Site Uses Cookies - Need To Switch To Sessions
Nov 17, 2010
My site uses cookies. I need to have it use sessions instead. The reason for this is because there is a third party that needs to connect to it, and it's always requiring 3rd party cookies to be enable in the browser and that is annoying my customers. Is there any other way around this other than switching to sessions?
View 4 Replies
Similar Messages:
Feb 16, 2011
project is built using ASP.NET MVC 2.0. There're some pages is run under https and the rest run under http. Follow the artical I found on StackOverflow (http://stackoverflow.com/questions/2414327/switching-between-http-and-https-in-asp-net-mvc-1-0 ) :1.For pages that need to run under https I just add the attribute [RequireSSL] for the corresspond action method.2.To force all the rest pages run under http I have overriden OnAuthorization in the base controller:
protected override void OnAuthorization(AuthorizationContext filterContext)
{
if (!Request.IsAjaxRequest())
[code]...
View 2 Replies
Dec 10, 2010
Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.
The way I see understand it currently:
Encrypted cookies:
Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one
Problems:
Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?
How do I know that computer A is computer A and not just computer B that copied computer A's cookie?
Client Certificates:
A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised
Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?
View 1 Replies
Oct 28, 2010
In my project I have configured .NET's sessions to go into database.
I also have a global.asax which implements Session_Start().
In Session_Start() I write three things to the session:
The time the session started.
The user's host address.
A serializable device object wrapping the user's agent.
The problem is now that users which don't allow cookies won't allow session cookies either.
(Easily reproducable by putting the site URL to the restricted sites of IE).
If I keep on refreshing (put finger on F5) a new session is created for every request (-> no session cookie). Shortly, the web server process grows to some hundred megabytes.
It does not matter if you use IIS7 or Cassini Local Webserver.
The issue is now: the memory does not get released until the sessions time out. What is the logic here if sessions should really go to database? How long will .NET keep them in memory? Eventually, you'll even get Out Of Memory exceptions!
Anybody know? How to detect and prevent such (almost malicious) "attacks"?
View 2 Replies
May 6, 2010
The document http://msdn.microsoft.com/en-us/library/ms178581.aspx states the following about expired sessions:Regenerating Expired Session Identifiers By default,the session ID values that are used in cookieless sessions are recycled.That is,if a request is made with a session ID that has expired, a new session is started by using the SessionID value that is supplied with the request.This can result in a session unintentionally being shared when a link that contains a cookieless SessionID value is used by multiple browsers.As you can see it talks about "cookieless sessions" but,what is the behavior for sessions based on cookies? Does it apply to .NET Framework 3.5?
View 2 Replies
Mar 24, 2010
I create a web.sitemap file, and I set enableLocalization="true" under root node. For every child node, I special a value for resourceKey. Then I create two resource files under App_GlobalResources folder: web.sitemap.resx, web.sitemap.zh-cn.resx. In two resource files, I have filled corresponding value. Then I drag a TreeView and SiteMapDataSource control, then bind it. I try to switch different culture from DropDownlist value to show different treeview. But it always show default culture's data even if I switch to a chinese culture, I don't know why. I switch different culuture in InitializeCulture event.
View 1 Replies
Jul 23, 2010
I am trying to create an admin screen that will give me details about all open sessions in an application/site. I would also like to know how many session objects are active for each of them
Session object gives me info about my current session. How do i find info about all open sessions. How many sessions are active, etc.
View 1 Replies
Feb 16, 2011
i lunched an asp.net web-site. the main idea in the site is that:the site shows the same page, but on each next button the user clicks, the pictures in the site change randomly. im working with postback and sessions.
i noticed that when a few users try to log into my site - their sessions are merging. meaning, the first picture presented is diffrent but the second picture is the same for all the users, and so on... (moreover, pictures that appears in the begining appearing again even thow i don't allw it in my code)when i tried to debug the site locally, the random function works perfectly and there were no such problems. it haapens only when 2 users and more log into my site.
View 1 Replies
Jan 28, 2011
I'm modifying a Castle-Monorail site that I've inherited and found that it would be useful to see a list of currently online users. Currently there are Filters that determine who can access which parts of the site so I can distinguish logged in sessions from non-logged in sessions. Is there an easy way of getting a list of active sessions so that I could then work out who is logged in?
View 1 Replies
Jun 17, 2010
I am wondering if it is possible to clear a session variable if the user navigates away from my site.
My example is I have a session storing the logged in user. This is checked for user access to each page.
If the user goes to another site (e.g. google) I want them to relog into the site.
This is to prevent others getting access to a users account if they use the same pc minutes.
I do have a logout that performs this and I know that it is impossible to make users use it! :)
View 2 Replies
Apr 9, 2010
Is there anyway to actually remove all the sessions once the user leaves the site/application or when he/she closes the browser?
View 11 Replies
Feb 22, 2010
We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else.The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal.At this point I'm not yet sure what technology or authentication mechanism the 3rd party are using but just wanted to clarify what the possible options might be.If we call our hosted site B, and their portal web site A,as I see it we could:Check the referrer for all requests to B, unless they've come from A they can't get inCheck for a specific cookie (assuming A uses cookies)
View 2 Replies
Aug 17, 2010
I'm handling cookies using JavaScript to store some values in my asp.net web application.I use document.cookie to save some values (converted into a lengthy string). But i want that value to be accessible across all the pages in my application.When i try to get that value from a different page, i get the values pertaining to the document in the current URL.
In short i save the value in the cookie in http://myapp/doc1.aspx and want to retrieve it in http://myapp/doc2.aspx
So is document.cookie is pertaining to a single document scope? How can i save/read cookies across the site?
Update.This is how i get and set cookies
function getCookie(c_name)
{
try{ [code]...
But i'm getting different values for the cookies in different pages.
View 2 Replies
Nov 23, 2010
I have been experimenting with code that will clear all of the cookies in an HttpContext.Response.Initially, I used this:
DateTime cookieExpires = DateTime.Now.AddDays(-1);
for (int i = 0; i < HttpContext.Request.Cookies.Count; i++)
{
HttpContext.Response.Cookies.Add(
new HttpCookie(HttpContext.Request.Cookies[i].Name, null) { Expires = cookieExpires });
}
this will error with an OutOfMemoryException because the for loop never exits - each time you add a cookie to the Response, it also gets added to the `Request.
View 1 Replies
Apr 1, 2011
I know that if I have set a cookie on a previous request, it will show up in my Request.Cookies collection. I want to update my existing Cookie. Are the cookies from my Request.Cookies collection already copied to my Response.Cookies collection? Do I need to add a new cookie with the same key using Response.Cookies.Add(), or do I need to use Response.Cookies.Set()?
View 1 Replies
Jul 2, 2010
I have an enum:
public enum Status
{
Incomplete = 1, Complete = 2, Cancelled = 3, Deleted = 4
}
Now on a certain page I wish to list this enum in a checkboxlist. This would be fine except that I want the text of each checkbox to display different text than the enum.
i.e the check boxes should say:"Not Processed" instead of "Incomplete"
"Processed" instead of "Complete"
"Void" instead of "Cancelled"
Is it possible to put this enum in a foreach and then switch on the status and update the text. Like so:var statuses = Enum.GetNames(typeof(Status));
foreach (var status in statuses)))
{
switch (status) [code]....
View 3 Replies
Mar 1, 2011
i built web site in asp4/.net 4 using vs2010
only to find out that the hoster that i need to use (rackspace) doesn't support .net 4 except in beta
of course i can't precompile in 3.5 because of some of the assemblies
any quick way to rebuild in 3.5 without totally rebuilding the whole site in 3.5?
View 2 Replies
May 20, 2010
My switch is based on a string, the text value of an server control. code:
[Code]....
[Code]....
View 3 Replies
Mar 3, 2010
1) Should I change the iframe to a User/Server control? or just a div?
2) I currently just have HTML links with load my iframe based on the page the user wants to see. How should I load (1) from the main links?
3) I have multiple levels of user controls. So control A could dynamically load Child controls...which each of those could load child controls. Do All these controls get a scriptManagerProxy? WHere should the original scriptManager go from (1)?
View 1 Replies
Mar 4, 2011
I am new to MVC so I would like to know how would you switch the stylesheet of the view on postback?
I know how to do this in webforms but in MVC it does not appear to be done the same way.
View 2 Replies
Jan 28, 2011
currently i'm attempting to using a switch statement to change between time zone with a project for school.
if (extTime1.timeZone == "CDT")
{
switch (cboTimeZone.SelectedItem.ToString)
{
case "EST":
[Code]....
I can't seem to get the cboTimeZone to work correctly. I always thought SelectedItem was the correct choice in this situation.
View 2 Replies
Mar 5, 2010
I'm using Intelligencia url rewriting currently but have just leased an IIS 7.5 server to put my asp.net 3.5 site on. I installed the IIS URL rewriting module and was amazed at how easy it was to create rules. Creating rules with the Intelligencia url rewriter is complicated (at least for me). Are there any downsides to switching? Is there a reason for me not to move on to the Microsoft solution? This site isn't live yet, so I have time to switch
View 2 Replies
Aug 13, 2010
I am writing a condition like:
if (dt > 0) {
objinvoice.editInvoice(strInvoice, strRenew, strExpiry);
GridView1.EditIndex = -1; bindGrid(); }
I will have a radio button in gridview if that radiobutton is initially set to false and if the condition is true I would like to set it to true.
View 1 Replies
May 30, 2010
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 5 Replies
Jan 21, 2011
I wonder how it will be possible to have an imagebutton to switch between Image1.jpg and Image2.jpg with an interval of 1 second. It will loop like this Image1.jpg,Image2.jpg,Image1.jpg all the time.
For example in this case, the images will start switch if the public variable blinkImage is "true".
[Code]....
View 6 Replies