There are many questions about codeigniter disallowed key characters but I could not find one similar to this.
I have an app where a method is working fine for all but one user. For one user they are receiving the codeigniter disallowed key characters error (and no further info as errors are off and I don't have access to the logs). All I know is that the URL of the error page ends in {uri}.
As I can't find a way to replicate this could it be a cookie issue? If so how would I go about tracking down the bug?
Let me know if you need code. I have assumed it would not be helpful if its working for most people
I have the same problem. Just let the user clear his/her browser cookies and temporary internet files.
Related
I using CakePHP with Backbone.JS, I set up a controller just to give me a JSON output for getting my data, e.g. client names etc, to pass into each Backbone model.
This was all working, or appeared to be, however, it seems that it now gives me some random 403 errors when the page / from is saved or reloaded. But I have no idea why? If it can access it to start with, and does, then why would it not have access after a save or reload?
I have tried, $this->Auth->allow and it dose appear to fix the problem but this data is or could be important and need it not to be access my everybody who might guest at my access path.
Now I have read a number of articles on her, most point to read/write access on the files your accessing, but in my case its just a path /XXXX/XXXXX/myjson/clients For example.
Now I can post my code, if needed, but I am not sure what the problem is, is this a CakePHP issue or is Backbone not requesting the data right?
Please be aware that I am dyslexic, please be kind about my question, if I have not explained myself right. Then please be me some time to re-word / edit my post.
Thanks,
For any one else looking at this, I had added autoRegenerate to the Configure Write Session. For some reason it looks like CakePHP was taking to long to regenerate a new cookie and request my information at the same time.
I am using version 2.1.3 of CodeIgniter, and primarily use Chrome or FireFox, but I am learning that some of my clients are having issues with my systems not allowing them to log in. The system log indicates that the user has logged in, but I check if the session variable is set to determine whether the control panel or login screen needs to be displayed.
For some reason, the session variables are not set in at least IE8 and below, so the login screen keeps showing, even though the log says the user is logged in.
I checked this: CodeIgniter IE not storing sessions correctly and this is not applicable to me.
I am not using Ajax for this, so this is not it either: PHP Session lost in CodeIgniter IE only
Also, this is not loaded in an iFrame. So, I doubt there are P3P problems: CodeIgniter 2.x sessions and Internet Explorer
What could be the cause of this?
Thanks!
I could just guess, hope its helpful.
Check your php files if you have a closing tag ?> and if you have a whitespace after it. This cause to return a blank response, because of the whitespace, and this breaks the session and cookies.
Do you have some mechanism for regenerating session id`s
Thats all i can come up with, hope i`ve helped.
Regards
I found this article, and it appears to solve the problem for me, but I want to test more before accepting my own answer.
http://ellislab.com/forums/viewthread/211955/#982986
Hope this helps someone else.
Regards,
Kobus
I was asked to perform some URL re-writes for a new site with numerous dynamic pages and this has all worked fine.
However when I look at the URLs that Google has indexed, it has indexed the 'non-rewrite' url, so all the '?', '&' etc are being used.
What do you have to do to force Google to index your re-written URLs?
I just assumed it would do this automatically and never expected it to be an issue.
All help is gratefully appreciated.
Thanks.
Steps
1) Make sure that expired pages are no longer publicly accessible
2) Anything you do not wish Bots to crawl should be flagged with appropriate "nofollow" meta tags
3) Submit a new sitemap to your Google Web developer account
4) Make sure your Website throws a 404 error when a page isn't found. It is always a good idea to make a splash page for a 404 error which links back to your home page. (this is accomplished different ways across different server-side languages)
Google will automatically remove indexed pages if they no longer exist.. So be patient.
I'm trying to figure out how to disable programatically the fishing site warnings that pop up when you enter a user name and password along with the url to a secure website, such as.
https://UserName:PassWord#Https://Secure.Website.com
Before the url comes up the warning dialog pops up first, since I know that the url I programmed is secure, I don't need the fishing site warning to pop up.
If anyone has any Ideas, I would greatly appreciate it. Thank you in advance.
You just cant do this.
This behavior is in private UIKit apis that you can't alter without being rejected from AppStore.
And for once, there is a good reason to this, a security reason :)
EDIT (after comments below)
I think you can disable these warnings in device settings : Settings App > Safari > Fraud Warning
Note that you can't do this with code from your app. You can only ask user to do so, or maybe by using Enterprise deployment facilities.
EDIT 2 About security concerns
Again, there are very GOOD reason to this security, especially for a company concerned by its confidentiality/security.
It is not because you set a static URL in a UIWebView that this is the URL you will get, phishing is not only from websites servers, it can also come from a middle man attack on the TCP/IP connection, DNS spoofing, or who knows, an admin going nuts :)
Modifying private APIs is not easy, there is no source code, just assembly code that you can disassemble/analyze to figure a way to override/inject code doing what you want. It takes time that sorry I have not.
In other words : you should find an alternative solution, like another URL without https (ask webmaster) but another security, not requesting data from UIWebView... I'm afraid there is no easy workaround. And I guess you know that URL authentication like you are trying to do is highly unsecure, any intermediate could just get the query and login/password.
It is phishing and not fishing :)
Do you know you can edit your comments on stackoverflow?
Is there any way to bypass the referral check applied by some site in order to avoid there data from being extracted. Like if you follow this link!
You will get Access Denied Error. However , if you just go this link!, it takes you to home page and on filling on any quote say ABAN , it follows exactly the same GET request as the link used above.
Can anyone please suggest me some solution ??
Set your referrer to the correct value. You can spoof the value to anything you want programatically or by visiting the correct url before visiting the target url.
You can use a tool like wget which allows you to set your own referer value. This won't work on sites which expect more than that as their protection value (and anyone interested in protecting the delivery of their content might also look for a cookie or ip address as well).