|
What is use of sessions & cookies in servlets?
Started by jaffar on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Cookies are used to keep track of sessions by making the browser hold and return a unique ID (the cookie) that is used to recall the stored session-Session-Tracking.html....
Session store items between HTTP requests.
|
|
I only manually set 1 cookie on my social network site, I do rely heavily on php sessions though and I am wondering if sessions set any cookies behind the scenes?
I was just reading up on HttpOnly-cookies and I am just trying to figure out if I can use...
Started by jasondavis on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Your session data are stored only on your server that HttpOnly....
PHP sessions use HTTP to get and set the session ID, and the filesystem to store the sessions sessions rely on a cookie containing a session key.
|
|
Hi, I like to know if someone disables the cookies in my browser then cookies dont work for my browser then how can I do sessions in java. I am writing servlets for server side programming. Then how does my sessions work? How does it recognize the user...
Answer Snippets (Read the full thread at stackoverflow):
If cookies are disabled, most session providers append a URL parameter called the session data on the server....
If cookies are disabled, you can still maintain sessions by sending the value of JSESSIONID right into the url.
|
Ask your Facebook Friends
|
I am currently running an application with the following properties:
Java-based with Spring and Acegi Running on Tomcat 5 I need the ability to support user sessions without cookies. Could someone please point me in the right direction.
Thank you.
Started by Zakir Hemraj on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Maybe a custom tag security - people might email links to someone... .
However URLs to have the session as a parameter, and all forms as a hidden field.
Will try cookies, and if that fails fall back on encoding the session in the url).
|
|
Hi guys,
I want to make a login system using cookies/sessions but I'm not sure what security and such is like with them.
With sessions, if "login" is set to "yes", can I trust that? Are users able to change what it returns? Should I just store the encrypted...
Started by hatter on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
Cookies are user input, session ids that are stored session hijacking more difficult - PHP Security Guide: Sessions
This article deals with basicIf you set a session....
Rule of thumb: do not trust user input.
Are cheap.
|
|
Hi all,
Am doing online Quiz type of script in PHP. User needs to attend 50 Question in 45 minutes.
After that time it should close the page or Submit the answer to the next page.
It is better to use cookies or sessions. How can i do that.
Am novice in...
Started by ROSE on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
$_SESSION is an array() )
A good article to take a look at sessions, cookies and the inherent security risks is http://blog.themeforest.net/tutorials....
Therefor, I would recommend sessions which are only server-side.
Try to cheat.
|
|
Sorry, if this question is naive (I'm a newbie):
In codeigniter session data are saved in a cookie by default. But there must be also a file on my server (named as the session id) to verify that the data (in the cookie) is valid, or am I wrong?
I'm searching...
Started by Jennifer Weinberg on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
The cookie contains an md5 hash of the session data and the encryption key of the cookie which:
// Decrypt the cookie data if ($this->sess_encrypt_cookie == TRUE) { $session = $this->CI->encrypt->decode....
|
|
When a user logins I get him/her's ID and save it in a session var. What I wonder is, is this the way to go? Or should I use cookies? so it automatically login and so on.
session_start(); ifcorrectlogin { $_SESSION['id'] = mysql_result($loginQuery, 0,...
Started by Erkka on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
I use django which ....
I would try to find a session engine so you don't wrong.
If you want, you can they visit after the present session has expired.
Manage login/logout with Sessions.
Cookies can be manipulated very easily.
|
|
I'm considering ditching PHP's $_SESSION (i.e. the server-side session handling, to add some language-agnostic flavor) and using signed cookies instead, since I've heard so much good about them (Flickr uses them, so they ought to be good enough for me...
Started by Henrik Paul on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
In practice :)
For a nice article which explains session theft, hijack and fixation see Sessions and Cookies with a regular session though - you can give the client a cookie with a normal session id, but also....
|
|
My website is language independent, I have several language packs that I include based on user selection.
User selection form:
<form action='' method='POST'> <select name='language' onchange='this.form.submit();'> <optgroup> <option...
Started by Daniel on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
On the top of the page:
session_start(); if(isset($_SESSION['language'])) { $language = $_SESSION['language']; } else { $language = "en"; } ....
You have to use session_start() on every page if you want to use sessions.
|
