Hi All, I am trying to mark the ASP session ID cookie as HttpOnly but can't seem to find a way to tell if it is working. The environment I am trying this in is as follows: OS: Windows Server 2003 IIS: 6 ASP Version: ASP 3 (Classic ASP) In order to mark the cookie as http only, I followed MS KB As per our architect's suggestion, to tes...
I'm recording the session start times from when people log into my .NET 2.0 web application, but I'd also like to record the Session ID. Can someone give me some example code on how to accomplish this (how to access the Session ID from within the Global.ASAX). If you need any additional info just let me know. ...
I hope someone out there has some update to date information on sessions and their IDs. I'm running on IIS 7 and we're seeing Sessions assigned to more than 1 IP address. I ruled out the possibility of it being caused by users resetting their IP addresses, for instance by unplugging their modems. In at least one instance a user logge...
i am creating Content management system in which i want to generate uniq session id i try it by changing in web.config part of sessionstate in which i put cookieless=true but when i try it it work good but pass sessionid with requested url which i do not want.please give solutin for it. also how can i destroy session id when application...
Hi, I have multiple web applications (PHP) which are being served to different customers from their own domain. Each domain obviously has separate cookies and sessions (with the domains and paths all set correctly). Should I need to set up a completely separate sessions table in the database for each website to try to ensure unique ses...
I'm trying to get php to automatically pass the session ID via url, even if the browser accepts cookies. I know url session id are normally considered a security risk, but I have a very specific application in mind which requires several separate users to be able to log in to the same php session, despite what cookie settings their brow...
I am confused with the following sentence(with bold) from Microsoft about Session IDs. It seems to say the obvious, if we reuse a valid Session ID then we do not need to create a new Session ID. Am i missing something? What is reusing in this context? Using the Session ID as an identifier in database or etc is reusing or what? Therefo...
Most web applications depend on some kind of session with the user (for instance, to retain login status). The session id is kept as a cookie in the user's browser and sent with every request. To make it hard to guess the next user's session these session-ids need to be sparse and somewhat random. The also have to be unique. The quest...
I recently built a simple web-app deployed over Tomcat. The app uses pretty standard session based security where a user who has logged in is given a session. Sessions work fine in Firefox and Chrome, but require the use of jsessionid in the URL for IE (tested 7 & 8), set to medium privacy. In IE 8, I tried to override cookie handling...
Ok, I am storing a session variable like so to load up users layouts faster if it's set instead of calling the database. But since the layout can be changed via the Administrator, I'd like to be able to globally remove all sessions where $_SESSION['layout']['action'] is set for all users. $_SESSION['layout']['action'] = array(a ton of ...
I'm currently in a need of getting session ID thus I need to get the HttpSession but I don't have any servlets in my EJB module. So perhaps some DI annotation like in webservices api? ...
So I'm scraping a site that I have access to via HTTPS, I can login and start the process but each time I hit a new page (URL) the cookie Session Id changes. How do I keep the logged in Cookie Session Id? #!/usr/bin/perl -w use strict; use warnings; use WWW::Mechanize; use HTTP::Cookies; use LWP::Debug qw(+); use HTTP::Request; use LWP:...
Hello All, I am developing a 3 tier database application. 1.) MS SQL DB 2.) Middle tier SOAP Server (with Delphi 7) connected to the DB 3.) Clients (first win32 gui (with Delphi 7) - later other platfomrs) connected to the SOAP server I chose a SOAP Server to be open to various clients at a later stage (also some of the win32 gui clien...
when user clicks on login button(index.php) I am calling chechlogin.php where I am checking loginId an password as- if($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); $_SESSION['UserId'] = $myusername; $_session['SessionId'] = ses...
in PHP i used session and cookie not urlrewriting with PHPSESSID. but when i opened cookie then i saw the key value pair.but one of them is path : / what does path mean,can you explain elaborately. if i change the path value to /abc/cdddddddddd/efc then what does that mean? ...
Why does the property SessionID on the Session-object in an ASP.NET-page change between requests? I have a page like this: ... <div> SessionID: <%= SessionID %> </div> ... And the output keeps changing every time I hit F5, independent of browser. I've seen this work correctly in other projects. ...
I am using PHP 4+ and I am working in a project of osCommerce, where I encounter with the session id in the url, so i just need to know, is it a good practice display the session id on the url? if yes then why? and if no then why? and how can i hide the session id in url and use any substitute string there in url? ...
In Spring MVC 2.5 with Jetty - probably with any servlet container -, I want to redirect to an external site using RedirectView via the magic "redirect:" prefix for the view name in ModelAndView. Unfortunately, RedirectView uses response.encodeRedirectURL(), so my (otherwiese wanted) session id is appended to the URL. It is not only a ...
We use iframes to show ads on our site. Iframes are used to allow us to keep the ad generation code and other site modules separate. As we track ad views on our site, and need to be able to keep an accurate count of which pagetype gets what views, I must ensure that users can't simply copy-paste the iframe in which the ad is loaded ont...
Microsoft, in an effort to make Internet Explorer 8 "more stable" and “faster”, have changed the underlying architecture of the browser and introduced a function called "Loosely-Coupled IE" (LCIE) which works on session sharing across TAB and new instances. But session sharing may be fatal when some one is trying to do two different thi...