Cookie in a mod_plsql

Similar Messages

• Integrating mod_plsql reports with Oracle apps. Maddening dilemma.

  I'm hoping there is some guru out there that has the perfect solution to this maddening dilemma I'm facing.
  The crux of the issue is this.
  I've created mod_plsql reports that can accept a session_id with which they can set a user context based on global application contexts set in Oracle applications by users as they log in.
  At this juncture, I have not figured out a way to call those mod_plsql reports from Oracle apps using a variable session_id as defined for the user when they logged into apps.
  My client want to be able to log into Oracle apps and then go to the mod_plsql reports from the Oracle Apps menu and maintain the user session, so that the mod_plsql reports are run using VPD to constrain access to the data they are displaying to that specific user.
  The client does not have Single Sign On installed nor OID.
  I had hoped to pass a variable parameter session_id from the defined menu function that would call the mod_plsql url, but I don't see any way to pass a variable there and am becoming convinced that doing so is not an option. Can anyone confirm this?
  An alternate option I'm considering that seems like it would work is to create a JSP page that gets called from a menu function. In that JSP page, I would retrieve the session_id set in apps based on the context for the user_id that I could retrieve from fnd_global.user_id and assemble a URL with the session_id that the page would then re-route to the mod_plsql page.
  Unfortunately, I'm not versed in JSP.
  How hard would it be to create the sort of page that I'm talking about?
  Can anyone think of any other options that would take care of the issue I'm dealing with?
  Thanks.
  Kurt

  Thanks for the feedback and sorry it took me so long to reply back. I don't recall seeing the session_id or user_id being passed as part of the function set up, but the rest definitely are. I may be mistaken.
  I did come up with a solution that involved the following.
  The package was in another schema, but granting execute to apps and creating a synonym in apps allowed for all mod_plsql output to be generated by Oracle's apps ias server.
  I could capture the session_id and the user_id using a function referencing icx_session. I build an additional procedure that gets called first by the app so that it can set the session_id and user_id to a context then set a cookie that all subsequently generated pages reference with that info.
  That's the short of it and at this point I've long moved on to other issues but it certainly was a relief to get it working. No jsp necessary.
  Thanks.
  Kurt

• Mod_plsql: /pls/apex/f  SSO on 11g (11.1) ,iAS 10.1.2.0.2 , Apex 3.1.2 bug?

  Hello,
  I just configured SSO on our first 11G database exactly the same way as our 9i databases( Yes we skip 10)
  But I don't seem to get it running.
  Environment: Apex 3.1.2 on RDBMS 11.1
  Windows server 20003 standard
  iAS : 10.1.2.0.2
  I configured and installed SSO on the DB and registered with the ORASSO
  When I login to the dev environment using:
  http://w3gvb772.glaverbel.com:7778/pls/apex_dev11gut/
  It works fine because SSO is not used
  But when I go immediately to the SSO enabled application using
  http://w3gvb772.glaverbel.com:7778/pls/apex_dev11gut/f?p=1001:1
  I do not get redirected to the SSO login page but instead the URL is rewritten to
  http://w3gvb772.glaverbel.com:7778/pls/apex_dev11gut/f
  Giving the following error on IE7
  Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
  Error ERR-7620 Could not determine workspace for application ().
  OK
  And in firefox
  Bad Request
  Your browser sent a request that this server could not understand.
  mod_plsql: /pls/apex_dev11gut/f HTTP-400 Bad parameter name: none specified
  Has someone encountered this problem?
  I saw there was a problem that /pls/apex was rewritten as /plsapex/ but this is NOT the case here.
  Thanks
  Erwin
  Edited by: Erwin L on Feb 26, 2009 9:30 AM

  Hi Scott,
  Thiese are the last 5 lines from thje apache error log
  [Wed Mar 04 08:34:17 2009] [error] [client 193.202.68.83] [ecid: 3061116036902,1] (10054)An existing connection was forcibly closed by the remote host: MOD_OC4J_0087: Got an unexpected error while calling send() to send a message to oc4j and the error code is 10054.
  [Wed Mar 04 08:34:17 2009] [error] [client 193.202.68.83] [ecid: 3061116036902,1] MOD_OC4J_0053: Failed to call network routine to send out an ajp13 buffer message to oc4j.
  [Wed Mar 04 08:34:17 2009] [warn] [client 193.202.68.83] [ecid: 3061116036902,1] MOD_OC4J_0027: Failed to send out an ajp13 message to oc4j.
  [Wed Mar 04 08:34:17 2009] [error] [client 193.202.68.83] [ecid: 3061116036902,1] MOD_OC4J_0026: Failed to marshal a request to ajp13 message headers or send them to the web container.
  [Wed Mar 04 08:39:35 2009] [error] [client 10.132.130.29] [ecid: 1236152375:193.202.68.83:2284:2504:2,0] File does not exist: d:/oracle/server10.1.2.2/apache/apache/htdocs/pls/apex/wwv_flow_custom_auth_sso.process_success
  These are the last lines from the apache acceslog file
  10.132.130.29 - APEX_PUBLIC_USER [04/Mar/2009:08:39:35 +0100] "GET /pls/apex_dev11gut/f?p=1001:1 HTTP/1.1" 200 878
  10.132.130.29 - - [04/Mar/2009:08:39:35 +0100] "GET /pls/apex/wwv_flow_custom_auth_sso.process_success?urlc=v1.2~E274EB9F5E9877B824734621A287A2DD42394F7973CF4593FD816F085275EF57D4DCDFF2A11DC7854955A946E9B82D45E46A68F2755C1093B9BBC221A42CF2C26A28745E66B9F55D04C021E312EBC0D29E9974F8028679F1AAA320BB876524A3BC03148CBB44A69BC459770BBA6015DD911D5515739850EF8690AF43FC4380F2CBF7B35A27D97B51BBAB2A753FF24AD426802A6BDE6F14203FE2AEDD7BD8F2EB68C441BCF5766259C56C721070FC8C3453FA1E72EAE0802380AC2CE9919F00C04377425E06CB3048E936AD953CD74E677B3E27827F6799E3E8B8BDE6071D40F40409E98E35F2AD758D5D622459F0C00EE264BFA13508D13075B71C74EC1F3A8217758E1FBCC270CC884987B3AB8C3B52982DBB91DCA4C809C942C52844B10F713643D558BE31B0B4BD2615C70A60B4F4BF1ABD01FE49C347F71E4D220B547CC304DCE1572F6651F06A99E4A89081CE64261559CB8B352DC0DAF8EE0F8A887612CA679EE5FB86A2805DF22D9092A90D7CF37BEF5A190C3336E2842AF44FE2EC654D732573214D8C5B HTTP/1.1" 404 382
  193.202.68.83 - - [04/Mar/2009:08:39:52 +0100] "POST /reports/rwservlet/getserverinfo HTTP/1.1" 200 48
  193.202.68.83 - - [04/Mar/2009:08:40:10 +0100] "GET /forms/lservlet HTTP/1.1" 200 223
  193.202.68.83 - - [04/Mar/2009:08:41:10 +0100] "GET /forms/lservlet HTTP/1.1" 200 223
  193.202.68.83 - - [04/Mar/2009:08:41:19 +0100] "GET /reports/rwservlet/pingserver?server=W3GVB772RS01 HTTP/1.1" 200 3
  193.202.68.83 - - [04/Mar/2009:08:42:10 +0100] "GET /forms/lservlet HTTP/1.1" 200 223
  Erwin

• How to open application twice in same browser  (cookie problem?)

  We want to be able to open the same Apex application for a test and a production system simultaneously. Settings between the two environments can then be easily compared for example. Unfortunately it seems that both sessions place information in the same cookie and navigation in one application influences the other.
  The workaround we use it to run both sessions in a different browser i.e. IE and FF.
  Is there another way around this?
  (apex 4.02)
  Edited by: Rene W. on Jul 31, 2012 12:04 AM

  Rene W. wrote:
  Thanks for the reply's
  @Erik-Jan
  The cookie name you enter in the authentication scheme seems to be a static field. We deliver standard software packages so that value will be the same for every installation. Unless the value can be determined at runtime?
  @Dietmar
  That could be a workaround. What contributes to the problem is that although test and production usually run on different DB servers the Apex listeners run on one server but on different ports.We had the same situation. The problem is that the cookie does not distinguish between different ports.
  Our solution was to setup the apex listener/OHS slightly differently. I think it was inside the mod_plsql config or http.conf, where you can set the url path.
  Meaning instead of connecting to
  <pre>http://localhost:8080/pls/<b>apex</b></pre>
  we connect to
  <pre>http://localhost:8080/pls/<b>apexdev</b></pre>
  The result is that the cookie path is different. And there will be a new cookie for each path. And as long as all the environments have a different path, their cookies will all be separatly stored from each other.
  However if you use the EPG, I'm not sure how this setting can be changed.
  Edited by: Sven W. on Jul 31, 2012 12:19 PM
  Edited by: Sven W. on Jul 31, 2012 12:23 PM

• Remote JPDA interactive debugging of mod_plsql application with JDeveloper

  We have an existing application running on Oracle DB v10.1.0.4 which we want to debug insitu in order to analyse its operation and functions. The application is best described as a 3-tier Oracle PL/SQL Web–Enabled Application implemented using the specialised mod_plsql module of the Oracle HTTP Server [Apache 1.3].
  We want to be able to interactively debug the pls/sql code whilst a user is
  using the live application [from the web browser] using the JPDA remote
  listening facilities of JDeveloper 10.1.2. How can this be done ?
  After extensive research , I have found only two online resource that briefly
  indicate this can be done: viz
  1. http://www.oracle.com/technology/tech/pl_sql/pdf/Paper_30720_Ppt.pdf
  - The debugging user sets a cookie via the browser UI –specifying JDWP host and
  port Causes mod_plsql to call Connect_Tcp before its normal calls and
  disconnect after these.
  2. http://web51-01.oracle.com/oowsf2004/1401.pdf
  Web mod_plsql applications
  – Create a UI form to set a cookie in the browser
  – Pass the hostname and port to the owa_debug package
  – owa_debug transparently calls the server-side PL/SQL to connect with the
  debugger listener for each subsequent page requested by that browser
  This information is not enough for me to actually be able to do this. I need
  more details/ example etc. I also have not been able to find ANY additional
  info on the owa_debug package- which is critical to the whole solution. Any help appreciated.

  These are the steps to set up the database and JDeveloper for debugging your mod_plsql Web applications.
  --- Database setup ---
  1. Load additional PL/SQL gateway debug packages:
  cd $ORACLE_HOME/wwg/admin/owa
  sqlplus "sys/... as sysdba"SQL> @pubowad.sql
  SQL> @privowad.plb
  SQL> @pubjdwp.sql
  2. Grant debug connect session privilege to DAD database user:
  sqlplus "sys/... as sysdba"SQL> grant debug connect session to <DAD-database-user>;
  3. Create the Web HTML interface to initiate debugging in the DAD database user's schema:
  cd $ORACLE_HOME/wwg/admin/owa
  sqlplus DAD-database-user/...SQL> @owaddemo.sql
  4. Recompile your application procedures with debug information:
  sqlplus DAD-database-user/...SQL> alter session set plsql_debug=true;
  SQL> create or replace procedure XXXX ...;
  5. Sets DAD attributes for debugging:
  In the DAD setting inside dads.conf, add
  PlsqlOWADebugEnable On
  PlsqlMaxRequestsPerSession 1
  PlsqlExclusionList \#None\#
  and restart your Oracle HTTP (Apache) listener.
  --- JDeveloper setup ---
  6. For remote debugging (e.g. debugging a PL/SQL Web application executed by mod_plsql), choose "remote debugging" as follows:
  * Choose Tools -> Default Project Properties... menu.
  * Select Profiles -> Development -> Debugger -> Remote tree node.
  * Check Remote Debugging option.
  * Select Listen for JDWP option.
  * For Database Connection for Locating PL/SQL Source:, select the database connection just created.
  7. Set a breakpoint in your application procedure:
  * In Connections tree, expand Database node. Expand the new database connection node. Expand the database user node. Expand Procedures, Functions, or Packages node. Double-click the library unit you want to set a breakpoint in.
  * In the program source of the library unit, single-click at the left-margin of the source line you want to break.
  8. Start remote debugging:
  * Start the debugger listener from Debug -> Debug Project menu. Specify the TCP/IP port number the debugger should listen for JDWP (debug) connection.
  --- Invoke Web application in debug mode ---
  9. In your browser, go to the URL http://<host>:<port>/<DAD-virtual-path>/owa_debug_demo.main_form. Check the "Enable JDWP Debugging" box, enter the "JWDP Debugger Host" as the host of your JDeveloper machine, enter the "JDWP Debugger Port" as the TCP/IP port that JDeveloper is set up to listen for JDWP (debug) connection. Then hit "Create Debug Session". This will create a cookie for you which will be used to track your "Debug Session" preferences.
  10. In your browser, invoke your Web application's URL. You should your application session being connected to your JDeveloper for you to debug.

• How do you stop unauthorized cookies from appearing in Safari?

  Hi ,
  I'm using Safari 5.1.10 and system 10.6.8.  I've gotten all the security downloads available, but I seem to having issues with unauthorized  cookies appearing. These seem to appear even though I've not visited their websites, and have Safari set to accept cookies from only sites I've visited.
  After going to Preferences:Privacy: remove all website data: then remove all cookies,
  If I just wait a few minutes, I get 72 website cookies restored to  my computer, without doing anything. These include cookies from google, alibaba, 2mdn.net, facebook, microsoft, oracle and many more.  Some of these  declare they are using local storage, others the catch, while others just declare themselves as cookies.
  These appear in spite of the fact that I have the preferences set to block cookies from third party advertizers, set Extensions to OFF, but have Javascript enabled, and allow Java, but deny all other plug-ins.
  If I unclick the allow Java button in Preferences:security, then  11 of these cookies sneek back in, but the others seem to be blocked. Those that come back include Alibaba, apple, google-analytics, "local documents on my computer", machine-seeker, wikipedia, and a few others.
  If I disable JavaScript in Preferences:Security, now I get only cookies from sites I've visited, as I'm supposed to, according to the settings in my Safari preferences.
  So it seems that some unscrupulous information collectors are collecting data  even when the Safari settings should prohibit it. Unfortunately, some of the sites I visit ( Like Apple support communities)  require that Javascript be enabled, so I don't know how to stop this. 
  The problem is that I've found these unwarrented cookies appear to slow down my internet connection speeds  by  ~ 95% ( Try removing them and disabling Javascript to see what happens) in addition to it being an invasion of my privacy. In addition, it really bothers me that some of these sites are storing local documents on my computer without permission.
  As I've said, I've already installed ALL the pertinent security updates.  Does anybody have any idea how to stop this from happening? I presume this is also happening on my iphone and ipad as well, but haven't checked.
  I see that Safari was sued by Apple in 2012 for doing just this same thing, but they appear to be up to their old tricks, as well as many other companies.
  Thanks

  Hi,
  I've investigated this phenomena  of UNauthorized Cookies a bit more  in the past few days and found their cause  and uses goes very deep down the internet rabbit hole.  While most browsers allow the user to delete cookies, or to block cookies from third parties, third parties may place cookies or "cookie equivalents" on your computer through a large variety of back doors. The most pernicious type  of such cookie is euphemistically  called a "Zombie Cookie"  or a "supercookie".
  These may reside in a number of places either in  your own computer or remotely on the web. Deleting zombie cookies or supercookies is generally ineffective, because they are reinstalled in your browser, or worse, just exchange information with your browser withouth leaving a trail of cookie crumbs, the next time you get online. Some of these zombie cookies are not browser specific, so they can be accessed through all browsers on your computer. 
  The reason that you may never have heard of supercookies, and the reason they are so hard to find and get rid of, is that their deployment is deliberately sneaky and designed to evade detection and deletion. This means that most people who think they have cleared their computers of tracking objects have likely not. The European Union has recently taken action to make illegal the emplacement of "non-essential" cookies  on your computer, but the United States, being less concerned about your personal privacy, and more concerned about  making it easy for companies (and the government) to eavesdrop, has not.
  The following is a list ( probably incomplete) where zombie cookies may be hiding on your computer:
  Standard HTTP cookies
  Storing cookies in and reading out web history
  Storing cookies in HTTP ETags
  Internet Explorer userData storage (starting IE9, userData is no longer supported)
  HTML5 Session Storage
  HTML5 Local Storage
  HTML5 Global Storage
  HTML5 Database Storage via SQLite
  Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  Local Shared Objects
  Silverlight Isolated Storage
  Cookie syncing scripts that function as a cache cookie and respawn the MUID cookie[4]
  If a user is not able to remove the cookie from every one of these data stores then the cookie will be recreated to all of these stores on the next visit to the site that uses that particular cookie, or in some cases, just the next visit to the internet, even though you may have barred 3rd party cookies from being emplaced in your browser. Every company has their own implementation of zombie cookies and most are kept proprietary, although an open-source implementation of zombie cookies, called Evercookie,[5] is available and commonly used.
  One  such common type of supercookie is called Local shared objects (LSOs), or more commonly Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects are used by all versions of Adobe Flash Player and version 6 and above of Macromedia's now-obsolete Flash Player.[1]
  It is possible to see who is using Flash cookies on your computer, (and remove them) by going to the adobe website storage settings panel : (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_man ager07.html).  This takes you to a settings manager  figure. This  Settings Manager figure that you see on this page is not an image; it is the actual Settings Manager for your computer. Click the tabs to see different panels, and click the options in the panels to change your Adobe Flash Player settings.
  So far, I have not been able to find a method of removing or inhibiting zombie cookies that use HTML5 local or global storage locations. Some browsers may provide such power, but Apple Safari apparently does not.
  For more information on supercookies see:
  https://www.bestvpn.com/blog/8177/super-cookies-flash-cookies/
  There are some ways to reduce your load of unwanted cookies and local storage  type cookies using  extensions such as AdBlock or Disconnect,  But I've tried some of these and it doesn't seem to  stop very many of them, even though the Disconnect extension is said to block over 2000 of these types of  cookies.
  For those who are trying to ride under the radar by using some of these extensions or software blockers, be aware that use of these may actually make you more visible because of browser fingerprinting.  Whenever you visit a website your browser sends data to the server hosting that site. This data includes basic information, including the browser name, operating system, and exact version number of the browser. This information is known as passive browser fingerprint because it happens automatically. However websites when blocked, can also easily install other types of scripts that ask for additional information, such as a list of all installed fonts and plugins, supported data types (so-called MIME types), screen resolution, system colors and much more. Because this information has to be solicited from your browser, it is known as active fingerprinting. Taken altogether, the various fingerprint attributes can be almost instantly (it takes just a few milliseconds to run algorithms that compare millions of fingerprints) combined to create a unique fingerprint that can be used to very accurately identify an individual user, no matter if cookies have been deleted or IP address changed between website visits.
  For an article on browser fingerprinting, See : https://www.bestvpn.com/blog/8159/browsers-fingerprint-reduce/
  The bottom line is that if you use the internet, your browser history is being tracked by a myriad of companies and government agents, and it is likely not possible to stop this.  For those who work in science, industry or government and are working on sensitive topics or novel product development  that  another company or government may find interesting, there appears to be many ways to recreate  what you are working on by studying your browser history, or installing worms to view exactly what you are writing or reading.  It came as somewhat of a shock to me to see just how pervasive internet spying has become, and it's not just malicious or destrustive agents who are doing so. Google didn't become a $350 billion company by simply bringing nice toys to us to play with. The real value of the internet comes from the trade and sale of secretly obtained personal information from you and I and everyone else, and its sale to all who will pay for it.

• Is there a way to delete only cookies in safari 5.1?

  Is there a way to delete only cookies in safari 5.1?
  If you go to Preferences -> Privacy -> details, you can choose to remove "website data" but sometimes this includes the local cache and also local storage.
  Is there any way to delete JUST/SOLEY the cookies that the browser stores?

  Go to ~/Library/Cookies.
  Move the Cookies.plist to the Trash.
  ~ (Tilde) character represents the Home folder.
  For LIon:   To find the Home folder in OS X Lion, open the Finder, hold the Option key, and choose Go > Library

• How do I find the cookies I want to keep

  Recently I asked for some help but I think my request has got lost.
  I had beenadvised to save the cookies I want to keep but this is beyond me.
  My question is how do I find the cookie I want to keep? It is a cookie for an ebook and I have no idea what it is.
  Will deleting all other cookies mean that it will also delete my passwords and log ins on several sites? I don't want this to happen.
  Which brings me to the last point - You say that if I list exceptions to cookies I want to keep (at least I think that is what you mean), how do I find all those cookies?
  Again, sorry for troubling you but until I can find out more about the cookies, I don't want to delete these in case I delete the wrong ones, such as the ebook.
  Thank you cor-el. I do appreciate your advice...enormously.
  Anthony

  Dear Sir,
  Thank you so much for the above. It will be of great help in telling me where to go. But my problem is that if I can find cookies, I don't know which ones I want to keep. Are they labelled with the sites they refer to? If so that will help me. Apart from one which is the cookie I need to get to my online ebook, I guess there are cookies for the various passwords I have saved?
  Forgive me but I am an old man and not real great with computers.
  Thanks,
  Anthony

• I would like to be able to have any cookie I choose to accept on a given website be deleated as soon as I leave or close that website so that my surfing does not get tracked from site to site. I don't see an option for that. Is any one working on that?

  I don't want my surfing to tracked from site to site.
  Some sites require cookies be turned on in order to access the data I want or to perform a transaction.
  Right now, I have Firefox set to not accept cookies until I run into a site that requires cookies be accepted.
  Once I need to turn cookies on, I return to "Options" and select accept cookies but not 3rd party cookies.
  I will then be surfing along and occasionally check what cookies have been placed. There may be several placed I did not know were placed. I assume my surfing has been being tracked and I don't like that as a point of privacy.
  Is there a privacy setting I am missing, an application or extension I can download, or is the Mozilla team working on this as a feature?

  As far as I know, [https://addons.mozilla.org/firefox/addon/classicthemerestorer/ the Classic Theme Restorer add-on] is the only way move the Reload button outside the address bar.
  # Install [https://addons.mozilla.org/firefox/addon/classicthemerestorer/ Classic Theme Restorer] and restart Firefox when prompted.
  # Open the Add-ons Manager (Ctrl+Shift+A; Mac: Command+Shift+A), then the Extensions category.
  # Next to Classic Theme Restorer, click the Options button.
  # On the Main tab, make sure "Movable back-forward button" and "Hide urlbars stop & reload buttons" are checked. You might also want to check "Combine stop & reload buttons". Close the options window when done.
  # Right-click an empty area of the tab bar and choose Customize.
  # Drag the Back/Forward, Stop and Reload buttons onto the navigation toolbar.
  # Click the Exit Customize button in the lower right corner when done.
  That being said, I should point out that you can reload pages in other ways.
  * Right-click any tab and choose Reload.
  * Right-click an empty area of the page and choose Reload.
  * Press F5.
  * Press Ctrl+R (Mac: Command+R).

• How to find out portal user from sso cookie ?

  Hi,
  I want to find out the portal user id from Portal30_sso cookie. It is required for security in my java servlet.
  Thanks
  Vikas

  First of all, you can't get anything from the portal30_sso cookie or the portal30 cookie or the SSO_ID cookie. These are cookies established for (1) The login server session; (2) The Portal session; (3) The login server single sign-on cookie - visible only to the login server.
  When you want to know who the current user is, you need to establish the context. If your servlet is standalone and not a partner application to the login server and it's not a portlet, etc., then what context does it have? What concept of users does it have? If you are really asking what Portal is currently logged on, that is still a loaded question. The user's browser could be accessing several portal's at the same time, each with a different identity. What I am getting at is that your servlet needs to somehow be associated with a particular portal before it can even think of asking this question.
  The ways to associate your servlet with a portal would be
  [list=1]
  [*]Make it a partner application
  [*]Make it a portlet
  [*]Make it an external application
  [list]
  Hope that helps.

• Did you know about Flash Cookies?

  I know about regular cookies, and delete them... but had no idea there was such a thing as a Flash Cookie
  Read about 1/2 way down here http://windowssecrets.com/comp/100805

  Rod,
  Since you're a confessed geek with some actual coding chops, I'm sure you'll understand the hair I'm about to split here. Hang on a moment while I grab my axe...
  Even with your page jumps, the cookie isn't doing anything. It's just a text file named after a snack. What's causing your page to jump, browsers to redirect, and the moon to shift its gravitational field three degrees to the north is the code in the web page that's being loaded. True, it may look in the text file to see what IP address to report to, but the connection, handshaking, transfer of data and powering up of lasers are all on your web page (or the server side code being executed on its behalf). The cookie is little more than a poorly dressed informant hanging out on the street corner waiting to pass along tidbits of information when the right person asks. Doesn't exactly make it a savory character (name notwithstanding), but it's a harmless one nonetheless. If it's evil you seek, you'll find it in the web site, not the cookie. And that's why I never understood the religious fervor against cookies.
  Now, if you want a truly dangerous leave behind, at least on Windows, ActiveX controls are your guys. They're really just glorified COM objects, and thus have complete access to the entire Windows API. Give me permission to install an ActiveX control on your machine and I can rewrite your file system, start and stop services, reboot your computer, or just turn the screen a hyperintelligent shade of the color blue because it amuses me. Anything that can be done in Windows programming is essentially available to the ActiveX control.
  Of course, browsers got hip to this years ago, and now the default security settings for ActiveX are to not install automatically, or at least to query the user first. Or, as it's configured on my machine, feel free to install if you can make it past this shotgun pointed at your head. Maybe that's why there's not as much of a flap about ActiveX as there is about cookies. Because they're truly dangerous, the browser community took it seriously.and now only someone with a death wish allows a web page to install an ActiveX component.
  And overall, this is kinda my point. The much maligned cookie gets a bad rap while in truth it's the web page staring you right in the face that's preparing to rob, rape and pillage. But then, misdirection has always been a classic tactic in warfare.

• I have been using google calendar with firefox for a while and now it won't open the page and says something about cookies...Please help! I need this for my business. I don't like internet explorer, but that browser can open my calendar so I have to use

  The page isn't redirecting properly
  Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
  * This problem can sometimes be caused by disabling or refusing to accept
  cookies.

  "Clear the Cache": Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove the Cookies" from sites causing problems: Tools > Options > Privacy > Cookies: "Show Cookies"
  See http://kb.mozillazine.org/Clearing_the_cache and http://kb.mozillazine.org/Cookies
  See also http://kb.mozillazine.org/The_page_is_not_redirecting_properly

• Safari 5.1, OS 10.6.8 and cookie controls

  Ok, I know there are numerous threads here in the Mac Safari forum regarding the issue of Safari 5.1 and cookie control. I just thought I would start my own thread instead of continuing on something else.
  I am using Safari 5.1 and 10.6.8. I waited for a bit to update to 5.1 (did it this week), giving it since its debut on July 20th. I too am experiencing the lack of cookie controls. The three settings that exists do not seem to do what they say except that they always allow cookies.  To update from Safari 505, I downloaded the installer from Apple downloads instead of using SU function. 
  Has anyone read something that Apple knows of this issue? 
  Since installing Safari 5.1, I have done the last security update as well.
  I remember reading that reinstalling the 1.1 version of the 10.6.8 combo would replace Safari 5.1 with 505. But, has anyone tried that? Will Safari 5.1 show up in software update as well as the last security update? I am wondering if I reapply that combo if it will undo the last security fix as well (since I am assuming software update will still see the receipt for the previous ones and not call for them to be redone).
  If all cookies are coming through, isn't this a serious bug?  I have been resetting safari often to wipe them out, but they reoccur switftly.  I have to MBP's and am seeing the same behaviour on both.

  I'd use that terminal command - takes seconds (and a restart) + no download. But otherwise yes - the 10.6.8 v1.1 then the update & anything else software update picks up (not safari, obviously )
  Some people happily get a copy of just the safari 5.0.5 application & use that, since apparently it works, although I'm not sure what cookie function you'll get (easy enough to see). You'd use Pacifist to extract it from the 5.0.5 installer package, or grab it from a backup.
  Although you'd hope software update would catch the security change - I'm not sure if the combo would overwrite the new or not... on the one hand, it's newer, but on the other, it sure over-wrote safari 5.1 when i checked it... so better to be sure, I haven't checked since that update.
  If you look at the files in /System/Library/Keychains/ afterwards - if EVRoots.plist, SystemRootCertificates.keychain, and SystemTrustSettings.plist are all dated 23 April 2011, the combo rolled them back - if they're later... it didn't.
  Apple do know, since bug reports come back as 'duplicate of...' - but  there's no public info to my knowledge.
  How much of a security issue is this? Should I worry about it, or just leave it until they update to fix?
  more privacy than real security, I'd say - although there are add-ons to manage cookies.

• The "always allow" button is grayed out in settings regarding cookies, and I can not find where to change the setting.  (Restrictions are not on.)

  The "always allow" button is grayed out in settings regarding cookies, and I can not find where to change the setting.  (Restrictions are not on.)  Do you know where I go to change the setting to allow me to "always allow" cookies?

  Hi lisaarnett111,
  If you are having issues turning on Always Allow for cookies in Safari on your iPad, you may want to check to make sure that you don't have Private Browsing enabled, as noted in the following article:
  Turn Private Browsing on or off on your iPhone, iPad, or iPod touch - Apple Support
  Regards,
  - Brenden

• Unable to set cookie preferences in safari 5.1.5 by going to safari/preferences/privacy.  It used to be there and now there is nothing showing under that tab.

  I had looked at the cookies a couple of weeks ago.  I deleted all cookies.
  A few days ago my email was hacked into which sent a spam email to all my contacts.  I changed my password to that account, warned everyone in my contacts, and haven't had a problem with email since.
  However, I tried to do the 'delete all cookies' again and when I go to safari/preferences/privacy...there is nothing on that screen under that tab.  Not even a question mark. I changed my history items to be removed every day from every week but don't think that would be the issue.
  Any help would be greatly appreciated.

  Uninstall SIMBL as follows.
  Select Go ▹ Go to Folder… from the Finder menu bar, then enter the following text in the box that opens:
  /Library
  A folder will open. From that folder, delete the items listed below (some may be absent.) You may be prompted for your administrator login password.
  Application Support/SIMBL
  InputManagers/SIMBL.bundle
  LaunchAgents/net.culater.SIMBL.Agent.plist
  ScriptingAdditions/SIMBL.osax
  Log out and log back in.
  Make sure you never reinstall SIMBL. It’s likely to come bundled with another third-party system modfication that depends on it. If you want trouble-free computing, avoid software that makes miraculous changes to other software, especially built-in applications. The only real exception to that rule is Safari extensions, which are mostly safe, and are easy to get rid of when they don’t work. SIMBL and its dependents are not Safari extensions.