session-cookies

I am getting two PHPSESSID while printing $_SERVER['HTTP_COOKIE'] . Actually I don't know how it is set twice, its only in my local system. When I check the SERVER cookie it like: echo $_SERVER['HTTP_COOKIE']; //result 'fe_toolbar=false; fe_toolbar=false; PHPSESSID=4tvbovcjk0msf9dvibeb31c2b7; langId=1; backendLangId=2; PHPSESSID=46aagg1hg7as2uh9bihjlpp8h7' When I check my cookie alone like : print_r($_COOKIE); //result array ( 'fe_toolbar' => 'false', 'PHPSESSID' => '4tvbovcjk0msf9dvibeb31c2b7', ) You can have multiple cookies with the same name. This happens when you set cookie with different

I want websites to not able to read cookies or write new cookies in a webbrowser c# control application. I will prefer to disable all read/write cookies operation for all websites when the webbrowser c# application runs, if not then I have a list of websites whose read/write cookies operation should be disabled. I am using .NET 2.0 framework but can also use 4.5 JoshVarty You can't disable cookies only on your web browser control. The control is essentially an embedded Internet Explorer and shares the user's Internet Explorer settings. If you don't mind blocking cookies on all other instances

i know there is a lot of questions on this already but I still didn't seem to find a definitive answer. What i'm looking to do is have users be remembered after they login for say 2 weeks or until they log out. Below is what I think should be happening and I was wondering if anyone with a bit more experience could tell me if i'm right or wrong. User logs in for the first time. An RPC call to the server returns a 'UserInfo' object which includes with it a new sessionID. Aka on the server this happens and user is returned: user.setSessionId(getThreadLocalRequest().getSession().getId()); Now

javax.servlet.http.Cookie implements java.lang.Cloneable In Cookie method, there is a method call "setSecure" , what does it use for? if i setSecure(true), is there anything i need to do on my client(javascript) side to read the cookie? what is different set/without setSecure? All that setSecure(true) does is tell the browser that the cookie should only be sent back to the server if using a "secure" protocol, like https . Your JavaScript code doesn't have to do anything different. Yup this ensures that your session cookie is not visible to an attacker like man-in-the-middle attack. Instead of

I've a Flask application, served with Nginx+WSGI (FastCGI & Gevent) and use standard Flask sessions. I do not use the session.permanent=True or any other extra option, but simply set SECRET_KEY in the default configuration. I do not save any (key,value) pairs in the session, and only rely on the SID = session['_id'] entry to identify a returning user. I use the following code the read the SID : @page.route ('/') def main (page='home', template='index.html'): if not request.args.get ('silent', False): print >> sys.stderr, "Session ID: %r" % session['_id'] I made the following observations: For