My logout does not seem to work.
I clear cookies like that:
foreach (Cookie cookie in _session.Cookie.GetCookies(new Uri(Session.ServerSecureURL + "/Login", UriKind.Absolute)))
{
cookie.Discard = true;
cookie.Expired = true;
}
But next time I try to login, I get the previous user's session, even though, I verified, and in the web request I see a new cookie.
Anyone had similar problems with cookies?
I Found the problem. It was not Cookie related after all.
I used wireshark to see what is sent to the server, and found out that after i logout there is only one call to the server, the one that logs me back in, but no calls to retrieve the data are made. Apparently WP7 retrieves me the old data from previous session from cache. I fixed that by adding a random data to the end of my url, and now it works perfectly. I'm still wondering what is the right way to control caching on WP7.
This:-
new Uri(Session.ServerSecureURL + "/Login", UriKind.Absolute)))
Looks a little suspect to me. I would expect it to be:-
new Uri(Session.ServerSecureURL + "/", UriKind.Absolute)))
Ordinarily cookes set in a folder (like "Login") would still have the path "/", since its usually intended that the cookies be available to the whole application.
Related
I am trying to configure sessions for an asp.net core 2.0 website, but the session cookie is never set.
I call ..
app.UseSession();
...in Startup.Configure and ...
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(10);
options.Cookie.HttpOnly = false;
options.Cookie.Name = "WS_AUTH_ID";
});
... in the ConfigureServices method.
In the Controller I can acess ...
HttpContext.Session.Id;
... but the id is always different for every request.
Am I missing something?
Update: I should metion that I can set cookies "manually" and the browser will "receive" them.
HttpContext.Response.Cookies.Append("Test_cookie", "yo");
This was the cause for me:
The extension Microsoft.AspNetCore.CookiePolicy (UseCookiePolicy) was blocking the session cookie. Removing this extension and running the app in a new browser window fixed the issue.
Rationale: this extension blocks the cookies sent to the browser until the user accepts them. Since the session key is stored in a cookie and cookies are blocked by this extension... No cookies, no session.
Another workaround could be to enable the application to work without session until the user accepts cookies (I didn't test this workaround).
Hope that helps.
If you have the cookie policy turned ON the session cookiewon't be created until the user accepts the use of Cookies, this is to comply with the EU's GDPR.
You can remove the line
app.UseCookiePolicy();
from you Startup and then it will work, otherwise your users will need to agree to the use of cookies before you can use the cookie for session control.
For me the problem was solved by one of the comments on the question:
The cookie isn't written unless you add something to the session.
So just requesting the Session.Id won't help, you actually have to set something.
In my case it was a variable that was only set after some condition, and before that condition was met, it would create a new session ID over and over again.
You have to type the following in your ConfigureServices method:
services.AddMvc()
.AddSessionStateTempDataProvider();
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(30);
options.Cookie.Name = ".MyApplication";
});
In your Configure type the following
//enable session before MVC
app.UseSession();
app.UseMvc();
Using latest version of cakephp v2.3.3
I have a problem with my session variables when a browser doesn't allow cookies.
I pass variables from one controller to the other and this works perfect as long as the browser has cookies enabled. I have tried it with the Session helper in the controllers, but no effort, same problem.
How to fix this, is there a work around???
Cookies are required to keep track of the session ID, but you can manually get or set the session ID using $this->Session->id(). By adding the code below to the App Controllers' before filter you can set the session ID as a URL paramter like http://example.com/posts/view/1?session=qkv108c2pqeubcpeos1q7ekds3, for example.
if (!empty($this->request->query['session'])) {
$this->Session->id($this->request->query['session']);
}
The session ID is required for every request which means you have to include it in every link. I would suggest extending the HTML helpers' url and link methods to automatically add it.
Edit:
You should verify that $this->Session->read('Config.userAgent'); or $this->request->clientIp(); has not changed since the user was authenticated to prevent session hijacking. Thanks to thaJeztah for pointing this out.
How to prevent IE from caching the request sent to the server?
i tried by setting ("Cache-Control: no-cache) in the https response object but still the IE is caching my request data.
Please find tmy project details as below:
in my application i am sending login request to the server. so after i login if i take the memory dump using winHex tool i am able to get the password details in the memory.
i am clearing the dialog refrense also but still the request data is getting cached.
Please suggest me some work arround for this
You could try to add a parameter to your URL with a random value, this will prevent that the URL is always thesame.
Example:
Normal URL:
www.test.com/test.php
Fake different URL:
www.test.com/test.php?_dc=12353somerandomval
Make sure the _dc parameter always has a different value, you can (for example) use JavaScript date object for this (It returns the current time in milliseconds, which will virtually always be different):
params: {
_dc : new Date().getTime()
}
In a project I did a while back I had the exact same issues, I searched around and saw a few things that recommended adding a time stamp to the request, that does work too, but this was the most elegant way that worked for me.
$('document').ready(function () {
$.ajaxSetup({
cache: false
});
});
When I open two Wicket web applications in the same browser, it seems there are AJAX conflicts as I see a full page refresh in place of a partial refresh. This is true even if the applications are on different servers and port numbers.
I only use the out-of-the-box JavaScript provided by Wicket (tabbedPanel, onTimerAutoRefresh).
Perhaps it is something related to the fallback function.
When only one web application is open, it works without any problems.
I don't have a problem on the examples site, so I think something is wrong with the configuration of my application.
wicket-ajax.js, line 970:
try {
redirectUrl = t.getResponseHeader('Ajax-Location');
} catch (ignore) { // might happen in older mozilla
}
// the redirect header was set, go to new url
if (typeof(redirectUrl) != "undefined" &&
redirectUrl != null &&
redirectUrl != "") {
//redirect and do a full page refresh (window.location = redirectUrl);
}else{
// do the normal ajax functionality
}
When everything is okay, there is no Ajax-Location in the header. When the second web application is loaded in the same browser, then the next AJAX request on the first loaded web application gets this line in its header:
[Ajax-Location: .]
Can you check that the root context of your applications is different? Otherwise, you could have a conflict at cookie level. They are stored based on the hostname and the path. If the context path of both application is "/", then the cookie values will be overwritten. Whence the conflict that you see.
I am developing a Blackberry webworks application and I am having trouble with an AJAX request that I am making to a server. I am learning HTML/Javascript/AJAX on the fly, so excuse any beginner mistakes. Basically, formatted HTTP requests are made to the server, which returns JSON objects that I use in the application. I am using AJAX to make the requests without any kind of framework.
Most requests do not have to be authenticated, and those are returning just fine. However, to access a directory part of the server, a username and password are encoded and sent as a header with the XMLHTTPRequest. when I try and add the header, the request is sent, but I never get anything back. The readyState property is set to 1, but never goes beyond that. I know the server works fine, because I did the same thing for iPhone, and it worked.
Here is the relevant code:
function grabFromServer(httpRequest){
httpConnection = new XMLHttpRequest();
var me = this;
httpConnection.onreadystatechange=function(){
alert(httpConnection.readyState);
if(httpConnection.readyState==4){
me.processResponseText(httpConnection.responseText);
}
};
httpConnection.open("GET", httpRequest,true);
if(this.request == "company" || this.request == "property" || this.request == "individual"){
var authorized = this.checkCredentials();
if(!authorized){
//ask for username pword
}
//here, add credentials
httpConnection.setRequestHeader("Authorization", "Basic : ODI5ZGV2bDokY19kdXN0Ym93bA==");
}
httpConnection.send();
}
Your code appears to be good. Have you added an entry in your config.xml file to allow access to your domain? You should see an entry for something like <access subdomains="false" uri="http://data.mycompany.com/"/>. To make any HTTPRequests to an external website from a WebWorks application, you have to add an entry to "whitelist" domain like this.
If you're using the eclipse plugin, open up the config.xml file, click the Permissions tab at the bottom, and click "Add Domain".