session-cookies

问题 I have a PHP application where I set $_SESSION['user']="logged" once a user is authenticated. I call this loginpage.php. Once authenticated and the session variable set, the user is taken to a member page which starts with the lines: <?php session_set_cookie_params(0,'/'); session_start(); if($_SESSION['user'] != 'logged') { header ("Location:loginpage.php"); }?> When a user has logged in, closes the browser and then visits the members page, I expect him to be redirected to loginpage.php.

问题 I already looked at the other answers for similar questions, yet none of them worked for me. I two pieces of code, one to test that cookies were working(cookieTest.js), and one to actually use them(users.js). I tried moving the app.use() statements for the session middleware and the cookie middleware to no avail. Any ideas on how to fix this? users.js //Mongoose Setup var mongoose = require('mongoose'); var Schema = mongoose.Schema; mongoose.connect("MY_DB"); var path = require('path'); var

问题 Scenario I have the local version of a Zend Framework application open in one Chrome tab (development environment). At the same time I have the stage or live version of the same application running on a remote server open as well. I'm logged in one of the instances. When I try to log in to the other, this instance exits with a fatal error until I delete the cookies of the other instance, where I'm logged in first. The domain setting on the session cookies is not identical but the carry-over

问题 According to new EU laws I have to ask my users to opt into having cookies installed on their computers. So every time I want to set a cookie I have to see if the user has opted in and if they haven't I shouldn't set the cookie. When they come to the website a popup will ask if they want to opt in. Should they click "no" I cannot put a cookie on their computer to say they've clicked no. How do I then know, as they go through the website, that they've clicked "no"? Do I just have to show the

问题 This question already has answers here : How to fix “Headers already sent” error in PHP (11 answers) Closed 6 years ago . I am having an issue with session_start() . It is creating a new session every refresh/load of the page. here is the code: <?php $bob = session_id(); echo "Session ID on load is ".$bob; echo "<br>"; if($bob==""){ session_start(); $bob = session_id(); echo ' session ID currently is '.$bob; } // a bunch more stuff when i load the page, I get the following: Session ID on load

问题 I'm building a very basic auth system for specific pages which require a password to view. I've found several other questions that sound similar, but the only ones with clear solutions involve config settings that don't seem to resolve my problem. For some reason $this->Session->write(...) always returns false. Here's my config setting: Configure::write('Session', array( 'defaults' => 'php' )); Here's where I try to write the session in the controller action: private function _handle_auth

问题 I want to work with ratchet without Symfony session and handle session with php handler between my web application and ratchet. but it doesn't work. My code for session handling: Run server : session.php` ini_set('session.save_handler', 'memcached' ); ini_set('session.save_path', 'localhost:11211' ); use Ratchet\Server\IoServer; use Ratchet\WebSocket\WsServer; use MyApp\Chat; require dirname(__DIR__) . '/vendor/autoload.php'; require __DIR__ . './../src/MyApp/Chat.php'; $server = IoServer:

问题 I have introduced an audit table to store user login data (including auth-token) upon sign in/sign out and reading user status on each request to eliminate the asp.net cookie replay security issue. This causes an increase in time taken for each request causing performance issues. What are some other ways used to mitigate cookie replay attacks in asp.net? 来源： https://stackoverflow.com/questions/46522399/asp-net-cookie-replay-fix-without-storing-auth-token-in-server

问题 I have a Flask site that runs inside an iframe of a wordpress site. Both sites are on the same domain. That is, the wordpress site is on something like www.example.com and Flask site is on api.example.com. I need to show some user specific stuff in the iframe. So how do I read a cookie that was set by wordpress in Flask? Or check if it is set? Basically, I want to know if the user is logged in or not (session cookie present) and their username. The best would be if I could somehow integrate

问题 I'm using Heroku to deploy my Play! framework app. I have a form that uses the standard structure of public static void showForm() { render(); } public static void handleForm(@Required param, @Required otherParam, etc) { if (validation.hasErrors()) { validation.keep(); showForm(); } else { //process form parameters } } This works fine on: dev machine running HTTP at localhost:9000 heroku running HTTP at www.myapp.com dev machine running HTTPS at localhost:9443 However, for forms that do this