What is the best thing to store in a cookie to keep a persistent logged-in state? I have seen many websites (and beginner tutorials!) that simply store something like validUser=1 in a cookie. Clearly I could spoof that and the website would think I was a valid user. If the username is stored in the cookie I could masquerade as any user...
When working with Sessions, do you need to declare session_start() or ob_start() ? What are the advantages of doing so or not doing so? Thank you! ...
I am wondering if I can handle a session timeout event. I need to make a function call to my function right before session timeouts or user left my page, or closed browser window. The most important part here is to have access to everything stored during the session, session variables. ...
Hi everyone, My goal is to allow users of a Rails web app to see all their open sessions on other computers and close/sign out of them remotely. Similar to gmail's "Account activity" page (link found at the bottom of the gmail inbox page). I can technically achieve this by using the sessions in the database account_sessions = CGI::Se...
When you log out of a web app, should ALL your session be logged out? When I log out of the web app from the public library, should it also log me out of the session I have on my home computer? When you choose "remember me" or "stay signed in" when logging in (to extend your session beyond the time your browser is open), does this get c...
Hi, how should I store user data in asp.net mvc? Let's say a user want to see 50 records per page. I wanted to save it in Session, but if I am doing it right, the Session resets every time a new controller is initialized. So where? A cookie? ...
I have a query, I want that if a user is already logged in to a web page and again he Relogins from same or different machine then his previous session should be killed and automatically he gets log out to main page. I'm using jquery at client side and servlets at backend. I'm using tomcat 6 as web server and jdk1.6 compiler. I just wan...
I have a website that's using forms authentication and membership. A user must have cookies enabled to use the site. I've been asked to change the code so that the session id is changed as soon as a user logs in. Aparently this will protect against a Session Fixation attack (http://en.wikipedia.org/wiki/Session%5Ffixation). Does anyone ...
Dear All, I want to ask about session. Is it possible to create session from JavaScript? How ? Thx, for ur response ...
For a JDBC application I need to issue a few ALTER SESSION commands. I do not want to put those into the application code itself. Is there a way to specify defaults for the session parameters for the database schema that the application uses (on the database side) ? ...
for more info of what I mean here is a quote from the user guide of the php mvc framework CodeIgniter CodeIgniter supports "flashdata", or session data that will only be available for the next server request, and are then automatically cleared. These can be very useful, and are typically used for informational or status messages (for...
I want to keep track of User Sessions within my MVC webapp. I know I am doing something wrong because the flow of the programming seems kind of chaotic. Any suggestions? At this point I am trying to verify Session every time I hit a different controller. private void VerifiedUserSession() { int? userID = (int?)Session...
Using ASP.NET MVC when trying to get the information stored on my Session["objectName"] from the constructor, I see that the Session has not been set yet, but once the controller has been constructed then the Session contains the right information. public class ABCController : Controller { public ABCController() { var tmp = Session["...
In this post the author recommends implementing a Wrapper for the session to ease testing and decoupling the controller code. I will like to obtain ideas on how to implement a good wrapper for this purpose. I see that in CodeProject there is one sample but it looks way more than what I need. EDIT 1: Ok. Thanks to Joshua I have imp...
Hi I'm having issues with trying to use Zend_Form_SubForm and sessions. My controller is in essance acting a wizard showing different subforms depending on the stage of the wizard. Using the example I am planning on storing the forms in a session namespace. My controller looks like this. include 'mylib/Form/addTaskWizardForm.php'; ...
This is a bit of a throwback question, and probably relatively fundamental, but I'm at a loss. How does IIS manage Classic ASP session state? We have an app that stores user information in session, and when many users are using the app, it seems to be recycling session for users, even though the "expire period" has not elapsed. We su...
I'm trying to convert some of my django views over from function based views to class based views and I've run into a small problem. My OO is kind of weak and I think the problem is that I've lost track of where things are going. I have a custom login decorator that I need on the views so I have... First I have the View class from thi...
Hi there, I have a couple of classic ASP pages that require a user to enter their email and a specified 'keycode' that they have been given in order to gain access to a voucher that they can have emailed to them. A voucher code is then dynamically generated and (currently) sent in the query string of the url to a second page that would...
Let's say I have a table called positions (as in job positions). On the position show page I display all the detail about the job - awesome. At the bottom I need the prospective applicant to input their professional license # before continuing onto the next page which is the actual applicant creation form. I also need to take that licens...
What is an easy and unobstrusive way to keep an ASP.NET session alive as long as the user has her browser window open? I think maybe timed AJAX calls? I want to prevent that users keep their window open for a long time, then enter stuff and on submit nothing works because the server side session expired. I don't want to increase the time...