Search Results

Search found 18690 results on 748 pages for 'jquery cookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 624/748 | < Previous Page | 620 621 622 623 624 625 626 627 628 629 630 631  | Next Page >

  • Setting up a "cookieless domain" to improve site performance

    - by Django Reinhardt
    I was reading in Google's documentation about improving site speed. One of their recommendations is serving static content (images, css, js, etc.) from a "cookieless domain": Static content, such as images, JS and CSS files, don't need to be accompanied by cookies, as there is no user interaction with these resources. You can decrease request latency by serving static resources from a domain that doesn't serve cookies. Google then says that the best way to do this is to buy a new domain and set it to point to your current one: To reserve a cookieless domain for serving static content, register a new domain name and configure your DNS database with a CNAME record that points the new domain to your existing domain A record. Configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain. In your web pages, reference the domain name in the URLs for the static resources. This is pretty straight forward stuff, except for the bit where it says to "configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain". From what I've read, there's no setting in IIS that allows you to say "serve static resources", so how do I prevent ASP.NET from setting cookies on this new domain? At present, even if I'm just requesting a .jpg from the new domain, it sets a cookie on my browser, even though our application's cookies are set to our old domain. For example, ASP.NET sets an ".ASPXANONYMOUS" cookie that (as far as I'm aware) we're not telling it to do. Apologies if this is a real newb question, I'm new at this! Thanks.

    Read the article

  • Uploadify and rails 3 authenticity tokens

    - by Ceilingfish
    Hi chaps, I'm trying to get a file upload progress bar working in a rails 3 app using uploadify (http://www.uploadify.com) and I'm stuck at authenticity tokens. My current uploadify config looks like <script type="text/javascript" charset="utf-8"> $(document).ready(function() { $("#zip_input").uploadify({ 'uploader': '/flash/uploadify.swf', 'script': $("#upload").attr('action'), 'scriptData': { 'format': 'json', 'authenticity_token': encodeURIComponent('<%= form_authenticity_token if protect_against_forgery? %>') }, 'fileDataName': "world[zip]", //'scriptAccess': 'always', // Incomment this, if for some reason it doesn't work 'auto': true, 'fileDesc': 'Zip files only', 'fileExt': '*.zip', 'width': 120, 'height': 24, 'cancelImg': '/images/cancel.png', 'onComplete': function(event, data) { $.getScript(location.href) }, // We assume that we can refresh the list by doing a js get on the current page 'displayData': 'speed' }); }); </script> But I am getting this response from rails: Started POST "/worlds" for 127.0.0.1 at 2010-04-22 12:39:44 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (1.0ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (6.6ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (12.2ms) This appears to be because I'm not sending the authentication cookie along with the request. Does anyone know how I can get the values I should be sending there, and how I can make rails read it from HTTP POST rather than trying to find it as a cookie?

    Read the article

  • Explicit script end tag always converted to self-closing

    - by Jonas
    I'm using xslt to transform xml to an aspx file. In the xslt, I have a script tag to include a jquery.js file. To get it to work with IE, the script tag must have an explicit closing tag. For some reason, this doesn't work with xslt below. <?xml version="1.0" encoding="utf-8"?> <xsl:stylesheet version="1.0" xmlns="http://www.w3.org/1999/xhtml" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" exclude-result-prefixes="msxsl" xmlns:asp="remove"> <xsl:output method="html"/> <xsl:template match="/"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>TEST</title> <script type="text/javascript" src="jquery-1.2.6.js"></script> But if I change the script tag as shown below, it works. <script type="text/javascript" src="jquery-1.2.6.js"> // <![CDATA[ // ]]> </script> I thought that the <xsl:output method="html" /> would do the trick, but it doesn't seem to work? /Jonas

    Read the article

  • Login to website using PHP and get text from page

    - by Anthony Garand
    I am trying to login to a website and grab content from a page you must be authenticated to see. I have done some research and have seen some examples using both cURL and stream_context_create but I cannot get either way to work. I have the url for the page to login to, and the page that contains the data I need to get. Your help is much appreciated! Here's what I'm working with: <?php $pages = array('home' => 'https://www.53.com/wps/portal/personal', 'login' => 'https://www.53.com/wps/portal/personal', 'data' => 'https://www.53.com/servlet/efsonline/index.html?Messages.SortedBy=DATE,REVERSE'); $ch = curl_init(); //Set options for curl session $options = array(CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)', CURLOPT_SSL_VERIFYPEER => FALSE, CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_HEADER => TRUE, //CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_COOKIEFILE => 'cookie.txt', CURLOPT_COOKIEJAR => 'cookies.txt'); //Hit home page for session cookie $options[CURLOPT_URL] = $pages['home']; curl_setopt_array($ch, $options); curl_exec($ch); //Login $options[CURLOPT_URL] = $pages['login']; $options[CURLOPT_POST] = TRUE; $options[CURLOPT_POSTFIELDS] = 'uid-input=xxx&pw=xxx'; $options[CURLOPT_FOLLOWLOCATION] = FALSE; curl_setopt_array($ch, $options); curl_exec($ch); //Hit data page $options[CURLOPT_URL] = $pages['data']; curl_setopt_array($ch, $options); $data = curl_exec($ch); //Output data echo $data; //Close curl session curl_close($ch); ?> Cheers, Anthony

    Read the article

  • setcookie, Cannot modify header information - headers already sent

    - by Nano HE
    Hi,I am new to PHP, I practised PHP setcookie() just now and failed. http://localhost/test/index.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> </head> <body> <?php $value = 'something from somewhere'; setcookie("TestCookie", $value); ?> </body> </html> http://localhost/test/view.php <?php // I plan to view the cookie value via view.php echo $_COOKIE["TestCookie"]; ?> But I failed to run index.php, IE warning like this. Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\test\index.php:9) in C:\xampp\htdocs\test\index.php on line 12 I enabled my IE 6 cookie no doubt. Is there anything wrong on my procedure above? Thank you. WinXP OS and XAMPP 1.7.3 used.

    Read the article

  • How to log in to a vbulletin forum with C#?

    - by Yustme
    Hi, I'm trying to log into a vbulletin forum. I got this far: private string login(string url, string username, string password) { string values = "vb_login_username={0}&vb_login_password={1}" values += "&securitytoken=guest&cookieuser=checked&do=login"; values = string.Format(values, username, password); HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); CookieContainer a = new CookieContainer(); req.CookieContainer = a; System.Net.ServicePointManager.Expect100Continue = false; // prevents 417 error using (StreamWriter writer = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII)) { writer.Write(values); } this.response = (HttpWebResponse)req.GetResponse(); StringBuilder output = new StringBuilder(); foreach (var cookie in response.Cookies) { output.Append(cookie.ToString()); output.Append(";"); } return output.ToString(); } It looks like i am getting logged in, but when i download the page, i can't find my username in it. Do you guys see anything that i might be doing wrong? Thanks in advance!

    Read the article

  • Ajax.BeginForm driving me crazy

    - by Fabio Milheiro
    ASP.NET MVC3 I have a partial view that is initially rendered inside a div. The following is the partial code: @model Venue.Models.Validation.CustomerRequestModel <script src="@Url.Content("~/Scripts/jquery-1.4.4.min.js")" type="text/javascript"></script> <script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"></script> <script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")" type="text/javascript"></script> <script type="text/javascript" src="/Scripts/MicrosoftAjax.js"></script> <script type="text/javascript" src="/Scripts/MicrosoftMvcAjax.js"></script> <script type="text/javascript" src="/Scripts/MicrosoftMvcValidation.js"></script> @{ Html.RenderPartial("Message"); } @Html.ValidationSummary() @using (Ajax.BeginForm( "Customer", "Service", null, new AjaxOptions() { HttpMethod = "post", InsertionMode = InsertionMode.Replace, LoadingElementDuration = 100, LoadingElementId = "loading-customer", OnBegin = "hideSubmitButton", OnSuccess = "hideForm", OnComplete = "showSubmitButton", OnFailure = "showErrorMessage", UpdateTargetId = "formclientes", }, new { id = "customer-form" })) { // Fields are all type="text" although some are numbers. <input type="text" name="Address" class="clientes_form" /> } The action: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Customer(CustomerRequestModel customer) { // ... } In the immediate window, this is what I get: this.Request.IsAjaxRequest() false Why?!

    Read the article

  • PHP, We have sessions, and cookies....I love cookies, but they are blowing my mind right now.

    - by Matt
    I am not sure how to go about accessing the variable I need to set on a cookie... I was thinking about using the $_POST global but I dont know how based on my design if it will work. I am using a master page type design seperating index.php from my function includes and database information and individual pages (that will be returned to an include in index.php based on a $_GET) Okay so back to my question. What is the most efficient way to set a cookie on a design that has a main page that everything will branch from. How would I pull the value. Is $_POST a good enough way to go about it? Also...by saying it must be the first thing sent...does that mean I cannot run any serverside scripts before that? I could definately utilize a login query I think but I dont want to write code just to be dissapointed based on my lack of time and knowledge. I did search for answers...I know this most likely feels like a generic question that could be answered in a difference place...but I know I will get an accurate and professional answer here...so I dont want to bet on the half answers I found otherwise. Of course I will sanitize everything and not store any sensitive information (passwords,address,phone,or anything really for that matter besides some kind of session ID and the username) If this is confusing I am sorry but I am on a gov computer...and they lock these tighter than ft knox...so getting my code on here will be a chore until I get back to my room. Thanks, Matt

    Read the article

  • IIS 6 forces AppRoot/Starting Point to upper case when Virtual Directory is imported from a file

    - by user276464
    I have searched the web for this and couldn't find anything (well one remotely relevant post), so here I am. We have multiple ASP.NET apps in IIS 6 using Forms Authentication with dedicated path for each app. Since path is case sensitive it must match URL's path section exactly. However, because of an incorrect casing in IIS 6 Metabase for AppRoot (or Starting Point in IIS UI) bowser doesn't send Form cookie to the server whenever URL is previously resolved on the server and sent to client in incorrect case. Example: App URL = "https://Test.net/Application1" Cookie path = /Application1 Metabase AppRoot = /LM/W3SVC/1393818691/ROOT/APPLICATIONPATH1 Resolved URL = "https://Test.net/APPLICATIONPATH1" Now to the root cause... We create virtual directories on test server manually in a specific case (matches Path for each application). We then export virtual directory using UI to an XML file, which is then imported to another server (let's say production), at which point IIS decides to uppercase AppRoot element of the metabase. Can anyone shed some light on this? Is there a setting on IIS I am not aware of? I am trying to avoid manual edit of metabase after the import. Is that a bug?

    Read the article

  • Creating cookieless application on development machine with asp.net

    - by zaladane
    I tried posting this on ServerFault with no luck so i am trying here. I am thinking about setting up a new domain to host static content on my website and have it cookieless just like Stackoverflow with their static domain. So before going ahead and buying the domain and setting it up I wanted to test it on my developement machine first under localhost (I have to mention that i am planning on having IIS running on my new domain for the static files). I therefore created a new application under IIS and disabled session state and forms authentication. When my main application needs resources like css, images and js , I use the path to the "static" application where they are hosted. The problem is that when I look at the request and the response for the requested files, they still have the session_id cookie defined as well as the asp.net authentication cookie. Is it at all possible to accomplish what i am trying to do on a development machine or do i have to just go ahead and purchase the new domain which hopefully with make things right? I tried to read about cookieless domain but can't figure out what i might be missing.

    Read the article

  • Codeigniter: Base_url doesn't seem to be working

    - by Dwayne
    I have developed a simple site that fetches tweets from the Twitter public timeline, caches them for 60 seconds and so on. I have recently moved hosts from Hostgator to Mediatemple and my site was previously working fine on Hostgator. My application doesn't use a database connection, nor does it use any form of flat-file database either. Tweets are cached in an XML file stored in the root directory, not that most of that is important. The url helper is being included as can be seen below (this is my helpers line from autoload.php): $autoload['helper'] = array('url'); I have also removed my index.php file from the URL using .htaccess directives and once again this was previously working on Hostgator (see my .htaccess code below): RewriteEngine On RewriteRule ^(application) - [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule .* index.php/$0 [PT,L] In my home.php view file which is in the views folder inside of application, I am using the function base_url() which was previously working on Hostgator inside of my view files and appending it a base href value in my header: <base href="<?php echo base_url(); ?>" /> Here is what my base_url value looks like in the config.php file: $config['base_url'] = "http://threetune.com/"; Although what appears to be happening is that the base_url is not to be seen at all. It doesn't appear to be echoing out the value of base_url as it appears to be empty for some reason. What makes things weirder is that I have a link in another view file called 'fetch.php' and for some reason it appears to be stripping out the value (XSS filtering is off): <a href="threetune/show"><img src="assets/images/cookie.jpg" /></a> The threetune/show part is not to be seen and I only see an empty href value like this <a href=""><img src="assets/images/cookie.jpg" /></a> Can anyone possibly see anything wrong that I may have done, some kind of Mediatemple server limitation or PHP.ini flag that needs to be set? Thank you and I hope I was descriptive enough.

    Read the article

  • Best pratice: How do I implement a list that can be rendered both server-side and client-side?

    - by André Pena
    Technologies involved: ASP.NET Web-forms Javascript (jQuery for instance) Case To make it clearer let's give the Stackoverflow authors list as an example. This list can be manipulated at client-side. I can search, page and so forth. So obviously we would need to call jQuery.ajax to retrieve the HTML of each page given a search. Alright. Now this leaves me with the first question: What is the best way to render the response for the jQuery.ajax at server-side? I can't use templates I suppose, so the most obvious solution I think is to create the HTML tags as server-controls and render them as the result of an ASHX request? Is this is best approach? Nice. That solved we have yet another problem: When the user first enters the Authors List the first list page should already come from the server completely rendered alright? Of course we could render the first page as well as an ajax call but I don't think it's better. This time I CAN use templates to render the list but this template couldn't be reused in case 1. What do I do? Now the final question: Now we have 2 rendering strategies: 1) Client and 2) Server. How do I reuse code for the 2 renderings? What are the best pratices for solving these problems?

    Read the article

  • Best pratice: How do I implement a list similar to Stackoverflow's Users List?

    - by André Pena
    Technologies involved: ASP.NET Web-forms Javascript (jQuery for instance) Case To make it clearer let's give the Stackoverflow Users list as an example. This list can be manipulated at client-side. I can search, page and so forth. So obviously we would need to call jQuery.ajax to retrieve the HTML of each page given a search. Alright. Now this leaves me with the first question: What is the best way to render the response for the jQuery.ajax at server-side? I can't use templates I suppose, so the most obvious solution I think is to create the HTML tags as server-controls and render them as the result of an ASHX request? Is this is best approach? Nice. That solved we have yet another problem: When the user first enters the Authors List the first list page should already come from the server completely rendered alright? Of course we could render the first page as well as an ajax call but I don't think it's better. This time I CAN use templates to render the list but this template couldn't be reused in case 1. What do I do? Now the final question: Now we have 2 rendering strategies: 1) Client and 2) Server. How do I reuse code for the 2 renderings? What are the best pratices for solving these problems?

    Read the article

  • Java HttpURLConnection bekommt keine cookies

    - by TeNNoX
    ich versuche über eine HttpURLConnection einen Login auf einer Webseite durchzuführen, und davon dann die cookies zu erhalten... Bei meinen Testseiten auf einem eigenen Server geht es problemlos, ich sende "a=3&b=5" und als cookie erhalte ich "8", also die Summe. Wenn ich dies allerdings auf der gewollten Seite anwende, kommt einfach nur die Seite, als ob ich gar nichts per POST gesendet hätte... :( Generelle Verbesserungsvorschläge sind auch erwünscht! :) Mein Code: HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection(); conn.setDoInput(true); conn.setDoOutput(true); conn.setRequestMethod("POST"); conn.setRequestProperty("useragent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0"); conn.setRequestProperty("Connection", "keep-alive"); DataOutputStream out = new DataOutputStream(conn.getOutputStream()); out.writeBytes("USER=tennox&PASS=*****"); out.close(); BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; String response = new String(); while ((line = in.readLine()) != null) { response = response + line + "\n"; } in.close(); System.out.println("headers:"); int i = 0; String header; while ((header = conn.getHeaderField(i)) != null) { String key = conn.getHeaderFieldKey(i); System.out.println(((key == null) ? "" : key + ": ") + header); i++; } String cookies = conn.getHeaderField("Set-Cookie"); System.out.println("\nCookies: \"" + cookies + "\"");

    Read the article

  • Making HTTP POST request

    - by infrared
    I'm trying to make a POST request to retrieve information about a book. Here is the code that returns HTTP code: 302, Moved import httplib, urllib params = urllib.urlencode({ 'isbn' : '9780131185838', 'catalogId' : '10001', 'schoolStoreId' : '15828', 'search' : 'Search' }) headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"} conn = httplib.HTTPConnection("bkstr.com:80") conn.request("POST", "/webapp/wcs/stores/servlet/BuybackSearch", params, headers) response = conn.getresponse() print response.status, response.reason data = response.read() conn.close() When I try from a browser, from this page: http://www.bkstr.com/webapp/wcs/stores/servlet/BuybackMaterialsView?langId=-1&catalogId=10001&storeId=10051&schoolStoreId=15828 , it works. What am I missing in my code? Thanks EDIT: Here's what I get when I call print response.msg 302 Moved Date: Tue, 07 Sep 2010 16:54:29 GMT Vary: Host,Accept-Encoding,User-Agent Location: http://www.bkstr.com/webapp/wcs/stores/servlet/BuybackSearch X-UA-Compatible: IE=EmulateIE7 Content-Length: 0 Content-Type: text/plain; charset=utf-8 Seems that the location points to the same url I'm trying to access in the first place? EDIT2: I've tried using urllib2 as suggested here. Here is the code: import urllib, urllib2 url = 'http://www.bkstr.com/webapp/wcs/stores/servlet/BuybackSearch' values = {'isbn' : '9780131185838', 'catalogId' : '10001', 'schoolStoreId' : '15828', 'search' : 'Search' } data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) print response.geturl() print response.info() the_page = response.read() print the_page And here is the output: http://www.bkstr.com/webapp/wcs/stores/servlet/BuybackSearch Date: Tue, 07 Sep 2010 16:58:35 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=0001REjqgX2axkzlR6SvIJlgJkt:1311s25dm; Path=/ Vary: Accept-Encoding,User-Agent X-UA-Compatible: IE=EmulateIE7 Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8 Content-Language: en-US Set-Cookie: TSde3575=225ec58bcb0fdddfad7332c2816f1f152224db2f71e1b0474c866f3b; Path=/

    Read the article

  • My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

    - by Cyril Gupta
    I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

    Read the article

  • How to log in to craigslist using c#

    - by kosikiza
    i m using the following code to log in to craigslist, but haven't succeeded yet. string formParams = string.Format("inputEmailHandle={0}&inputPassword={1}", "[email protected]", "removed"); //string postData = "[email protected]&inputPassword=removed"; string uri = "https://accounts.craigslist.org/"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.KeepAlive = true; request.ProtocolVersion = HttpVersion.Version10; request.Method = "POST"; byte[] postBytes = Encoding.ASCII.GetBytes(formParams); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = postBytes.Length; Stream requestStream = request.GetRequestStream(); requestStream.Write(postBytes, 0, postBytes.Length); requestStream.Close(); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); cookyHeader = response.Headers["Set-cookie"]; string pageSource; string getUrl = "https://post.craigslist.org/del"; WebRequest getRequest = WebRequest.Create(getUrl); getRequest.Headers.Add("Cookie", cookyHeader); WebResponse getResponse = getRequest.GetResponse(); using (StreamReader sr = new StreamReader(getResponse.GetResponseStream())) { pageSource = sr.ReadToEnd(); }

    Read the article

  • Enable cross app redirects

    - by Gogster
    Hi all, We have load balancing set up on out two web server, however, a few users are being asked to login when they are being re-directed to a particular server to upload a document (we are trying to keep all uploaded documents on one server only), here is the code from web.config: <authentication mode="Forms"> <forms name="EAAAuthCookie" loginUrl="/login" defaultUrl="/members/home" protection="All" path="/" timeout="60000" slidingExpiration="true" enableCrossAppRedirects="true" /> </authentication> <machineKey decryption="AES" validation="SHA1" decryptionKey="7B4EC5B0C83631DF25D5B179EDDBF91B1C175B81C6F52102267D3D097FBF272A" validationKey="7D1F50788629CC342EE4985D85DE3D14F10654695912C0FFD439F54BED64F76A57A2D5E8180BC6FF052E0385C30558F5527D6C197C577A7F32DD8FF1CAC9F794" /> Here is the transfer code to the upload form: $('#addReport').click(function() { if ($.cookie('TransferURL') != '') { $("#iframeUploadReport").attr('src', $.cookie('TransferURL')); }; $('#overlay').fadeIn('slow'); }); <script type="text/C#" runat="server"> void Page_Load() { string cookieName = FormsAuthentication.FormsCookieName; string userName = Request.Cookies["HiddenUsername"].ToString(); string cookieValue = FormsAuthentication.GetAuthCookie(userName, false).Value; Response.Cookies["TransferURL"].Value = "http://eaa.cms.necinteractive.net/members/media-upload" + String.Format("?{0}={1}", cookieName, cookieValue); } </script> <iframe id="iframeUploadReport" src="http://eaa.cms.necinteractive.net/members/media-upload" width="500px" height="336px" frameborder="0" scrolling="no"></iframe> Can you see any obvious step we are missing? Thanks

    Read the article

  • a facebook app question

    - by Robert
    I have written a small app and put it on facebook. I got an application ID and secret. Then I wrote the following script to access my app (just as told on the facebook page). <?php require './src/facebook.php'; $facebook = new Facebook(array( 'appId' => 'xxxx', 'secret' => 'xxxx', 'cookie' => true, // enable optional cookie support )); try { $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } if ($facebook->getSession()) { echo '<a href="' . $facebook->getLogoutUrl() . '">Logout</a>'; } else { echo '<a href="' . $facebook->getLoginUrl() . '">Login</a>'; } ?> Then I started running this script. It prompted me with the login link, then took me to the facebook login page. However, after I enter my facebook login details, I get this error page: Error. API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. Could anyone help me a little bit please, I am really confused here about what's going on.

    Read the article

  • Understanding CSRF - Simple Question

    - by byronh
    I know this might make me seem like an idiot, I've read everything there is to read about CSRF and I still don't understand how using a 'challenge token' would add any sort of prevention. Please help me clarify the basic concept, none of the articles and posts here on SO I read seemed to really explicitly state what value you're comparing with what. From OWASP: In general, developers need only generate this token once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires. If I understand the process correctly, this is what happens. I log in at http://example.com and a session/cookie is created containing this random token. Then, every form includes a hidden input also containing this random value from the session which is compared with the session/cookie upon form submission. But what does that accomplish? Aren't you just taking session data, putting it in the page, and then comparing it with the exact same session data? Seems like circular reasoning. These articles keep talking about following the "same-origin policy" but that makes no sense, because all CSRF attacks ARE of the same origin as the user, just tricking the user into doing actions he/she didn't intend. Is there any alternative other than appending the token to every single URL as a query string? Seems very ugly and impractical, and makes bookmarking harder for the user.

    Read the article

  • What are the security implications of making a clientaccesspolicy proxy workaround?

    - by Edward Tanguay
    I wanted to use a published GoogleDocs document as the datasource of a Silverlight application but ran into clientaccesspolicy issues. I read many articles like this and this about how difficult it is to get around the clientaccesspolicy issue. So I wrote this 15-line CURL script and put it on my PHP site and now I can get the text of any GoogleDocs document and any text from any URL into my Silverlight application: <?php $url = filter_input(INPUT_GET, 'url',FILTER_SANITIZE_STRING); $user_agent = 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)'; $ch = curl_init(); curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie"); curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie"); curl_setopt($ch, CURLOPT_URL, $url ); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); // Fail on errors curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); curl_setopt($ch, CURLOPT_VERBOSE, 0); echo curl_exec($ch); ?> So it makes me wonder: Why is there so much discussion about whether or not URLs support clientaccesspolicy or not, since you just have to write a simple proxy script and get the information through it? Why aren't there services, e.g. like the URL shortening services, which supply this functionality? What are the security implications of having a script like this?

    Read the article

  • how to clear jqgrid when i click button in asp.net mvc

    - by sandeep
    hi ,i am new to jqgrid , i'm placing the code what i did .my question is that when i click html button i need to refresh the grid value with new values?how i pass paramateres to controller? thanks in advance jQuery(document).ready(function() { $("#btnSearch").click(function() { jqGridContainer.dir. var StateId = document.getElementById('StateId').value; var CityId = document.getElementById('CityId').value; var HName = document.getElementById('HospitalName').value; alert(CityId); alert(StateId); alert(HName); if (StateId 0 && CityId == '' && HName == '') { CityId = 0; HName = 'Default'.toString(); alert("elseif0" + HName.toString()); } else if (CityId 0 && StateId == '') { alert("elseif1"); alert("Please Select State..") } else if (CityId 0 && StateId 0 && HName == '') { alert("elseif2"); alert(CityId); alert(StateId); HName = "Default"; } else { alert("else"); StateId = 0; CityId = 0; HName = "Default"; } // $("#Submit1").click(function() { // //{ function gridReload() { // //var customer = $(this).val(); // $('#list').setGridParam({ url: '/Claim/DynamicGridData/?StateId=' + StateId + '&CityId=' + CityId + '&hospname=' + HName, page: 1 // }).trigger("reloadGrid"); // Submit1.trigger("reloadGrid"); jQuery("#list").jqGrid({ url: '/Claim/DynamicGridData/?StateId=' + StateId + '&CityId=' + CityId + '&hospname=' + HName, datatype: 'json', mtype: 'GET', colNames: ['Id', 'HospitalName', 'Address', 'City', 'District', 'FaxNumber', 'PhoneNumber'], colModel: [{ name: 'HospitalId', index: 'HospitalId', width: 40, align: 'left' }, { name: 'HospitalName', index: 'HospitalName', width: 40, align: 'left' }, { name: 'Address1', Address: 'Address1', width: 300 }, { name: 'CityName', index: 'CityName', width: 100 }, { name: 'DistName', index: 'DistName', width: 100 }, { name: 'FaxNo', index: 'FaxNo', width: 100 }, { name: 'ContactNo1', index: 'PhoneNumber', width: 100 } ], jsonReader: { repeatitems: true, id: "0" }, pager: jQuery('#pager'), rowNum: 10, rowList: [5, 10, 20, 50], // sortname: 'Id,', sortname: '1', sortorder: "asc", viewrecords: true, //multiselect: true, //multikey: "ctrlKey", imgpath: '/scripts/themes/coffee/images', caption: 'Hospital Search', width: 700, height: 250 }); }); });

    Read the article

  • parameter error in my Facebook app

    - by Robert
    I have written a small app and put it on facebook. I got an application ID and secret. Then I wrote the following script to access my app (just as told on the facebook page). <?php require './src/facebook.php'; $facebook = new Facebook(array( 'appId' => 'xxxx', 'secret' => 'xxxx', 'cookie' => true, // enable optional cookie support )); try { $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } if ($facebook->getSession()) { echo '<a href="' . $facebook->getLogoutUrl() . '">Logout</a>'; } else { echo '<a href="' . $facebook->getLoginUrl() . '">Login</a>'; } ?> Then I started running this script. It prompted me with the login link, then took me to the facebook login page. However, after I enter my facebook login details, I get this error page: Error. API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. Could anyone help me a little bit please, I am really confused here about what's going on.

    Read the article

  • how to login to criaglist through c#

    - by kosikiza
    i m using the following code to login to criaglist, but hav't successsed yet. string formParams = string.Format("inputEmailHandle={0}&inputPassword={1}", "[email protected]", "pakistan01"); //string postData = "[email protected]&inputPassword=pakistan01"; string uri = "https://accounts.craigslist.org/"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.KeepAlive = true; request.ProtocolVersion = HttpVersion.Version10; request.Method = "POST"; byte[] postBytes = Encoding.ASCII.GetBytes(formParams); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = postBytes.Length; Stream requestStream = request.GetRequestStream(); requestStream.Write(postBytes, 0, postBytes.Length); requestStream.Close(); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); cookyHeader = response.Headers["Set-cookie"]; string pageSource; string getUrl = "https://post.craigslist.org/del"; WebRequest getRequest = WebRequest.Create(getUrl); getRequest.Headers.Add("Cookie", cookyHeader); WebResponse getResponse = getRequest.GetResponse(); using (StreamReader sr = new StreamReader(getResponse.GetResponseStream())) { pageSource = sr.ReadToEnd(); }

    Read the article

  • Facebook SDK Comment Deleting

    - by mwoodworth
    Working with the Facebook php SDK's, I am having a lot of trouble figuring out how to delete comments, given its id and xid. At first I was using the REST API, where you can call 'comments_remove($xid, $id);' to delete a comment. The problem with this method came when the xid parameter only accepts alphanumeric characters and underscores. Based on the documentation (http://developers.facebook.com/docs/reference/fbml/comments ) a valid XID can be the result of any url_encode. Now I am testing my luck with the new GRAPH api. Looking at http://developers.facebook.com/docs/api under 'Deleting Objects', It seems that comment deleting is definitely supported. However, I have tried sending a DELETE request, and I have also tried sending POST and GET to the object url with the argument 'method=delete'. No matter how I try it, I always get the same error: {"error":{"type":"GraphMethodException","message":"Unsupported delete request."}} I am sending the access token as a parameter as well. The access token that I am sending is the access token saved in the facebook cookie from the single sign on javascript cookie. These are all comments made on my application. Does this happen to anyone else, or am I simply not doing this right? Any help or guidance is GREATLY appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 620 621 622 623 624 625 626 627 628 629 630 631  | Next Page >