MediaWIki Session idle time

in one mediaWiki project it happens to me that after a user has been idle for some period (like 20 minutes) he gets automatically logged out. I have already tried to set in LocalSettings.php $wgCookieExpiration = 60*60*24*365; and $wgCookieExpiration = 0; but it does not seem to work, I still get logged out. I have tested this in Chrome and Firefox. Any ideas ?

PHP session login different for url with www and without www?

I am debugging on session login, when i am login to the session will be only set for with www. When i am going to url, session login is ignored, and i will be prompted to login form again. I have set session cookie_domain also, but not working. Any one can help me? why?

Session Tomcat clustering/loadbalancing performance in production environment

I have some doubts on the performance of clustering and session management in load balanced environment. Here are my questions: What are the drawbacks of sticky-sessions and session replication. The cluster will contain 4 nodes, but many concurrent user sessions may be expected. What is the heavy load performance of both solutions? Have anyone used any of them in a production environment? How about scalability? If using persistent shared sessions - where to store the state to achieve a possibl

Session JBoss 5.X Clustered, how to send a Multicast Message?

I've 2 instances of JBoss (5.1.0 GA) in a cluster and an Apache 2.2 mod jk to do the balance. They are working fine, the sessions are replicated correctly. What I'd like to do is: Send a message (could be a multicast message) for all JBoss (nodes) in my cluster, to do a custom operation, for example to reload some objects from database to a memory. Does anyone have a suggestion for me, how can I do this? Cheers, Thomas

Session Handling in Spring MVC 3.0

I am using session.setAttribute to store user object after login. In next controller, I have @SessionAttribute for the same user and @ModelAttribute for same object to be used in the method mapped to a RequestMapping. After login if I click any link in the user home page it give HttpSessionRequiredException: Session attribute '' required - not found in session I am not sure what I am doing wrong. I went through many article and question in this site as well but could find any solution. T

session set in .php file for jumi - joomla

I run into a problem using session in .php file i attached in jumi How do i set a session in in that page? when i use : //this define and require I use from reading the other papers define( '_JEXEC', 1 ); define('JPATH_BASE', dirname(dirname(__FILE__))); define( 'DS', DIRECTORY_SEPARATOR ); require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php'); require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php'); $mainframe = JFactory::getApplication('site'); $session = &JFactor

Update current session

I have a CakePHP app where users have pages tied to their accounts. For example, the page ID 123 is tied to user 321. Whenever the user logs in, all the pages tied to his account are saved in the session. Admins are the only one who can tie a page to an user. And here is the problem. If an admin adds a new page to an user and if this user is logged, he won't see this new page tied to his account unless he logs out/in. In other words, while his current session is valid. What would be the best

Session Just how global are Coldfusion variables not declaring using “var”?

I’m using Coldfusion MX 8. I recently had a situation where variables seem to be “swapping” between sessions. I found some information regarding entire sessions swapping, but this was not the case. It was just one variable being swapped, not the entire session. My code snippets follow: var idArray = ListToArray(arguments.event.getArg("itemIDs")); var oItemDetail = 0; var oItem = 0; //Inserting this line seems to have fixed the error. var i = 0; for (i=1;i lte ArrayLen(idArray);i=i+1) { //

Session Magento - registry and current category

I have a question about Mage::registry and categories: I'm a on a category page, I retrieve current category by Mage::registry('current_category'). I've noticed that it works only for root categories, in fact if I visit a subcategory page I retrieve always the root category with Mage::registry('current_category'). So the question is: is something about backend configuration, cache or something else?

How to add the current session file name in the status line in Vim?

I recently added the sessionman plugin to my Vim configuration, and I like it so far. I understand that Vim sets v:this_session to the session file name when a session is being used and I’d like to add it to my status line. Unfortunately, v:this_session contains the full file path and it is often way too long for it to fit in the status line. So my question is: How can I extract the file name without its full path from v:this_session and add it to my status line?

Session CakePHP: How can I read in controller the string value of a flash message if set?

I need to know this so I can append messages (flashes) if needed. This way I can give the user the full feedback and avoid one flash being overwritten (in a redirect, for ex, where the last controller, usualy, can do that). I read the documentation and I did't find any option to be given in setFlash() in order to require this appending. I know there is a Session::read(), but I do not know what key to search for.. Thank you!

Playframework 2, Websockets and Session

I understand that when dealing with websockets, I can't use session. The playframework 2 websocket chat example adds the username into the url, but what if I have a user thats already loged in and I don't want to pass his username through the url, is there another way to get the users login credentials from within a websocket request? Here is what I have tried so far: Request Page from where I will connect to the socket: public static Result index(){ session("username", "mike") return

PHPUnit fails when using Silex SessionServiceProvider

I am trying to create a unit test for my Silex application. The unit test class looks something like this: class PageTest extends WebTestCase { public function createApplication() { $app = require __DIR__ . '/../../app/app.php'; $app['debug'] = true; $app[''] = $app->share(function() { return new MockArraySessionStorage(); }); $app['session.test'] = true; unset($app['exception_handler']); return $app;

Symfony 2 session and soap (web services)

I am using Symfony 2 with Soap. I passing the parameter to the Symfony with the soap. My plan is that I went to a session, but the the backup fails. This is standard save width symfony (First run): $sess = $this->getRequest()->getSession(); $sess->set('parameter', 'parameter'); echo $sess->get('parameter'); //This whill write 'parameter' when send data with soap When I remove the set function, the session will be lost than second soap run (Second run): $sess = $this->getReque

Get Crystal Report data in session

I have noticed that crystal report runs the Linq query once again when the page index is changed, means when we load second page from first page? So just wanted to know if we can get which page is loaded so that we can keep values in session. Just a hint is required as I am not getting the desired results from Google. Update: I am sorry in a hurry I just clicked on a wrong tag. So the problem is like: This is my code below which I use fr running my crystal report: var rpt = new Result();

cakePHP session non-object blog example

What is wrong with my session? Why is it not an object? I am trying the cakePHP quick start blog example. I've copied all the code, but I can't keep this error from appearing when editing, deleting or adding a blog message: Call to a member function setFlash() on a non-object I've put in debug lines in views to see the session variables and the session data seems fine. I've also added the 'Session' helper to the controller to see if that would help. Controller: class PostsController

Typo3 Extbase Set and Get values from Session

I am writing an extbase extension on typo3 v6.1 That extension suppose to do a bus ticket booking. Here what my plan is, user will select date and number of seats and submit the form. Here my plan to push the date and rate of the selected seat to session (Basket). And while making payment, I wanted to get that values from session and after payment I need to clear that particular session. So In short, How to Push and retrieve the values to and from the session in extbase. Any suggestions ? Than

Yii and Session

I'm running into a problem when a try to work with session and controllers. When I initialize my controller it starts my session without any problem. But when I call this controller a second time (my program doesn´t run the initialize function again) the session loses his value. How I'm using it: Yii::app()->session['test'] = "value"; Could you help me? Regards, Wesley

How to prevent this session fixation attack?

I am trying to understand this session fixation attack that was described in theory against mtgox (a well known bitcoin exchange): I discovered session fixation leading to account takeover. Long story short, here's exploit: name='document.cookie="SESSION_ID=SID;; Path=/code"'; location='[cancel]=cancel'; Create Checkout button

Reset session timeout in Websphere by Keypress / Mouse events

I have set the session timeout in my WebSphere as 3 Mins (Consider.Actual timeout I have set is 30 mins).I have kept my application open and just moving my mouse over the J2EE application and making some keypress which will not submit any pages.Even after 3 mins, the session of the application is retained.I need to confirm how the session is retained when some mouse move / keypress happens ? No request is being sent to server or no page submissions has been done. The session timeout for my appl

woocommerce generating more sessions than users

This is my first WooCommerce install so maybe I'm misunderstanding what is going on, but what I can see from Google Analytics is a site I put live last Friday had ~7500 sessions for yesterday, yet the session count (from _wp_session_expriry% query) in the wp_options table there would appear to be around 50000 sessions generated in the last 12 hours, since I wiped all sessions. I wiped the sessions because out of the box this table has no indexes and yet WooCommerce is hitting it with a mass of s

Amazon STS as Token Vending Machine: Is User Session Management a valid Usecase?

Recently I read this article: Now my question is... Can the Amazon STS (Security Token Service) used as a Token Vending Machine to manage user sessions for a clients of a Web Server (As opposed to Clients of AWS Services)? Assume I have a Web Application. And this Web Application has Registered Users who are Authenticated with Login Credentials. Now I wish to issue a Session Token to these Users who are Authenticated. 1. User ->

Session SFTP error : com.jcraft.jsch.JSchException: invalid server's version string

I have the below code to SFTP to a location public static void putFile(String username, String host, String password, String remotefile, String localfile){ JSch jsch = new JSch(); Session session = null; try { session = jsch.getSession(username, host, 22); session.setConfig("StrictHostKeyChecking", "no"); session.setPassword(password); session.connect(); Channel channel = session.openChannel("sftp"); channel.connect();

Session Stateless with cookie vs stateful

I found sth like this: "stateful – keep track of the previously stored information which is used for current transaction. stateless – every transaction is performed as if it were being done for the very first time. There is no previously stored information used for the current transaction. In a purely stateless environment you wouldn’t need this session id. Each request would contain all the information the server would need to process. But many applications need to maintain state to keep tra

express.cookieSession() not saving data in the cookies

I am using dynamic website to build a product website. I want to use session cookie to store some data in bowser session cookie. Here is my app.js var express = require('express'); var parseExpressHttpsRedirect = require('parse-express-https-redirect'); var parseExpressCookieSession = require('parse-express-cookie-session'); var app = express(); // Global app configuration section app.set('views', 'cloud/views'); app.set('view engine', 'ejs'); app.use(parseExpressHttpsRedirect

Flask Beaker session "AttributeError: 'Session' object has no attribute 'permanent'"

I'm using Beaker with Memcached for session management in a Flask based application, but I'm getting "AttributeError: 'Session' object has no attribute 'permanent'" while logging out a user also sometimes when the user session is active. See Error Below File "/home/hirealchemy/hirealchemy_v2/local/lib/python2.7/site-packages/flask/", line 126, in render_template File "/home/hirealchemy/hirealchemy_v2/local/lib/python2.7/site-packages

How can I prevent Grails 3 from ever creating a session?

I have a Grails 3.1 app and use the spring security plugin, with with a custom stateless authentication provider. This all works, but I still get redirects to my login screen when there is no session, and a session created (with a session id cookie). How can I instruct spring security to never use cookies, or alternatively, grails to never allow them to be created? I've seen a few answers around plain spring security but with the Grails spring security plugin, things appear to work differently

Session How to sign-in to bitbucket?

I would like to sign-in with my Google credentials on BitBucket, but each time I go to I am redirected to Which is not what I want. I also removed all the cookies related to Atlassian and Bitbucket, but I don't know to to wipe all the used internal storage for this particular website. Any idea? It seems I am not the only one with this issue It works from the incognito page, so it is somehow cookie r

How can one find out if xfce session is locked?

i have to limit working xfce-session by 30 minutes, then lock it and prevent from unlocking for next 60 minutes. I can find that one's xfce-session is active by ps -aux | grep xfce-session I can lock the screen with xflock4 But how can i find out in cron script that the user's screen is locked?

TLS session resumption with HAproxy load balancer

After configuring application to work with TLS CPU consumption has got up to 10%. I suppose it is because of TLS Handshake that happens every time. On standalone environment I don't have such an effect. But when I am trying to use HAProxy LB it seems to me that session is cached for one node however when request came to another it need to perform handshake again. How can I configure LB or tune it in order to avoid extra handshakes? Tried to increase session cache it does't help. tune.s

Tensorflow does not release the memory after session close

I have two models. Both model A and B works with training and test when I run them separately. To be more efficient in training two models with same dataset, I put their running code together. A.close_session() # this closes session with sess.close() at it occurs Resource exhausted error! So it seems like it does not release the memory when I do the sess.close() after This 'sess' is an attribute both A and B has separately as well. - mean

Session Admin is not saving the conguration changes magento 1.9

When I make some changes in admin , after saving the configuration , the changes are not reflection on admin but when I logout from admin and again get log into the admin the changes reflects on admin panel ? I have renamed the var folder but nothing is happen. enter image description here e.g. 'call to order' is set to no , and if I change it to yes and save it then it will not refelect the changes. But if I log out from the panel and do login again it will show the changes I made before.

Session vs JWT Token in nodejs with large payload

I am working on a nodejs project and coming from a PHP background. I am pretty impressed with frontend and backend development separately and communicating with API calls. # Issue: I need to authenticate the user and store some data of the user (which is always needed in the server), this user data which results in increased jwt payload size and jwt token will be large. So I used JWT token mechanism, generated a token after successful login and send it to the client, then the client add that

Unable to store session in DB

Morning my website was down ! i get to know that because of file count in my server Later i noticed the var/session folder have lot of files , i have deleted those session files then my website works fine ! and i was searching for the solution , so someone said instead of keeping session in folder store in database ! reference link So based on that reference i have made changes in 'app/etc/local.xml' <session_save><![CDATA[db]]></session_save> But still the session

Sapper/svelte3 session not synchronizing without page reload

I'm having trouble getting Sapper to synchronize session changes made in my server-side routes without a pageload. My example scenario is that I load my app with no user in the session, my server-side login route sets the user to the session, and I use goto to got to the dashboard. The problem is that the session argument in the dashboard's preload function isn't populated. If I use window.location.href = '/dashboard', it is, because it's running through Sapper's page_handler. But if I do a cl

Using Isset with native sessions in CodeIgniter

I've read about how CI handles sessions differently than native sessions and feel slightly insecure about storing all the data in a cookie(?), unlike PHP's native session which only stores the session ID(?). So I've decided to use native sessions without the CI native_session library. Now, I know that the Input Class in CI validates Isset with a true/false statement like this: if ($this->input->post('something')) which renders the Isset function unable to work (it gives an error). Howe

Huge number of session files in tomcat running wicket application

I am running an wicket 1.5.7 application on Tomcat 6 and CentOS. Last 7 days I have a huge number of session folders in tomcat work folder. Those folders doesn't get deleted after session has expired. If I take a look a folder last update date, it seems like new session is created every 10 secs, which should not be like that if I take a look a traffic. That is causing my disk very quickly becomes full.All pages are state-full and for most of them I am using public class MountedMapperWithoutPag

Orbeon session expired handling

In ORBEON 4.1 is very strange session expired error handling ... When using DEV mode, than we get plain text error page +----------------------------------------------------------------------------------------------------------------------+ |An Error has Occurred | |----------------------------------------------------------------------------------------------------------------------| |Session has exp

Jetty - capping sessions for crawlers/anonymous

I'm looking for a way of capping number of sessions created for crawlers and/or anonymous users on my webapp (running on Jetty). I want to decrease number of sessions on the app. There are multiple sessions created for crawlers as many of them do not respect cookies. That would also help when app gets under DDoS. There is already a solution for tomcat ( 'crawler session valve') but I need solution for Jetty. What would be your recommendation on capping unwanted sessions? Thanks, JB

how to close shiro session

I met an error when hardcode try to logout with shiro. user do login and logout not through web login/logout url, but backend link. when login, it works. Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(request.getParameter("username"), request.getParameter("password")); token.setRememberMe(true); try { currentUser.login(token); } catch (AuthenticationException e) { e.printStackTrac

How to use a parse session token to make requests with graphql

I have a parse app and I want to send in the sessionToken with each request so I know which user is accessing what. Just like this post mentioned. How to build a web app with GraphQL + Daniel left this comment and I can't seem to do what he mentions. If the user has signed in on the client, you could potentially pass up a session token to the server to allow for the parse queries to be made with that session token (for ACL reasons). In Relay, I see that you can inject the sess

How to setup session and CSRF protection in Plug?

I'm currently learning Elixir by trying to make a small Plug project. Most of it goes fine except for sessions and CSRF protection. When I make GET requests, I see no session cookies in Firefox or HTTPie, and when I make POST requests, I get a 500 error (but the logger is silent). Here's my current router code: defmodule ElxSimpleApi.Web do require Logger use Plug.Router import Plug.Conn alias ElxSimpleApi.{Models, Repo} plug Plug.Logger, log: :debug plug Plug.Parsers, parsers:

Cookie Session-Node Js Safari Issue-Session Id coming undefined in req.headers.cookie

I am facing the issue where I am unable to get the sessionID in Safari. I am unable to get the session id in my further calls in localhost as well as in https calls. Below code I am using in my server.js. In Chrome and Firefox it is working fine. Problem is in Safari only. I am using cookie-session package of node. Please help. Boot.App.use(session({name: 'checkSession',keys: new Keygrip(['app-key-1'], 'SHA384', 'base64'),secure: false,httpOnly: true,domain: doc.Domain.ENV,maxAge: 31536000000

  1    2   3   4   5   6  ... 下一页 最后一页 共 17 页