session-cookies

问题 I'm trying to set the session cookie secure flag to true. I added the following to my environments/production.rb ActionController::Base.session_options[:secure] = true In the production mode I don't see the set-cookie header in the server response (I'm using the Tamper Data Firefox tool to view the traffic). I tried removing all cookies, manually setting the domain including the child domain(since domain is shared among many applications, the appache server forwards the requests to the right

问题 I have a website that needs to perform a certain backend function once per user session. I therefore want to be able to determine whether any given page view is the first within a given session. According to the PHP docs: session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. So is there any way to know whether the session is being created or resumed? Or is this a situation where I have to check the

问题 I would expect session.size , session.length or session.count to work, but they all return "undefined method". Why, isn't session a hash? That was curiosity. The actual question: is there a way to check the size of session in KB? Currently my sessions are stored in cookies and it has a 4 KB limit, and when it exceeds, it simply stops putting new data in there. It would be nice to know when in happens, to reset the session or remove old data. 回答1: Following is how rails get the session size:

问题 I have Plone 4.3.2 (Zope 2.13.21) installed. As mentioned in the documentation (http://plone.org/documentation/kb/securing-plone) cookies should be secure and httpOnly with Zope 2.12 or higher. Also note that the suggested patch has been included in Zope 2.12.0 b1, so Plone 4, which will use Zope 2.12 or higher, won't have this problem But if I log in as admin (or another user that is defined at zope-root) the __ac cookie is not secure and not httpOnly . If I log in as a user created in a

问题 Rails throws a NoMethodError on a page whenever I try to add a form_tag to it, and gives the following error output and stack trace: You have a nil object when you didn't expect it! You might have expected an instance of Array. The error occurred while evaluating nil.[] ruby/1.9.1/gems/actionpack-3.0.5/lib/action_controller/metal/request_forgery_protection.rb:114:in `form_authenticity_token' ruby/1.9.1/gems/actionpack-3.0.5/lib/abstract_controller/helpers.rb:55:in `form_authenticity_token'

问题 The following script creates two cookies (SESSION1 and SESSION2), however, both contain the same session_id value. How can I modify this script so that both sessions will be independent? Thank you <?php $t=time(); session_name('SESSION1'); session_start(); $_SESSION['s1_'.$t]=$t; echo('SESSION1<pre>'.print_r($_SESSION,1).'</pre>'); session_write_close(); $old_session=session_name('SESSION2'); session_start(); $_SESSION['s2_'.(2*$t)]=2*$t; echo('SESSION2<pre>'.print_r($_SESSION,1).'</pre>');

问题 I'm using node with IIS by using iisnode and I'm having troubles setting the CookieSession option secure:true . I'm using HTTPS on IIS and I'm redirecting any HTTP to HTTPS. But evenw ith this, if I set the CookieSession option secure:true , the session won't have any content after login. secure: a boolean indicating whether the cookie is only to be sent over HTTPS (false by default for HTTP, true by default for HTTPS). I'm forced to use secure:false to make it work. Why is it? 回答1: CAUSE

问题 I've built a website with a user-login. Now, for some reason when I enter from the site's IP and from the site's domain a different session is created. In the website I use a global parameter, named: ROOT where: define("HOST", "localhost/final-project-management-system"); define("ROOT", "http://".HOST."/"); I give a lot of links related to ROOT in the website. When I try connect to the IP, an initial session is created, but when I move to one of the pages with ROOT involved, a new session is

问题 I am calling my Login webservice as follows String url = "http://mydomaim.com/login.php"; UserFunctions userFunction = new UserFunctions(); JSONObject json = userFunction.loginUser(userEmail, password, url); it works fine and send me response as show below { "userName":"a", "login_success":1, "user_id":"3", "session_id":"1067749aae85b0e6c5c5e697b61cd89d", "email":"a" } I parse this response, and successfully and got the session id, and stored it in an static variable(in MainActivity.java) now

问题 IE10 console can't see cookies by command document.cookie , but send them in the request! Update: 回答1: Interesting, I am using 10.0.9200.16519 and it appears to work for me as expected. 来源： https://stackoverflow.com/questions/15970490/ie10-console-cant-see-cookies-by-command-document-cookie