Heres the code for the two main pages. the login code: <? if ($DEBUG == true) { e...
I have a web chat application and we are using jQuery. When a user is idle or doesn't hit the browser in say, 15 minutes, then it should automatically destroy the session of that particular user and redirect him to the login page. How would I do this? ...
I was doing some unit testing, and ran into an interesting problem in WCF. I have a service using the wsHttpBinding, configured as such: <bindings> <wsHttpBinding> <binding name="wsHttpUnsecured"> <security mode="None"> <transport clientCredentialType="None" /> <message clientCredentialType="None" /> <...
Looking over the manual pages for session_cache_expire and session_cache_limiter, I'm a bit confused as to what these could possibly have to do with sessions. It seems to be that these control the hints sent to the browser as to how long to read a page from the local cache before re-requesting it, but how does that effect sessions? ...
If I'm looking at someone else's rails app, what's the first place to look if I want to know where their sessions are stored - cookies/db? ...
Can I do nested transactions in NHibernate, and how do I implement them? I'm using SQL Server 2008, so support is definitely in the DBMS. I find that if I try something like this: using (var outerTX = UnitOfWork.Current.BeginTransaction()) { using (var nestedTX = UnitOfWork.Current.BeginTransaction()) { ... do stuff ...
Hi Every one, I have problem when want update my object to database using hiberntae when I want update(branchDao.update(be); ) it's throw below exception a different object with the same identifier value was already associated with the session this my code: LoginEntity le = loginDao.getSpecificLogin(pkId); le....