A colleague of mine asked me to take a look at some cookie behaviour. He created simple web app that created a cookie and inserted the value of a text field, he then checked the cookie collection on the next page to see it had been inserted and read back correctly. All simple really. On the second page however he noted the was more th...
Specifically, I have written a Rails app in which I'm using the default (in Rails 2.3.5) CookieStore session store and I've spotted an odd problem in development. Myself and a few others had been using the site for a few weeks and we each had a login based on a username and password (each user registered themselves and I stored the (sal...
I have heard of people being able to access other sites cookies using XSS. Is this is a legitimate option and how do you achieve this? ...
Hi all, I'm trying to avoid that when a user has connected to Facebook from my webview, the next time he do it, doesn't need to put the email and password. I'm getting the cookie from the "facebook.com" domain with this sentence: String cookie = CookieManager.getInstance().getCookie("facebook.com"); and storing it in a SQLite database...
Say for example I had an application sending the following HTTP headers to set to cookie named "a": Set-Cookie: a=1;Path=/;Version=1 Set-Cookie: a=2;Path=/example;Version=1 If I access /example on the server both paths are valid, so I have two cookies named "a"! Since the browser doesn't send any path information, the two cookies cann...
I'm having some weird problems with NSHTTPCookieStorage in my iPhone app. When I invoke the login action on my web service, the service sends back an auth cookie named "auth" as well as some other cookies. When I log the user out, I call a logout action on the server which removes the cookies. If I print the result of [NSHTTPCookieSto...
I have an asp.net site. Its a mixture of web forms and MVC2. I have this on 2 different servers which I get to via different urls. On one server authentication works fine via all browsers (IE 8, FF 3.6, Chrome) On the other IE 8 fails, it doesn't send back the cookie on the request to the page after authenticating. Using Fiddler I ...
Updated question to make it more clear I understand that you can set the domain of your session_store to share sessions between subdomains like this: Rails.application.config.session_store :cookie_store, :key => '_my_key', :domain => "mydomain.com" in Rails 3, what does the setting :domain => :all do? It can't let you share sessions ac...
I am thinking about making the switch to storing session data in encrypted cookies rather than somewhere on my server. While this will result in more bandwidth used for each request - it will save extra database server load and storage space. Anyway, I plan on encrypting the cookie contents using RIJNDAEL 256. function encrypt($text, $...
$('#nav a').click(function () { $('#nav a').removeClass('current'); $(this).addClass('current'); return false; }); My HTML is: <ul id="nav"> <li><a class="current hoc" href="#spread1-anchor">Home</a> /</li> <li><a class="bgc" href="#spread2-anchor">Background</a> /</li> <li><a class="apc" href="#spread3-anchor">App...
this is my code in logout.php <?php if(isset($_COOKIE['cookie-username']) || isset($_COOKIE['cookie-password'])) { setcookie("cookie-username", NULL, time()-60*60*24*100); setcookie("cookie-password", NULL, time()-60*60*24*100); } header( 'Location: ../login' ) ; ?> I can confirm the cookies exist, If I do a while...