session-cookies

Does anyone know what changed in the configuration between Tomcat 6 and Tomcat 7 that would cause the JSESSIONID cookie to not be accessible via JavaScript? Using Tomcat 6: alert(document.cookie); // JSESSIONID=8675309ABCDEF... Using Tomcat 7: alert(document.cookie); // nothing Jeff R. Okay, I found the answer. The useHttpOnly attribute was set to false by default in Tomcat 6 , and is true in Tomcat 7 . This attribute is set for the <Context> container. <Context useHttpOnly="false" [...] /> For more information about updating from Tomcat 6 to 7: Migrating from 6.0.x to 7.0.x I'm not sure why I

I am consuming an API which returns no cookie on login,but only an auth_token as part of json response. The base URL delivers the backbonejs application. say http://www.webiyo.com/ and by default login page is displayed. I want to keep the user session even if the user refreshes the page in backbonejs app. Problem is that my API doesn't return session cookie aka auth_token cookie ( it just returns an auth_token in a response json which is needed to be passed on all the subsequent calls in the query string ) So in such situation could I set a javascript cookie on my own to track user session at

I'm making a testbench with Test'em and Mocha (that run on node.js) in order to test a PHP website. What I want is to request some URL (e.g http://www.my-website/test.php ) and get the http status code as well as the content returned. I'm doing it with the node.js Request module. The problem is: I need to be authenticated to access this page, otherwise I'm redirected to the login page. So, does it exist a way to log in my application through Node.js and keep the session open to be able to chain tests on any pages I want? I was thinking on get the PHPSESSID on login request if it is possible.

Let's say there's a site/system with a logged in member area, and users are rarely, but very inconveniently logged out while working with the site/system. It's doubtfully session expiring, since the user was not idle for very long. And even if they were idle, I added a periodic AJAX request, a so called heartbeat, which updates the sessions' access time, and modified time. I even added a touch($session_file) every time a user clicks something or a heartbeat is called. I tried regenerating session ID as well. Nothing helped. And unfortunately, so far, I was not able to reproduce the problem

I'm running Django 1.3, using Sessions Middleware and Auth Middleware: # settings.py SESSION_ENGINE = django.contrib.sessions.backends.db # Persist sessions to DB SESSION_COOKIE_AGE = 1209600 # Cookies last 2 weeks Each time a user logs in from a different location (different computer/browser), a new Session() is created and saved with a unique session_id . This can result in multiple database entries for the same user. Their login persists on that node until the cookie is deleted or session expires. When a user changes their password, I want to delete all unexpired sessions for that user from

In most ExpressJs example, I found using cookie-parser with express-session . If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser ? For future humble coders, that will stumble upon this - I'm posting an up-to-date answer: As the official description of express-session middleware says here: express-session Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret

I have an Android application which makes requests to my webserver via both a WebView and an HttpClient. I sync cookies between the two using a CookieSyncManager. So far, so good. When my application starts (inside onResume()), I run a piece of logic similar to the following: if ( appHasBeenIdleFor30Minutes() ) { CookieManager cookieManager = CookieManager.getInstance(); cookieManager.removeSessionCookie(); CookieSyncManager.getInstance().sync(); } This correctly resets any session cookies that were set from the user's previous session. My question is: will this behavior happen periodically on

I logged into my tornado backend from ios and sent back a secure_cookie and i noticed that i could also request other information as long as i validated the secure_cookie that i set. How long does NSURLConnection persist the cookie or will the cookie be deleted once they close the app? This is mentioned in the Apple docs: The URL loading system automatically sends any stored cookies appropriate for an NSURLRequest. unless the request specifies not to send cookies. A few facets to your question. To start with, NSURLConnection will, by default, manage cookies based on the settings for the device