session-cookies

I have the following rule in web.config designed to identify and rewrite outbound session cookies with both the secure and httpOnly flags: <rewrite> <outboundRules> <preConditions> <preCondition name="MatchSessionCookies"> <add input="{RESPONSE_SET_COOKIE}" pattern="." /> </preCondition> </preConditions> <rule preCondition="MatchSessionCookies" name="SecureSessionCookies" enabled="true"> <match serverVariable="RESPONSE_SET_COOKIE" pattern="^(.*sess.*)=(.+)$" /> <action type="Rewrite" value="{R:1}={R:2}; httpOnly; secure" /> </rule> </outboundRules> </rewrite> This works as intended, up until

Client Side I have a java application that connects to a remote server using basic POST or GET methods: URL url = new URL(urlStr); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); conn.setDoInput(true); conn.setAllowUserInteraction(false); conn.setRequestProperty("Content-type", "text/xml; charset=" + ENCODING); conn.connect(); conn.getOutputStream().write(data.getBytes(ENCODING)); conn.getOutputStream().close(); (I cannot change this code, the only things I can change is the urlStr and the data sent to the server when

I have ocassionally detected a strange problem with PHP sessions. When I am running two PHP scripts using SAME session ID, second script is stuck until first one is completed. I guess it is because trying to open same session storage file twice. But possible I am not right. You will never catch this effect in normal site work, because user usually didn't open two or more pages simultaneously. However, if you try to get content of a page of the same site using file_get_contents() , you will catch this issue. Additionally, I have copying my cookies through context, so file_get_contents() trying

So my application is an iframe based ecommerce cart; cart session is stored on the accessing domain. When a user checks out the iframe deploys a pop up login to our SAAS (which clears our domain for cross domain cookies). After the pop up login is authenticated the popup closes and the iframe refresh and loads the user's check out with their stored information (all done correctly). The cart session is past over to the iframe via http queries, so it is correctly hitting the server. The problem area: My application deploys multiple cookies (cart session, referring site, etc), it seems that ONLY