Authentication cookie "X-SMP-SESSID"

Hi,
I would like to know where is the authentication cookie "X-SMP-SESSID" saved.
I am sending request through SMP server, where the user is authorized against LDAP.
Once the request is authorized (using user credentials) my application received the authentication cookie "X-SMP-SESSID" which is used for other communication/requests.
I am using RequestManager for sendind requests (http://help.sap.com/saphelp_smp304sdk/helpdata/en/7c/0af96670061014918bdb57db036f71/content.htm) and I would like to know:
where is this cookie stored?
can I delete it somehow?
has the cookie any expiration and if yes can I set it and if yes where?
Thank you for any information about this cookie,
Jan Gold

Where did you find that cookie values were required with SMP 3.0 SP03? If you know about any documentation material please specify the source.
Check this thread:
SMP 3.0: 403 Forbidden status code in POST method
While working on SP04, i didnt pass any returned cookies value for making POST, PUT, delete request and it worked for me.
Maybe Marvin Hoffmann , Bjoern Woppmann can share more points on this.
Regards,
JK

Similar Messages

  • Save only authentication cookies and preferences in profile

    Is there a way to save only authentication cookies and browser/addon preferences by the end of a session?

    To help other users find solutions, please return to this Thread and '''Sign-in''' to the
    forum with your Username and Password:
    click on '''"Solved It"''' Next to the reply ABOVE that '''BEST''' solved your Question
    '''DO NOT click "Solved It" next to this reply

  • Server authentications & cookie value

    Dear All,
    I am having a doubt with the cookies. I am sending my username and password to the domino server and trying to get the cookie...it is authenticating the user and redirecting me to the necessary home page....but it is not sending me the cookie, which i am requesting from my code.......
    pl. suggest me whether i have to do any changes in my dominoserver whether i have to change the way of retrieving my cookie...
    My code to get authenticated and retrieve my cookies:
    import java.io.*;
    import java.net.*;
    public class authen
    public static void main(String args[]) throws Exception
    String cookie = "";
    try
    URL theurl = new URL("http://192.168.10.55:8001/names.nsf?login&username=sakthivel&password=12345";);
    HttpURLConnection hurl = (HttpURLConnection)(theurl.openConnection());
    hurl.setFollowRedirects(false);
    hurl.connect();
    int ic=0;
    String key="";
    while (ic<=10)
    key = hurl.getHeaderFieldKey (ic);
    if(ic<=10)
    String value = hurl.getHeaderField (ic++);
    System.out.println(key + " - " + value);
    cookie = hurl.getHeaderField ("Set-Cookie");
    System.out.println("cookie is - " + cookie);
    hurl.disconnect();
    catch(Exception exp)
    exp.printStackTrace();
    The outputs printed for this is:
    null - HTTP/1.1 200 OK
    Server - Lotus-Domino/0
    Date - Tue, 04 Jun 2002 01:07:17 GMT
    Connection - close
    Content-Base - http://192.168.10.55:8001/homepage.nsf?Open
    Content-Type - text/html; charset=ISO-8859-1
    Content-Length - 2300
    Expires - Tue, 01 Jan 1980 06:00:00 GMT
    Cache-control - no-cache
    null - null
    null - null
    cookie is - null

    Dear PAL,
              yea, i found it...the thing is "setFollowRedirects(false)" doesn't work for the java1.3.(the said method will only work with java1.2). so we have to use the "HttpURLConnection.setFollowRedirects(false);" before opening the httpurl itself...now it is giving the cookies as expected....I am very happy that, in future people won't feel this pain of finding, this said bug with java1.3.
    fine...
    but now the problem is "I cant able to find my servlet program(in the domino server), getting executed....hope the way, i call my servlet file from my client machine(after getting authenticated) is correct...."
    This is my java program:
    import java.io.*;
    import java.net.*;
    public class authen
         public static void main(String args[]) throws Exception
         String cookie = "";
         try
         URL theurl = new URL("http://192.168.10.55:8001/names.nsf?login&username=sakthivel&password=12345");
         HttpURLConnection.setFollowRedirects(false);
         HttpURLConnection hurl = (HttpURLConnection)(theurl.openConnection());
         hurl.connect();
         int ic=0;
         String key="";
         while (ic<=10)
         key = hurl.getHeaderFieldKey (ic);
              if(ic<=10)
              String value = hurl.getHeaderField (ic++);
              System.out.println(key + " - " + value);
         cookie = hurl.getHeaderField ("set-cookie");
         System.out.println("cookie is - " + cookie);
         hurl.disconnect();
         catch(Exception exp)
         exp.printStackTrace();
         try
              HttpURLConnection.setFollowRedirects(true);
              URL serverURL = new URL("http://192.168.10.55:8001/servlet/testing");
              HttpURLConnection urlconnection= (HttpURLConnection)serverURL.openConnection();
              urlconnection.setRequestProperty("set-cookie",cookie);
              urlconnection.setRequestMethod("POST");
              urlconnection.setDoOutput(true);
              urlconnection.setDoInput(true);
              urlconnection.setUseCaches(false);
              urlconnection.setDefaultUseCaches(false);
              urlconnection.setAllowUserInteraction(true);
              urlconnection.setRequestProperty("Accept-Language","en-us");
              urlconnection.setRequestProperty("Content-type","application/x-www-form-urlencoded");
              urlconnection.setRequestProperty("User-Agent"," Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)");
              urlconnection.setRequestProperty("Connection", "Keep-Alive");
              urlconnection.connect();
         catch (Exception e)
              e.printStackTrace();
    The output for the above program:
    null - HTTP/1.1 302 Found
    Server - Lotus-Domino/0
    Date - Tue, 11 Jun 2002 08:26:01 GMT
    Location - http://192.168.10.55:8001/
    Connection - close
    Content-Type - text/html
    Set-Cookie - DomAuthSessId=0E256929C558C1E725264E4A25F94FF8; path=/
    null - null
    null - null
    null - null
    null - null
    cookie is - DomAuthSessId=0E256929C558C1E725264E4A25F94FF8; path=/
    P.S: The problem is : the servlet is not getting executed....is there anything wrong with the way of sending my cookie, while calling the servlet file(in the domino server)...

  • Simple Authentication with SMP 10.1 and FMS 3.5

    Good day all,
    I am looking to add simple authentication to the SMP player for use with FMS 3.5. I recently came across a technical paper published by Adobe titled, "Video content protection measures enabled by Adobe Flash Media Interactive Server 3.5". Within this document are three examples of user authentication with code samples. I am starting with the "simple" client verification using a unique token authentication key method first.
    I've noticed that SMP doesn't have any FMS security mechanisms built-in at least that I've been able to identify in the documentation or feature specs. Did I miss something? I am looking for assistance in getting started with adding this feature to SMP. So my question is where could I add the client side Actionscript within the SMP structure?
    I'd very much like to hear about others' experiences with adding security mechanisms to SMP used with FMS.
    Thank you.

    Andrian - Thank you for the quick reply. I'm gald SMP has support for the playback of protected content. Is there more documentation than this demo on this topic?
    I'll explain what I'm doing. I am implementing SMP as the default video player application used in online courses at the Savannah College of Art and Design. Identifying the player and implementing its use in our production workflow is the first step in a strategy to deliver a better video experience and leverage the scalibility and flexibility of SMP. On the back end integration with our FMS I have been asked to implement some user authentication. We don't need to re-auth the students as they have already been authenticated through our LMS. What is desired is each player instance authenticates with our server to prevent stream ripping.
    The simple user token authentication key example from the linked document seems to best suit this intial need.

  • Two Factor Authentication How to Preserve Cookies?

    So, I am starting to set up Two Factor Authentication for various logins that I have. As a normal practice, whenever I close any browser I delete all cookies, and when shutting down my computer I do a Norton scan for cookies and delete them. The problem is that this deletes my two factor authentication cookies which I need. I tried setting up an exception, but the cookies get deleted anyway. How do I set this up to work, ie protect specific cookies from deletion?
    In Internet Explorer this is extremely easy to do. All you do is put a checkmark next to "Preserve Favorites Website Data".....Done. The equivalent in Firefox you would think is "Site Preferences", but that does not work the same as in IE and the cookies are deleted.

    Let all cookies expire when Firefox is closed to make them session cookies.
    *Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Keep until: "I close Firefox"
    Create a cookie 'allow' exception for cookies that you would like to keep.
    *Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Exceptions
    Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.
    Clearing cookies will remove all specified (selected) cookies including cookies with an allow exception that you would like to keep.
    See also:
    *http://kb.mozillazine.org/browser.sessionstore.privacy_level

  • InfoPath 2010 does not work in claims authentication mode on SharePoint 2010

    Hi everyone,
    I created an Infopath 2010 Forms published on a Claims-based authentication site collection. This form has an external datasource plugged on the
    _vti_bin/UserProfileService.asmx webservice (within the same site collection). This datasource is queried when the form opens. When I check this form with Infopath designer preview, everything works fine.
    But once this forms is published, an error "Error while trying to contact Web Service" occured when opening a new form.
    Here ere an extract of the logs:
    The following query failed: GetUserProfileByName (User: DOMAIN\username, Form Name: library, IP: , Connection Target: , Request: http://server/_layouts/FormServer.aspx?xsnLocation=http://server/library/forms/template.xsn?DefaultItemOpen=1&Source=http://server/page.aspx, Form ID: urn:schemas-microsoft-com:office:infopath:library:-myXSD-2010-01-12T23-08-28 Type: DataAdapterException, Exception Message: The remote server returned an error: (500) Internal Server Error.
    Server was unable to process request. ---> Attempted to perform an unauthorized operation.
    The remote server returned an error: (500) Internal Server Error.)
    Here is an extract of my IIS log:
    2010-11-25 13:45:30 fe80::b9ab:23d9:ff9e:bb23%11 POST /_vti_bin/userprofileservice.asmx - 50000 - fe80::b9ab:23d9:ff9e:bb23%11 InfoPathDA 500 0 0 41
    Additionnaly, you have to know :
    If we set the web application authentication mode in "Classic mode", everything work fine
    As soon as we set "Claim mode authentication", we reproduce the issue and this even if we are using a Windows integrated  account or an external account (SQL Memberships, Claims/AD)
    We reproduce this issue in different SharePoint FARM.
    It seems that this issue is generic with "Claims mode authentication" and i'm not shure that other forum can help us.
    How can I make this WebService works for my form?
    Thanks in advance.
    Seb Nicot

    I am not sure but a Code Solution might work ... I assume InfoPath 2010 is not Claims-Based aware.
    I am on SP1 and June 2011 CU but still had no luck
    If you only need the current user’s login name, then in the “FormEvents_Loading” event, you can retrieve the current user name with a call to the “Application.User.LoginName” property.  Here is an example:
            public void FormEvents_Loading(object sender, LoadingEventArgs e)
                XPathNavigator codeUserNameXPN = this.CreateNavigator().SelectSingleNode(
                    "/my:myFields/my:CodeRetrievedUserName", this.NamespaceManager);
                codeUserNameXPN.SetValue(this.Application.User.LoginName);
    OR ----------------
            public void FormEvents_Loading(object sender, LoadingEventArgs e)
                //A place to write the results
                XPathNavigator codeUserNameXPN = this.CreateNavigator().SelectSingleNode(
                    "/my:myFields/my:CodeRetrievedUserName", this.NamespaceManager);
                //codeUserNameXPN.SetValue(this.Application.User.LoginName);
                try
                    //ThresholdAuthentication is the web service reference to the
                    //https://test:24575/_vti_bin/authentication.asmx web service
                    GetUserName.ThresholdAuthentication.Authentication authenticationWS =
                        new GetUserName.ThresholdAuthentication.Authentication();
                    //Call the web service's Login method and pass the username and password of a site
                    //administrator so we have rights to read all user profiles
                    authenticationWS.Url = "https://test:24575/_vti_bin/authentication.asmx";
                    authenticationWS.CookieContainer = new System.Net.CookieContainer();
                    GetUserName.ThresholdAuthentication.LoginResult result = authenticationWS.Login(
                        "Admin", "Pa$$w0rd");
                    if (result.ErrorCode == GetUserName.ThresholdAuthentication.LoginErrorCode.NoError)
                        //If we authenticated correctly, then set up a call to the user profile service
                        //ThresholdUserProfileService is the web service reference to the
                        //https://test:24575/_vti_bin/userprofileservice.asmx web service
                        GetUserName.ThresholdUserProfileService.UserProfileService userProfileWS =
                            new GetUserName.ThresholdUserProfileService.UserProfileService();
                        //Pass the authentication cookies we got back from the authentication web service
                        userProfileWS.Url = "https://test:24575/_vti_bin/userprofileservice.asmx";
                        userProfileWS.CookieContainer = authenticationWS.CookieContainer;
                        //Try to find the user profile information of the current
                        GetUserName.ThresholdUserProfileService.PropertyData[] resultData =
                            userProfileWS.GetUserProfileByName(this.Application.User.LoginName);
                        //Enumerate through the properties
                        foreach (GetUserName.ThresholdUserProfileService.PropertyData property in resultData)
                            //Pick out the "AccountName" property and display it
                            if (property.Name == "AccountName")
                                codeUserNameXPN.SetValue(property.Values[0].Value.ToString());
                    else
                        //If we failed to authenticate properly, display the reason why
                        codeUserNameXPN.SetValue(result.ErrorCode.ToString());
                catch (System.Exception ex)
                    //If an exception occurred, report it.
                    codeUserNameXPN.SetValue(ex.Message);
    Note that in order for this code to work, you will need to make your form template fully-trusted in the “Security” section of the “Form Options” dialog, and then publish your form template to SharePoint as an Administrator-Approved form
    template

  • Why are cookies not updated in the request when meta refresh is used?

    I've written a web site that uses IIS Forms Authentication. It's configured to use authentication tickets with a sliding expiration. FireFox allows the ticket to expire while it works fine with Internet Explorer.
    The web site uses a Keep Alive page that uses the meta refresh tag to periodically post back to the server to keep authenticated. This is done because some users have a need to use another web site that does not run in IIS and we don't want their authentication to time out while they are there.
    I used Fiddler to monitor the requests and responses and found that when IIS sends the updated cookie with the authentication ticket containing the revised expiration date, the cookie appears to be accepted by FireFox (according to CookieSafe as recorded in the error console Ctrl-shift-J). When the meta refresh occurs, the browser sends the original request with the obsolete cookie. This keeps occurring until the expiration time is up on the ticket. IIS keeps sending new cookies but they seem to be ignored. IE, on the other hand, accepts the cookie and you see it in the next request for the keep alive page.
    I figure it might be related to caching, but I think I disabled that and it still does it. I'm going to try adding a random code to the KeepAlive url but I can't see why that should matter. Why wouldn't FireFox send the cookies as the values are set? I'm hoping this can be fixed with a simple config change.

    I was able to figure out what the problem was. The initial authentication cookie had a blank cookie domain while the new cookies that IIS would try to reissue had a domain name. IE doesn't seem to care but FireFox did. FireFox should have logged an error but instead said it was accepted.
    My app works as it's supposed to now.

  • Need to login using a cookie

    Hello!!
    I´m developing a Sharepoint 2013 login form (Sharepoint 2013 application) and I need to check if a cookie generated in another Web app is present then login using information stored in this cookie (No critical info stored here). I know the cookie is generated
    but I can´t  read it from the sharepoint app. When I check if the cookie exists the cookie is null.
    Edit
    Right now, this application used to Log In is a Single Sign On app, it is used by multiple applications in the organization (Via an authentication coookie). What I need to do is that my Sharepoiint Login page calls this application which generates a cookie
    (not authentication coookie) its a normal cookie whith some information that will allow me to login and generate the security token via my membership provider in my sharepoint app. 
    Any additional steps or something I need to do for this to work?

    Hi,
    According to your description, my understanding is that you want to call the cookie which generated in Single Sign On app in your SharePoint login page.
    If your SharePoint app and the SharePoint single sign on app are in the same domain, you can set the cookie with a
    domain level asp.net authentication cookie using setAuthCookie
    and some web.config changes.
    Here is a code demo for your reference:
    Single Sign-on in ASP.NET and Other Platforms
    Thanks
    Best Regards
    Jerry Guo
    TechNet Community Support

  • RDP pre-authentication: what does it actually do?

    I'm trying to integrate Forefront TMG and RDS with SecurID authentication. I believe I'm very close to having it working, but I'm hitting a brick wall.
    I have "require pre-authentication" set, and "pre-authentication server name" configured, as indicated in so many forum posts and HOWTOs.
    No matter what I do, clients receive the error "authentication to the firewall failed due to missing firewall credentials." This is
    after they have already successfully authenticated and visited the /RDWeb pages.
    Using the TMG logs, procmon, and wireshark, I am 100% certain that no network activity is occurring from the RDP client when this error occurs; this error is being generated entirely on the client side, before it attempts to connect to anything. I understand
    that this is what is expected; it is checking for the existence of a cookie.
    But the cookie doesn't exist. Why? Because nothing is setting one. The only cookies the client receives during the entire process (logging in to rdweb and trying to launch an app) are the SecurID domain SSO cookie I set in TMG, and the persistent authentication
    cookie I also set in TMG. RDweb itself is not issuing any cookie at all.
    Can anyone please explain to me, what specific cookie is the RDP client looking for when "require pre-authentication" is enabled? And which component is meant to be setting it?
    Obviously I'd be very grateful if anyone can tell me "run this command and it will start working" or whatever, but I'm really hoping to gain an engineering-level understanding of how it's
    meant to work ;)

     
    Hi,
    Please double check the following article:
    Configuring Forefront Threat Management Gateway Integration with RD Gateway Step-by-Step Guide
    http://technet.microsoft.com/en-us/library/gg589607(v=ws.10).aspx
    On the Forefront TMG server apply the Filter ipv4.address==<your public IP>
    When client request of remote desktop is reaching to TMG server, please check if the TMG server is forwarding the packet to RDG server.
    Looking forward to your feedback.
    Regards,
    Dollar Wang
    Forum Support
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback
    here.
    Technology changes life……

  • FedAuth cookie not geneatred in SP2013 with SiteMinder as Trusted Identity Provider

    Hello,
    We have configured Site Minder (with SAML 1.1) as trusted identity provider in SP2013. We have mapped  Email Address as claim type. But we found in Fiddler that FedAuth cookie is not getting generated so users are not able to access the site and redirects
    to sign in page again.
    Any help provided here much appreciated.
    Thanks
    Shital

    Hi Shital,
    The default expiration time of the FedAuth cookie is 10 hours, you could change the expiration time of the FedAuth cookie per the link below:
    http://dotnetfollower.com/wordpress/2013/07/sharepoint-how-to-change-the-expiration-time-of-the-fedauth-cookie/ 
    Fiddler you will not be able to see these cookies as they are generated client side.
    http://blogs.msdn.com/b/mcsnoiwb/archive/2012/06/10/lost-authentication-cookies-in-sharepoint.aspx
    If you are using load balancing solution, don’t forget affinity:
    http://blogs.technet.com/b/speschka/archive/2011/10/28/make-sure-you-know-this-about-sharepoint-2010-claims-authentication-sticky-sessions-are-required.aspx
    For more information:
    http://fredericloud.com/2011/01/11/connecting-to-sharepoint-with-claims-authentication/
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Does webstart submit cookies in its requests for server resources?

    Our authentication system is cookie-based: after the user logs in from a browser, an authentication cookie is sent to the browser. This cookie must accompany every succeeding request to the server, or else access is denied. Browsers handle this automatically.
    A logged-in browser gets a .jnlp file, launches javaws. javaws fails on its first request, for the first .jar file named in the .jnlp file. Did javaws fail to submit the cookie that is in the browser's cookie store? Is there any way to get javaws to include this cookie in its http requests? If it doesn't, it can't get any of the resources it needs from the server.
    The new 1.5 documentation states that webstart and plugin provide automatic cookie support. But is this only for cookies exchanged between the launched applications and the server? Does/can javaws include cookies in its own server requests?

    But is this
    only for cookies exchanged between the launched
    applications and the server? no.
    Does/can javaws include
    cookies in its own server requests?yes.
    I was doing cookie management in our application before 1.5 Different users need to authenticate with the same application running. When we tried our app on 1.5 this feature stop working. There were two cookie values being put in the request. Mine and then Webstart's. Webstart in 1.5 installs its own CookieHandler. So I had to turn it off using the following code
      //remove the cookieHandler installed by JavaWebStart
      java.net.CookieHandler cookieHandler = java.net.CookieHandler.getDefault();
      if (cookieHandler != null) {
        java.net.CookieHandler.setDefault(null);     
      }     If you read the documentation for CookieHandler you will notice that it is a callback for all HttpURLConnection. So every HttpURLConnection will callback to the global CookieHandler.
    Just as a warning to all those checking your pre 1.5 JavaWebstart applications on 1.5. If you are doing your own cookie management it may break on 1.5.
    So I have a question. Is there a way in the JNLP to specify that JavaWebstart only use cookie management for for cookies exchanged between the launched applications and the server?

  • Web Cache and cookies - need to understand a bit more!

    FROM THE ORACLES DOCS
    If a document contains a cookie, then Oracle Web Cache evaluates the cookie value of the browser request and application Web server response. If the values match and there is a corresponding cacheability rule, then Oracle Web Cache caches the response. Because a session value change does not necessarily indicate a change of state on the application Web servers, session cookie values are not evaluated. For documents that use these cookies, the response is cached, regardless of whether or not the cookie values match.
    OK so does this mean that if I have a site that has a single persistent cookie that say contains the username and the cookie is global over the site i.e. its set for the root "/" then inheritently WebCache cannot cache any page on this site even if the cacheability rule make no mention of cookies as the request and response cookie will be different ie user "bill" goes for first page and WC caches it then user "larry" asks for a page and becuase the request cookie is "larry" and the response is "bill" then it wont cache it even though this particular pages content may make no use of the cookie value.
    Also does it mean that if I have a session cookie say for "authenticated" even if I have expressed that the cookie be used to cache different version of the page its no use WebCache will ignore it and simply cache one version for all even though this particular page maybe be different for authenticated and non authenticated users.
    Sorry but its not clear just how WC works with cookies.
    Thanks for any assistance
    Rob

    I asked one of the developers about this and here is the
    response:
    "I think he was not clear on 2 points:
    1) we do not store any "Set-Cookie" header from the response.
    all such headers are stripped when the document is inserted;
    2) cookie comparison is only performed when we receive a response
    from the os. On cache hits, no such comparison happens -- we
    don't have anything to compare against as the cached documents
    never contain any Set-Cookie headers
    So in his example, after the response to Bill's request gets
    cached (it's cached only when the non-session cookies in his
    request and response match), Larry's request for the same URL
    will get the cached document WITHOUT the "Set-Cookie" header. So
    Larry gets a cache hit and his cookie will not get overwritten by
    Bill's.
    Now in 9.0 (the upcoming release), the cookie value comparison
    only happens for multiversion cookies. So we are relaxing a bit
    in that sense and will cache more documents than before.
    As for his second part of the question (the authentication cookie
    part), I'm not sure what exactly is the application behavior. Do
    only authenticated users have the session cookie? If that's the
    case, then, he can define a session caching rule to say "cache
    with session, and cache without session, and the 2 versions are
    different" (3 YES' on the 3 session definition questions). Then
    we'll cache a version for the authenticated users (with session)
    regardless of the session value, and another version for the
    non-authenticated users(without session).
    If, however, both authenticated and non-authenticated users have
    the same session cookies with different values, and all
    authenticated users map to one version of the doc and all
    non-authenticated users map to another, then Web Cache can't
    currently handle this. This is basically a multiversion cookie
    rule, with some grouping of cookie values, which we don't support
    yet."

  • Webapp does not share cookies with Safari in iOS7

    We use Safari to store authentication cookies for our webapp.  The user will go to our site and authenticate themselves, then create an bookmark in their home screen.  When starting the webapp from the home screen, the cookies that was saved in Safari are no longer accessible in iOS7.  This cause the user to have to go through the authentication process again.  This was working in iOS6 up until upgrading to iOS7. 

    They get to your page, I presume, by clicking a link, so you can structure the href in the link to include the encrypted credentials parameter you want to use.  You have complete control over the URL that they are being told to add to their home screen.  [If you wanted to, you could use javascript and a window.location change, but I'm not sure I see the point. You could also add this credential as a hashtag reference instead of a get parameter, either via javascript or not, but again, I'm not sure there's much point to that.]
    For a very secure application, however, it's a little dangerous, because anyone else can use those same encrypted parameters on an installed iphone app, as well as being able to look at your code to see how you decrypt them (unless you decrypt them only on the server side).
    For my app, security is minimal and there's no risk, but this isn't a very good solution for a proper app.
    A better option might be to create a one-use credential on the server side, and to add a reference to that as a parameter in the link to the iPhone web app page.  When the iphone app is installed and first run outside of Safari (window.navigator.standalone is true), then you can use the one-use credential parameter to look up the credentials, log the user in, and delete the one-use credential on the server side so it can never be used again.
    Of course, your app will still require a way for the user to log back in somehow, but this would take care of a first time automatic logi in, and further communication could get credentials from the server into the web app's local storage, for future automatic log in, if you feel secure in doing so.

  • Losing Authentication

    We have a SharePoint page that displays Excel graphs. After viewing the page and leaving it or closing IE, the next time you try to look at it, your authentication is lost. It will force a prompt for a login and password but you still can't access it and
    receive "This page can't be displayed".
    You can get back in but only if you close IE and clearing the cache.
    Any ideas?

    Hello,
    What authentication type you are using? Also please check ULS and event viewer log for more detail about error.
    I have found this article if it could help you:
    http://blogs.msdn.com/b/mcsnoiwb/archive/2012/06/10/lost-authentication-cookies-in-sharepoint.aspx
    Hemendra:Yesterday is just a memory,Tomorrow we may never see
    Please remember to mark the replies as answers if they help and unmark them if they provide no help

  • Websheets: create link to APEX application in same workspace

    Hi all,
    I'm trying some things with websheets in APEX 4.0.2 and I'm getting quite satisfied about it.
    Let's assume I have this situation:
    app_id 110 : database application with alias MAIN
    app_id 120 : database application with alias SEC
    app_id 130 : websheet application
    They all use the same authentication function, which works fine.
    App 110 and 120 use the same authentication cookie and there are links between these two applications. No problem at all.
    Now, I want to include links to and from the websheet application.
    The link to the websheet is easy: ws?p=130:HOME:&SESSION. So far so good and no log-in required.
    A link from inside the websheet application to a database application is something else.
    I've already found how to use markup syntax to link to another page in the same websheet
    [[HOME | Home link]]and to an external website
    [[http://www.oracle.com | Oracle]]But I can't find the syntax to link to a database application in the same workspace as the websheet.
    I could use
    [[http://<myserver>.<mydomain>/apex/f?p=MAIN:HOME | Home application]]But this is not working flexible. I want to leave out everything before f?p
    If I would install these three applications on antother server, my link won't work anymore.
    Also, I can't find a way to include the session id. &SESSION. isn't working. So with the above syntax, I would have to re-login in my database application.
    Then I tried this
    [[f?p=MAIN:HOME | Home application]]But this isn't working at all. The websheet shows me the create page wizard and fills in the name of the page: f?p=MAIN.
    Can anyone help me out on this?
    Am I expecting to much from websheets at the moment, is this a missing feature or am I doing something wrong?
    Thanks in advance!
    Regards,
    Bart

    Hi,
    Sorry originally I thought you were linking to websheets not from, I don't think websheets have the same capability as a database application, so i don't think apex picks up on substitution strings. Im not sure how processing with websheets work, but I think its very minimal.
    Ive tried it myself, is there a reason you need the session? If I leave the session blank I can get back to the database application, I cant vouch if you're starting from your websheet but I imagine that apex will fill it in for you as its an apex url.
    Cheers
    Huia
    Edited by: Hoppy on 05-Jan-2012 14:48

Maybe you are looking for

  • SSRS 2008 R2 - Dynamic header data stays the same when exporting

    Background: I have a SSRS 2008 R2 report with a single Tablix. The data is grouped by InvoiceID, with each appearing on a separate page. I'm displaying some of the detail data in the group header row using Expressions similar to the following: ="Invo

  • Date serialization

    Hi I have found interesing (??) problem with Date object serialization. Date object serialized on Sun JVM can't be correctly deserialized on IBM JVM !! Try run this example on Sun JVM. import java.io.*; import java.util.Date; public class Write {    

  • External Display menu transparency

    Occasionally when I disconnect my external dvi LCD the transparent menu bar reverts to opaque. Despite the setting still being set to transparent (or toggling it), the only way to get the transparent menu bar back is to log out or reboot. Anyone else

  • Critical issues in MM

    Hi Gurus, Can anybody tell me one of the most critical/ challenging issues in MM implementation Thanks in advance, Kumar

  • I connected my iPod to my comp. while my iPod was still on

    As the title says.. I connected my iPod nano (3rd generation) to my computer while my iPod was still on. Yes I know it's supost to be off, but I forgot for a sec. And yes, iTunes was running. So now my nano wont work.. the screen is locked in a kinda