Safe To Use Request.ApplicationPath For Cookie Path
Mar 25, 2010Is it safe to use such code?
Response.Cookies[cookieName].Path = Request.ApplicationPath + "/";
I want to know about all corner cases.
Similar Messages:
Get Rid Of Virtual Directory Name From Request.ApplicationPath?
Mar 23, 2010I have developed web application that is hosted under a virtual root directory named "MyVirtualRoot".
So whenever I use Request.ApplicationPath it returns "MyVirtualRoot" which is theoritically correct. But whenever I redirect the user using response.redirect the address bar shows the name of virtual directory.
For example when I say:
Response.Redirect("~/Cart.aspx", false);
The path in the address bar appears as www.mydomain.com/MyVirtualRoot/Cart.aspx which is theoritically correct but I want to get rid of the "MyVirtualRoot".
How can I do that without making changes to all the pages with minimum impact. I am sure there is some way to achieve this but not able to get through.
Safe Way To Encode A Cookie Value In C#?
Apr 23, 2010When storing a value in a cookie using C#, what is the best way to encode (or escape) the value so that it can be retrieved and decoded/unescaped reliably?
I'm not talking about encryption.
MVC :: Error Reading Cookie With Associated Path
Nov 19, 2010I'm seeing some weird behavior within MVC 2 in regard to reading cookies. I write a cookie and specify a path. I intermittently see a null value returned for this cookie within my MVC application. I've verified throug Firebug that the browser is sending along the cookie in the request headers. When debugging, I can see the cookie in the headers (i.e.) Request.Headers["cookies"] but when trying to access the cookies collection, it's null (Request.Cookies["mykey"].
I'm using the AsyncController. Since this the issue is intermitent, is it possible there is a race condition?
Html - Setting Path And Expiration For Session Cookie
Mar 25, 2010Anything I have tried didn't work. Currenly I have following code to change asp.net session cookie expiration date and path, but asp doesn't want to listen to me. I sends same cookie in Set-Cookie header two times sometimes, sometimes it sends it's default cookie ignoring path and expiration date, sometimes it sends everything as expected, and sometimes it doesn't send Set-Cookie at all. What should I do.
My code in Global.asax
protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e)
{
/// only apply session cookie persistence to requests requiring session information
if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
{
var sessionState = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
var cookieName = sessionState != null && !string.IsNullOrEmpty(sessionState.CookieName)
? sessionState.CookieName
: "ASP.NET_SessionId";
var timeout = sessionState != null
? sessionState.Timeout
: TimeSpan.FromMinutes(20);
/// Ensure ASP.NET Session Cookies are accessible throughout the subdomains.
if (Request.Cookies[cookieName] != null && Session != null && Session.SessionID != null)
{
Response.Cookies[cookieName].Value = Session.SessionID;
Response.Cookies[cookieName].Path = Request.ApplicationPath;
Response.Cookies[cookieName].Expires = DateTime.Now.Add(timeout);
}
}
}
C# - Is It Safe To Use Server.Transfer() To Transfer A Request To A Static Image (.jpg - .png)?
Feb 8, 2011I have a class which implements IHttpHandler that is designed to handle image resize requests. It handles Urls like so [URL] Currently the handler looks for myimg.jpg on disk, cuts a 100x100 thumbnail (if it isn't already present) and redirects the client to the thumbnail like so Response.RedirectPermanent("/some/virtualPath/to/thumbnail.jpg");
This has been working great, but I would like to avoid forcing the client to issue a second HTTP request. Is it safe to do the following? Server.Transfer("/some/virtualPath/to/thumbnail.jpg") All the MSDN documentation talks about using Server.Transfer() to redirect to an aspx page, so I'm not sure if this is the right thing to do or not.
Web Forms :: "Request Is Not Available In This Context" For Threaded Call To Request.Path
Dec 22, 2010How do I call Page.Request properties from a thread after the host headers are gone.
I used:
[Code]....
in Page_Load, but still get the error.
My ASP.NET Web app has a thread which calls a method in the Page. This method then calls:
searchQuery = Page.Request.Path
This throws an exception with a message of, "Request is not available in this context."
Why Is Cookie Available In Request Immediately After Setting Using Response
Aug 4, 2010In pageload, if you do Response.Cookies.Add(..., immediately in the next line, you can access that cookie via Request.Cookies(... I know that under the covers, the cookie is added to Request.Cookies by .net, but the original request never had that cookie.
If what I'm saying is correct, why is it this way? Shouldn't the cookie be available in the following request? Shouldn't the immediate access to Request.Cookies(... be null?
Installation :: Unable To See Cookie In Request.cookies?
Jun 11, 2010I set up my 1.1 and 2.0 applications to run on the same website (in different app pools) But the application written in 2.0 code cannot read a cookie on the request coming from a different system.Similar code reads the cookie on the 1.1 website.If I deploy my 2.0 application on a different machine, the code works fine and gets the cookie. Here's the code:
IsNothing(Request.Cookies("HRWebSession"))
In 1.1 application the above returns false, and in 2.0 above returns true. On debugging and watching the value of response,cookies, I dont see the cookie. Since the same application works fine on another server, I am assuming there is some error in my setup. I am using IIS 6 on W2003 r2.
Web Forms :: Set Cookie In Response Not Coming Back Through Request
Jul 6, 2010My web site is integrated into a client web site. Client web site reaches out to my site through an Xml request and I return Html embedded in an Xml response. Client site then displays the Html in an area on a page on their site. All is well so far...
Now, there is a link on the Html that does an HttpPost back to my site which causes a re-direct to another page on my site. i.e. [URL] -> HttpPost -> [URL]-> Response.Redirect("CookieTest.aspx"). Still, all is well. [URL]
All of the above can occur without authentication to mysite. Where I start running into problems is when CookieTest wants to do a FormsAuthentication.SetAuthCookie(). If I put a button on CookieTest that does FormsAuthentication.SetAuthCookie() and then Response.Redirect("SecurePage.aspx"), still under [URL], the SecurePage does not recognize the authentication because the auth cookie is not present.
1. Navigate straight to CookieTest.aspx
So I simplfied the problem into basic cookie set/read excercise and used the code below to test out cookie writing/reading ability. When I call the page directly from the browser I see that on initial load the response cookies are empty. Then on button click I see that the cookie is properly set in the response. Then on subsequent page refresh I see that the page load shows the request cookie.
2. Navigate to CookieTest.aspx in an HttpPost from [URL], as mentioned above.
Now on button click I see the cookie in the Response but do not see it come back in the Request of subsequent page refreshes, as if the client browser is rejecting cookies set by my server.
3. Navigate straight to CookieTest.aspx, then do the HttpPost from [URL]
In this case, since the cookie was set during a straight navigation to CookieTest.aspx, the cookie is present in the subsequent HttpPost/Redirect from [URL]. CookieTest.aspx has full access to the cookie and can even delete it.
4. Have CookieTest.aspx pop a new browser window simply sets the cookie and closes itself down.
Similar to #3, if the cookie is set through a popup window and then CookieTest is refreshed the cookie is present in the Request.
Notes:
The code does prove that the client browser accepts cookies.
When my page (CookieTest.aspx) is shown within the frame on the [URl] page, during any link back to my server, the Request.Url.Host shows my domain.
[code]....
State Management :: Random Value Cookie For Each Page Request?
Nov 19, 2010How do I create random value cookie for each Page Request in ASP.Net CS file.
Random value cookie should have server path.
State Management :: How To Set Cookie Expiry Time Towards 20mins From The Last Request
Dec 25, 2010how to set the cookie expiry time towards 20mins from the last request.
View 2 RepliesC# - MVC Action With ApplicationPath?
Mar 20, 2010i'm creating a mvc application and i'll use under subdomain like http://myapp.mycompany.com
This subdomain is pointing to app subdirectory, but my actions are always generated with applicationPath (subdirectory) like:
http://myapp.mycompany.com/myapp/Home/About
// I want just this without additional paths
http://myapp.mycompany.com/Home/About
Is there any configuration related to this?
Is this the correct way to generate links?
<%= Html.ActionLink("About", "About", "Home") %>
Iis6 - Redirect Any Request To Another Domain Of The Same Path?
Feb 17, 2010I'm going to be in a situation where I'll have www.DomainA.com and www.DomainB.com, each having seperate IPs. All requests to www.DomainB.com/{Path}, I'd like to redirect to www.DomainA.com/{Path}.
My initial reaction was, in the base directory, to simply create a HTTPModule and Web.config to add in the module, where the module would then redirect the request to DomainA.
The only problem with this is IIS is not executing the module, and instead determining itself whether or not there is a matching file or application to run based upon the requested path (i.e. so you'll either get an error about the requested file not existing, or a security error about not finding the requested application).
What do I need to change in IIS to always run my module? Or is there any easier way to do this using .Net 2.0 & IIS6?
C# - Request.files Adds The Path On Localhost?
Jun 25, 2010I'm using Request.Files to obtain a file that the user is uploading on my web page.I noticed that if I use the filename property in IIS it gives me a path + filename, however if I run in cassini it only gives me the filename no matter what directory I use.Why is this? And, is there a way to just use the filename when in IIS?
View 1 RepliesWCF / ASMX :: A Potentially Dangerous Request.Path Value Was Detected From The Client (&)?
Mar 26, 2010[Update : I have inserted this post in "XML Web Services" section by mistake, so if you are a moderator or Admin, please shift it to "Security" section or any other relevant section]
I am working with WCF REST Service Application in .Net 4.0 and my service is hosted on II7 (Windows 7 Ultimate - 64 bit).My service and all other code is working completely fine.But when I use the '&' character in request url, it shows the following Error.I have already tried adding following section in my web.config as shown here on www.asp.net
<system.web>
HttpHandlers / Modules :: A Potentially Dangerous Request / Path Value Was Detected From The Client (?)
May 24, 2010I am using Webhandler to upload images to the server. I want to send the folder name so on that folder the images will save. I am using this URI format and got the below error.
builder.Path = builder.Path.TrimEnd('/')
+ "/Services/FileReceiver.ashx?foldername=" +
folder;
this.Uri
= builder.Uri;
Also I added the following line in the web.config but still having the issue.
<httpRuntime requestValidationMode="2.0" />
A potentially dangerous Request.Path value was detected from the client (?). Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (?).
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack
Trace:
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +8884233
System.Web.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +35
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
Version
Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
State Management :: Remove Item (Cookie) From Basket (Cookie Collection)?
Sep 8, 2010I am busy building a shopping cart with cookies. I have datalist which I populate from the cookies with a delete button next to each cookie
[Code]....
Now the problem is that when I hit the delete / remove button to expire the cookie, what happens when repopulating the datalist is that it shows the original cookie with all it's values as well as a new entry where all the values are blank.
State Management :: Updating Cookie / Change The Value In A Cookie?
May 10, 2010I want to change the value in a cookie:
HttpCookie hc = new HttpCookie("HiddenColumns");
hc.Value = customView.HiddenFields;
hc.Expires = DateTime.Now.AddDays(365);
Response.SetCookie(hc);
Or this way:
Response.Cookies["HiddenColumns"].Value = customView.HiddenFields;;
Response.Cookies["HiddenColumns"].Expires = DateTime.Now.AddDays(365);
But when I retrieve the cookie value, it is still old, unless I do postback. I don't want to use Redirect.
WCF / ASMX :: Cookie Refuses To Get Set When Asking For A Cookie From Webservice
Jun 8, 2010I'm trying to use a webservice that first expects the clients to login, to retrieve a cookie to re-use.
This is done through a login(string user, string pass) method on the webservice.
Doing this through a browser works fine, we get a cookie, and we can see the cookie via Fiddler or whatvever proxysniff thingy.
Time to do the same in ASP.Net, so we use the WSDL and generate a nice proxy class, and it works fine to call the login() method, but Never Ever does a cookie get set !
I already used the "cookiejar" technique - which means i create an instance of a CookieContainer and assign it to the proxyclass like this;
var cookies = new CookieContainer(3);
Is VSS 2008 Really "safe" Was VSS 2005 "safe"?
Sep 21, 2010There is not a clear category on the site where to post this, so giving it a shot here.
Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.
The company where I work is thinking about moving to VSS because of the MSDN subscription.
My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.
So is VSS 2008 Really "safe" was VSS 2005 "safe" ?
How To Find The Cookie In IEs Cookie-store
Jun 14, 2010I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie. My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So far so good.
But I cannot find the cookie in IEs cookie-store! Nor does "remove all cookies" reset the session (as it does in FF)... So where - I am tempted to write that four letter word - does IE store that bloody cookie? Or am I missing something? By the way there is no hidden field with a session id either, as far as I can see. If I check in FF there is a cookie called ASP.NET_SessionId as I would expect. And as mentioned above deleting that cookie does start a new session; as I would expect.
ADO.NET :: EF4 CTP5 Safe To Use?
Feb 28, 2011I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.
View 1 RepliesModify The Temporary Folder Path Returned By System.IO.Path.GetTempPath() Method?
Jul 21, 2010Exsits any way to modify the temporary folder path returned by System.IO.Path.GetTempPath() method?
My asp.net application run under iis 7.
Web Forms :: Converting A Physical Path To Virtual Path And Vice Versa?
Oct 7, 2010I have a code to open PDF file, like this
[Code]....
Over here I have created a folder with name Data inside my solution, so the Server.Mappath("Data") as well the statemet for converting assigning the src property of the IFrame I1 is working properly. But I want to use the files from a folder which resides in a network folder like