session-cookies | 易学教程

ExpressJS session expiring despite activity

阅读更多关于 ExpressJS session expiring despite activity

问题 Bringing this question to SO since the express group didn't have an answer. I'm setting the session maxAge = 900000 and I see that the the expires property on the session cookie is set correctly. However, on subsequent requests the timeout is not being extended. It is never extended and the cookie eventually expires. The session middleware docs say that Session#touch() isn't necessary because the session middleware will do it for me. I actually tried calling req.session.touch() manually and

Asp.net Sessions Getting Crossed / Mixed Up

阅读更多关于 Asp.net Sessions Getting Crossed / Mixed Up

问题 Few weeks ago we had one of our customers contacting us saying that sometimes when he creates an activity it gets created under someone else's name! We did some troubleshooting and couldn't find anything. We asked the user to contact us the next time he was experiencing these issues. He did contact us and we were able to do a gotomeeting with him and see the issue with our own eyes. It was not only the activities, he was recognized as someone else in the application. He had access to

Scrapy - how to manage cookies/sessions

阅读更多关于 Scrapy - how to manage cookies/sessions

I'm a bit confused as to how cookies work with Scrapy, and how you manage those cookies. This is basically a simplified version of what I'm trying to do: The way the website works: When you visit the website you get a session cookie. When you make a search, the website remembers what you searched for, so when you do something like going to the next page of results, it knows the search it is dealing with. My script: My spider has a start url of searchpage_url The searchpage is requested by parse() and the search form response gets passed to search_generator() search_generator() then yield s

Reopening a session in PHP

阅读更多关于 Reopening a session in PHP

问题 How do I reopen a session in PHP without getting header already sent warnings? After setting all the session vars I like to set, I close the session with session_write_close(). I do this, because as long as the session is open, there may be only one active connection from the same client. But I like to have multiple parallel ones. However if I like to set another session variable at a later point, I need to reopen the session with session_start() once again. This works, but as I already send

Login to Google with PHP and Curl, Cookie turned off?

阅读更多关于 Login to Google with PHP and Curl, Cookie turned off?

I have this code for logging into Google using Simple DOM Parser with curl. I've tried adding in the cookiejar file, but to no avail. I keep getting the message: Your browser's cookie functionality is turned off. Please turn it on. Any idea on how to solve this? Here's my code for reference: $html = file_get_html('https://accounts.google.com/ServiceLogin?hl=en&service=alerts&continue=http://www.google.com/alerts/manage'); //... some code for getting post data here $curl_connection = curl_init('https://accounts.google.com/ServiceLoginAuth'); curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT,

How to secure the ASP.NET_SessionId cookie?

阅读更多关于 How to secure the ASP.NET_SessionId cookie?

问题 I have set the .ASPXAUTH cookie to be https only but I am not sure how to effectively do the same with the ASP.NET_SessionId. The entire site uses HTTPS so there is no need for the cookie to work with both http and https. 回答1: Here is a code snippet taken from a blog article written by Anubhav Goyal: // this code will mark the forms authentication cookie and the // session cookie as Secure. if (Response.Cookies.Count > 0) { foreach (string s in Response.Cookies.AllKeys) { if (s ==

How to use cURL to send Cookies?

阅读更多关于 How to use cURL to send Cookies?

问题 I read that Send cookies with curl works, but not for me. I have a REST endpoint as: class LoginResource(restful.Resource): def get(self): print(session) if 'USER_TOKEN' in session: return 'OK' return 'not authorized', 401 When I try to access as: curl -v -b ~/Downloads/cookies.txt -c ~/Downloads/cookies.txt http://127.0.0.1:5000/ * About to connect() to 127.0.0.1 port 5000 (#0) * Trying 127.0.0.1... * connected * Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0) > GET / HTTP/1.1 > User-Agent

My Laravel 5.2.10 Sessions wont persist

阅读更多关于 My Laravel 5.2.10 Sessions wont persist

问题 I have a brand new installation of Laravel 5, in fact I have tried this on multiple versions and keep hitting the same issue. I have not changed anything from the default except setting the session driver to redis. (File based also has the same issue). I have two routes set as follows Route::get('/set/{value}', function($value) { var_dump(Session::getId()); Session::set('test', $value); return view('welcome'); }); Route::get('/get', function() { return 'Get ' . Session::get('test'); }); If I

Remember me Cookie best practice?

阅读更多关于 Remember me Cookie best practice?

问题 I read about many old questions about this argument, and I thought that the best practice is to set up a cookie with username , user_id and a random token. Same cookie\'s data is stored in DB at cookie creation, and when users have the cookie they are compared (cookie data, DB data). Sincerely I can\'t understand where is the security logic if this is the real best practice. An attacker who steals the cookie has the same cookie than the original user :| Forgotten some step? :P 回答1: You should

how to unset cookie in PHP?

阅读更多关于 how to unset cookie in PHP?

问题 I need to figure out how to unset this cookie. Everything I tried so far has failed. This is how I am currently unsetting it and it doesn\'t seem to work. setcookie(\"user_id\", $user_id, time() - 7200); This is how I set it: setcookie(\"user_id\", $user_id, time() + 7200); I have this function called set_session_from_cookie() that checks if a cookie is set, and if it is set, it starts a new session using the cookie. The problem is that when I use this on my page I am unable to logout. I