Is restricting sessions to an absolute IP likely to have a wide impact on mobile networks?
Our website currently restricts a cookie-based session to the IP address that was originally sent the Set-Cookie HTTP header. In the past a user’s IP would rarely change, so this didn’t present much inconvenience. However, some of our clients accessing via 3G devices are experiencing session failures due to this IP restriction.
What is the most reliable session storage in PHP: Memcache, database or files? [closed]
Closed 9 years ago.
Results stored in a session – good idea?
To give a bit of background, lets say it’s a generic results page, which is paginated so there are X results per page.
Are session aware Models a bad thing?
I’m thinking specifically in Rails here, but I suspect this is a wider question.
Understanding HTTP Cookies in Indy 10 for Delphi XE2
I have been working with Indy 10 HTTP Servers / Clients lately in Delphi XE2, and I need to make sure I’m understanding session management correctly. In the server, I have a “bucket” of sessions, which is a list of objects which each represent a unique session. I don’t use username and password to authenticate users, but I rather use a unique API key which is issued to a client, and has an expiration.
Why can’t WARs share session info?
I have seen several developers looking for a solution for this problem: accessing session information from a different WAR (even when inside the same EAR) – here are some samples: Any way to share session state between different applications in tomcat?, Access session of another web application, different WAR files, shared resources, Tomcat: How to share data between two applications?, What does the crossContext attribute do in Tomcat? Does it enable session sharing? and so on…
should F12’s request headers show session id as cookie?
I’m trying to educate myself on potential web attacks. I just found a site (which will rename anonymous) where it shows me what looks to be like the php session id inside the cookies section of the request header.
My immediate reaction was “wow, that’s bad”… but then i couldn’t really come up with a scenario as to how someone could use this to mess up the site.
But maybe its because I’m a newbie to this stuff.
But assuming that I got someone else’s session id… I’d have to hack the site with their session id before it expires right?
User session timeout handling in SaaS apps – discussing several approaches
I know this has a great chance of being marked as duplicate, but couldn’t find exactly what I’m looking for
Connecting with OAuth, dealing with logout and browser sessions
I work on a open-source web application (Moodle) which connects to a number of external services such as Google Drive, Dropbox etc. to allow users to exchange files with these services.
How to avoid repetitively logging in to web site?
While developing web sites it can be annoying that I have to login to the site.
Every time the session runs out I have to go through a flow like…
Open logon page -> enter username/password -> click link to navigate to my page.