The session tag has no wiki summary.
2
votes
0answers
26 views
How to handle a large amount of authenticated clients
I currently have made a multithreaded server in c++ for windows, where each connected client gets a thread to themselves which stays running until the client's socket is closed.
When a client ...
0
votes
1answer
44 views
Sessions in cloud applications dangerous?
We have a django app hosted on heroku. I had a situation:
A user entered an email in a form on page1. If the email existed in
the database he was redirected to Login page otherwise to register
...
0
votes
1answer
157 views
Knowing who is the user in every request (every action, every view, every time)
I have many model classes that are mapped from/to tables using EF. Two of them are User and UserCookie, which are stored in tables Users and UserCookies.
public class User
{
public long UserId { ...
0
votes
0answers
24 views
Session Management in distributable web-apps
I am working on a huge web application in which I need to add transparent failover feature. I understand the necessary steps to make a web application distributable, the most difficult thing being: to ...
0
votes
2answers
128 views
How does Facebook manage to allow a user unlimited sessions?
I could login through the website, android app, iOS app, the browsers on mobile, and when I log out from one, it doesn't log me out of all of them. Traditionally, you would log out of all the services ...
0
votes
0answers
41 views
When are request headers read by ASP.NET code
I've got an issue with my MVC 4 website where iOS Safari is automatically sending the DNT header with the first request to the site. Here's my question on StackOverflow. Even though the iPhone has the ...
15
votes
4answers
3k views
Why can't we use IP address instead of cookies in identifying the client in servlets?
I know we have some extra advantages in using the cookies over IP address, but my question is Why can't the container just remember the IP address of the client in identifying the client when he visit ...
0
votes
1answer
29 views
How to update last accessed with Forms Authentication cookie
I've got an MVC 4 site where I'm using Forms Authentication. I'm setting a cookie when a user logs in. The majority of my site does NOT require a user to be logged in though.
What I'd like to do, ...
0
votes
0answers
47 views
How to validate information on server without using database or session
Each user has multiple sites they can access reporting data for in an application I am working on. To prevent having to go to the database on every single request, I validate that they have access to ...
-1
votes
1answer
71 views
What is the session about simplicity that Martin Odersky suggested during the “Scala with style” talk? [closed]
The video of Scala with style is here: http://parleys.com/play/51c1994ae4b0d38b54f4621b/chapter21/about
It's around 41:10 that he suggested another talk.
I can not hear the name of speaker or the ...
3
votes
4answers
411 views
How to store Role Based Access rights in web application?
Currently working on a web based CRM type system that deals with various Modules such as Companies, Contacts, Projects, Sub Projects, etc. A typical CRM type system (asp.net web form, C#, SQL Server ...
0
votes
0answers
50 views
How does session middleware generally verify browser sessions?
I've been using session middleware to build web apps for years: from PHP's built-in session handling layer to node's connect session middleware. However, I've never tried (or needed) to roll my own ...
0
votes
0answers
45 views
How to implement proper identification and session managent on json post requests?
I have some minor messaging connection to server from website via json requests. I have single endpoint which distributes requests according to identification data. I am using asynchronous server and ...
1
vote
1answer
110 views
Session serialization in JavaEE environment
Please consider the following scenario:
We are working on a JavaEE project for which the scalability starts to become an issue. Up until now, we were able to scale up but this is no longer an option. ...
1
vote
0answers
133 views
How to authenticate user on php and Node.js
I´m currently developing a little chat page. The main page and user management is written in php and also all the authentication stuff with sessions.
Now I´m planning to run the messaging stuff on a ...
1
vote
1answer
325 views
Storing session in a static variable?
I'm currently checking a older piece of C# code used to maintain a login session.
public static ZRWebserviceSession CurrentSession { get { return _currSession; } set { _currSession = value; } }
...
0
votes
2answers
210 views
How can I handle Bots in a site that creates a database item every page
I have an eCommerce platform that creates a basket as soon as the user lands on the site if they don't already have one (from session or cookies). It then stores the basket information in session and ...
1
vote
1answer
149 views
Session states in ajax callback
Someone told me Session or HttpContext.Current.User will return different value when we are working with ajax postback, in case of when the are so many user are live to site.
For example, suppose ...
0
votes
1answer
274 views
HTTP Session: A single object or multiple?
I tested two approaches to store session data:
The classic: 1 key, 1 object (And every key as static final String in a class)
"user" --> UserObject
"preferences" --> List
...
An ...
0
votes
1answer
147 views
Should I save a simple list cookie in Javascript or PHP?
I am currently making a simple list tool. You can click a checkbox to mark it as done and if you navigate away from the page/close the browser and reload, it will still be saved. So it's pretty much ...
0
votes
1answer
151 views
Why can python webapps keep sessions between restart and not java?
I've used both webapp2 + GAE for python and a number of Java/JEE webapp frameworks. The python WSGI framework could keep users logged in while I redeploy the app while none of the Java web framework ...
2
votes
2answers
234 views
J2EE - Session swap
Application server - JBoss AS 7.1.1
JDK6
J2EE 1.3
My web application is more than 10 years old and facing this session swap problem in my portal. Noticed
that swap happens mostly when many ...
4
votes
2answers
245 views
Session management in a Service Oriented Architecture
Where should you manage a users session in a SOA? Should you manage it in the Web Service or in the client and why?
My application is SPA
(Considering that this will be the stacked that will be used
...
3
votes
1answer
571 views
Best practices for using HTTP sessions(Java)
My Question is not about how to use HTTP session or how values are being used in session. Question is more oriented about approach.
In my current application there are few values being stored in the ...
2
votes
1answer
112 views
anonymous checkout
Working on a E-commerce solution where I need to handle checkout based on anonymous customer and as of now I am not able to think properly how best this can be implemented.
Our ShoppingCart is being ...
0
votes
2answers
182 views
How deterministic are SessionIDs from SHA'd GUIDs?
Assume I'm using the following code to generate pseudo-random sessionID's:
sessionID = SHA-512(GENERATE-GUID())
The GUIDs are pretty deterministic, i.e. I see lots of GUIDs with a lot of the same ...
1
vote
1answer
174 views
How to test issues in a local development environment that can only be introduced by clustering in production?
We recently clustered an application, and it came to light that because of how we're doing SSL offloading via the load balancer in production it didn't work right. I had to mimic this functionality on ...
3
votes
1answer
7k views
Session in RESTful web services, how it works?
In a web services, how does the server know which request belongs to which session?
I know that for a web application, the web server inspects the cookie (or the sessonId query parameter in case ...
0
votes
1answer
507 views
RequestContextHolder.currentRequestAttributes() and accessing HTTP Session
Need to access HTTP session for fetching as well storing some information.I am using Spring-MVC for my application and i have 2 options here.
User Request/ Session in my Controller method and do my ...
1
vote
2answers
2k views
Storing large data in HTTP Session (Java Application)
I am asking this question in continuation with http-session-or-database-approach.
I am planning to follow this approach.
When user add product to cart, create a Cart Model, add items to cart and ...
0
votes
0answers
34 views
Collecting and sweeping of session-dependent uploads
I develop a Java web application with an upload-feature. The upload is devided into two parts:
During a user-session the user can upload files at any time while navigating through the whole site.
...
1
vote
1answer
79 views
session persisting problem after system restart
Is there a way to prevent session id restore on startup/restart of user's system?
We are using a asp.net app and I am able to login and access the site. For the first time session id is created and ...
1
vote
1answer
251 views
User Authentication & Session Management
One of the fundamental ways of handling user login authentication & session management is by storing variables in Session space plus setting some data in cookies on client computer while sometimes ...
4
votes
1answer
359 views
Controlling cookies with many tabs
I have a peculiar problem. My application has different levels of authentication. One specific level of user (super user) needs to be able to use the application as another user (subordinate user) ...
1
vote
1answer
611 views
How to implement session state in a backend web application?
When using a non-MVC service-oriented/Interactor pattern approach to decoupled system architecture, how is session state implemented?
I've been thinking of building the frontend of an application ...
8
votes
6answers
3k views
HTTP Session or Database approach
I am confused a little as what should be my approach, Working on a design of shopping cart and i need to store shopping cart either in session or in database but not sure which approach would be ...
0
votes
4answers
200 views
How to avoid repetitively logging in to web site?
While developing web sites it can be annoying that I have to login to the site.
Every time the session runs out I have to go through a flow like...
Open logon page -> enter username/password -> click ...
1
vote
0answers
579 views
Connecting with OAuth, dealing with logout and browser sessions
I work on a open-source web application (Moodle) which connects to a number of external services such as Google Drive, Dropbox etc. to allow users to exchange files with these services.
Primarily we ...
3
votes
4answers
2k views
User session timeout handling in SaaS apps - discussing several approaches
I know this has a great chance of being marked as duplicate, but couldn't find exactly what I'm looking for
This is a common problem and I'm sure it has some well defined best practice solution
...
-1
votes
2answers
196 views
should F12's request headers show session id as cookie?
I'm trying to educate myself on potential web attacks. I just found a site (which will rename anonymous) where it shows me what looks to be like the php session id inside the cookies section of the ...
4
votes
4answers
5k views
Why can't WARs share session info?
I have seen several developers looking for a solution for this problem: accessing session information from a different WAR (even when inside the same EAR) - here are some samples: Any way to share ...
3
votes
1answer
1k views
Understanding HTTP Cookies in Indy 10 for Delphi XE2
I have been working with Indy 10 HTTP Servers / Clients lately in Delphi XE2, and I need to make sure I'm understanding session management correctly. In the server, I have a "bucket" of sessions, ...
3
votes
2answers
754 views
Are session aware Models a bad thing?
I'm thinking specifically in Rails here, but I suspect this is a wider question.
In a Rails web application I'm using data from the session in models in order that the models know who is logged in. I ...
2
votes
2answers
152 views
Results stored in a session - good idea?
To give a bit of background, lets say it's a generic results page, which is paginated so there are X results per page.
Generally to do this, I have two queries on the page:
to get the total number ...
6
votes
6answers
7k views
What is the most reliable session storage in PHP: Memcache, database or files?
What is the best and most safest way to handle PHP sessions. Is the best way to store sessions in:
Database (more reliable, but high bottleneck, slow speed, not good for high database usage ...
1
vote
4answers
349 views
Is restricting sessions to an absolute IP likely to have a wide impact on mobile networks?
Our website currently restricts a cookie-based session to the IP address that was originally sent the Set-Cookie HTTP header. In the past a user's IP would rarely change, so this didn't present much ...
1
vote
2answers
1k views
What are the best practices to use NHiberante sessions in asp.net (mvc/web api) ?
I have the following setup in my project:
public class WebApiApplication : System.Web.HttpApplication
{
public static ISessionFactory SessionFactory { get; private set; }
public ...
15
votes
1answer
870 views
Why do popular websites store very complicated session-related data in cookies — and what does it all mean?
As web developers, we all learn that sessions help overcome the problems related to the stateless nature of HTTP. We create a unique session id, and send it to the browser -- and when the browser ...
1
vote
3answers
889 views
Alternatives to using cookies?
Whate are alternatives to using cookies/client-side storage for a PHP/MySQL based site on Apache.
Scenario/Requirements:
I want to try using some anti-bot code to prevent specific scrapers etc. ...
6
votes
2answers
489 views
Session size management
From what I know, the session information is usually saved on the server.
In Java the data is handled as a Map which I guess contains the a String identifier and an object reference which points to a ...
