I have multiple CI application on same server using same session userdata variable name.
In some controller on first CI app
$sess_data['username'] = $username;
$this->session->set_userdata('logged_app',$sess_data);
In some controller on another CI app but in same host server.
if (!isset($this->session->userdata['logged_app'])) { echo "success";}
Isn't this a security hole? What happen if the applications are in different host?
If they all use different domains even on the same host that shouldn't be a problem. If they share the same domain, then that's a problem because users will be logged in all your app on that server.
Related
I am building a custom skill for Amazon Eco to control a specific application on windows. My custom skill is invoking a Lambda function and as a response I want to send some data to application by which I can control that application. I am willing to use any Amazon services.
Here multiple user can use same skill and responses should to send to respective users application.
Will any one have any idea how can I archive it? Thanks.
You can expose your application publicly using port forwarding or using ngrok, (it is a service where it can give you a Public URL for your local application or server), then let your lambda function make the request to your application via HTTP.
Also, you can have a server that listen to Alexa Skill request then make your application listen to your server using web socket.
Single User, One Echo device: you can access the deviceId of the echo device using this method then assign it to the user and save it to your local database.
Multiple User, One Echo device: you need to make a function on how to identify each user, you can do this by asking for a username then have a secret for each user, where the secret can be renewed via an app, this can be complicated depending on your use case.
I have server with tomcat where I deployed my application.
Let's call that server: internalServer (it can be accessed only from my network)
System admin opened port so every request from public can access that application. Application is comunicating with some another application on same server via web services.
When I access application via:
internalServer:8080/application
everything works.
But , when I access application via:
mywebsite.com/application
everything works except calling web service via $.ajax
Does anyone have idea what could be problem?
It sounds like a permissions issue with the public web site. The trust factor when using a localhost-style web server is different from that of using a public server. Check the web server and see what the permissions settings are for the directory where your web service is located.
Just a thought...
I am facing very dramatic behavior caused by Amazon EC2 server. I have one web application deployed at Amazon ec2 server which is developed using Spring and Java. For every request new session is created here. I have one scenario where i need to store some data into httpsession object but due to session changing at every time I lost my data.
Your response is respectable.
Thanks.
Please add comment if forget something to mention here and its required to understand.
Let me explain my scenario completely:
I have two machines which have apache installed and integrated with tomcat server using mod_jk connector eg. app0 and app1 machines, this both machines are requested by load balancer of ec2 server. To replicate session for each instance of server i have used DeltaManager jdbc store setting because ec2 does not support SimpleTCPCluster setting.
DeltaManger code:
<Manager className="org.apache.catalina.session.PersistentManager"
saveOnRestart="true"
minIdleSwap="-1"
maxIdleSwap="-1"
maxIdleBackup="20"
processExpiresFrequency="1">
<Store className="org.apache.catalina.session.JDBCStore"
connectionURL="jdbc:mysql://localhost:3306/tomcat"
driverName="com.mysql.jdbc.Driver"
connectionName="username"
connectionPassword="password"
sessionIdCol="session_id"
sessionValidCol="valid_session"
sessionMaxInactiveCol="max_inactive"
sessionLastAccessedCol="last_access"
sessionTable="sessions"
sessionAppCol="app_name"
sessionDataCol="session_data"
/>
</Manager>
This all works fine on my local machine but failed on production as there are two machines and they are handled by ec2 load balancer.
Please comment if any thing else required.
Issue with session was that jsessionid cookie was removed from the request due to the different path. App has a "/" (root) as a path and jsessionid had a path "/". This was causing jsessionid to be removed from the request and since server never received the jsessionid it was creating the new one all the time.
We fixed the issue by adding parameter - emptySessionPath="true" - to all connectors in /etc/tomcat6/server.xml.
I have little cPanel web server that I offer as a convenient addition to my web development/design services to my clients.
All of them use roundcube when accessing their webmail so it would be good to skip cpanel's mail app selection page.
I know how to do it for a single account by creating subdomain webmail.domainname.com and redirecting it to roundcube, but I'd like to know if there's a way to do it for all accounts on a server, instead of doing it manually.
If we have a link on a users desktop to a website, is there any way to automatically log them into that website using their windows username and password?
I think you can do it using the Active Directory. Maybe this article can help you.
This: Retrieve UserName by Searching in Active Directory
The windows login system and the website have totally different mechanisms. You're windows password is stored locally on your machine however the website password is stored remotely on a server. hence it does not make sense to login on a website with your local password automatically.
You can do this only for local Intranets hosted on the current domain. If this is what your're after you need to set the authentication mode in the config file.
.NET Authentication