Credential session cookie and smartphone

hi,
it seems session cookies for authentification doens't work with opera on Windows mobile6.5 and safari on iphone3gs.Browsers prompt me with AD authentification and .....blank page. It works with ie in wm6.5
Do you already seen that before?

Thanks.  I stumbled across the post while researching this. I didn't really think of it as being the same thing, but I do see how it is relevant to my question.  I am considering writing a very basic custom module to do what the standard one does,
but ignore certain requests.  I feel like this has probably already been done a dozen times before, so if anyone knows of anything on GitHub or Codeplex, that would be very helpful information.
Is there any guide out there on writing modules in such as way as to add them to the ApplicationInsights.config the way the official Microsoft modules are configured (ie. by tape name in the XML File)?

Similar Messages

  • Air + Ipad + RemoteObject problem with session cookies

    I am making Air version for IPad of a Flex application.
    My flex application needs session from an secured enterprise proxy, without that session none remoteObject requests can pass the proxy and reach blazeDS.
    My solution for flex works fine: calling an enterprise  servlet at application´s startup to obtain a cookie session. I use a POST call to the servlet using URLRequest (sending the user and password parameters), the servlet responds with  a message with a session cookie, and from that point, without me having to code anything more, my flex application get that cookie with the session that automatically is loaded in my browser cookie stack, and that transparently is used from all my subsequents remoteObjects calls in the flex application.
    In my Adobe Air Ipad version, this just does not work, the session or is not storaged or is not attached with subsequent remoteObjects requests.
    - I´m forcing request.manageCookies = true
    - I´m working with the IOS simulator (Is there any difference for cookies with a real Ipad device?)
    - I´m using Flex 4.6.0, Air 3.5, IOS 6, Ipad 3, BlazeDS 4.0, Java 6 BackEnd.
    .. What´s the problem/difference with Air+Ipad from the flex version?

    Hi BalusC ,
    Thanks for your detailed response. I have a question about this comment you noted..
    "Terrible. Just keep the bean request scoped. "
    I changed the bean to request and now have this issue.
                <rich:dataGrid id="membersInZipcode" value="#{membersInZipcode.arrayListOfSearch4Member}"
                            var="membersInZipcode" columns="5" elements="20">                       
                <f:facet name="footer">
                    <rich:datascroller></rich:datascroller>
                </f:facet>
            </rich:dataGrid>
            </h:form>  I am using a request bean to hold the search parms that loads the bean. This works great.
    The problem is when I use the rich:datascroller for the next page.
    It goes back to the bean and the request scope bean is empty. This holds the search values.
    How do I put this back into the request after each process??
    Question 2..
    "Those settings only applies on the current request, i.e. the JSP file itself. Images are obtained by separate and independent requests. You need to set the headers on those requests as well. You can use a filter for this."
    I have never set a filter ...how do I do it? Do you have a link for an example of this filter setup?
    Thanks Again
    Phil

  • Session Cookie in Servlet

    Hi all
    I have a issue please answer me.
    If users disabled cookies.( other than session cookies)
    how i should dynamically switch session cookies.
    and how i can generate session cookies in servlet?
    thanks
    yashvant

    If the user has cookies disabled (session, since persistent ones are rarely used for maintaining session state with a browser), then most containers will attempt 'url-rewriting' and insert the session uid there (in the URL). That should work even if cookies are disabled. In order to access a session, you simply call HttpServletRequest#getSession(). If no session exists, one will be created, else the existing one will be retrieved. The J2EE container will send either a cookie in the response or re-write the URL. You don't have to do anything special.
    - Saish

  • Session cookie question?

    This is a really stupid question but i need the answer lol is a session cookie and a session the same thing? if not whats different and which is better to use to see if a user is logged on my site?

    A "session" is stored in memory on the server and is bound to a specific "sessionId". The sessionId is stored in a cookie by default. When the browser submits the cookie the webserver can use that value to link an existing session to that client.

  • Looking for sample code to decrypt MYSAPSSO2 session cookie

    Hello,
    I am looking for a sample code to decrypt MYSAPSSO2 session cookie and get the username out of it.

    Hi Roy,
    if you just need the username the easiest way is to grab the Cookie and Decode it using Base64. The username is contained in cleartext.
    e.g.
    MYSAPSSO2 Ticket as fetched from Browser:
    AjExMDAgABFwb3J0YWw6bXRyaWNhcmljb4gAE2Jhc2ljYXV0aGVudGljYXRpb24BAApNVFJJQ0FSSUNPAgADMDAwAwADRDAxBAAMMjAwODA3MjUwNTA3BQAEAAAACAoACk1UUklDQVJJQ0%2F%2FAQUwggEBBgkqhkiG9w0BBwKggfMwgfACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGB0DCBzQIBATAiMB0xDDAKBgNVBAMTA0QwMTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwNzI1MDUwNzU5WjAjBgkqhkiG9w0BCQQxFgQUxUGK!5EDTrHQErPQCVJhEySzTBAwCQYHKoZIzjgEAwQvMC0CFQCD3K2A2hrgpNa5EceiDXjRN309ewIUTM3DJi8QTxmk%2FJez!rjnFlTM3BQ%3D
    Decoded Ticket using Base64:
    1100 uFFFD portal:mtricaricou02C6uFFFD basicauthentication uFFFD
    MTRICARICO uFFFD 000 uFFFD D01 uFFFD 200807250507 uFFFD uFFFDuFFFDuFFFD
    If you want to do it programmatically using any libraries to completely decode the ticket, check the validity and also access the certificate information inside the ticket you can use a SAP Extension called SAP SSOEXT (Goto service.sap.com/swdc and search for SSOEXT => The package also contains documentation and samples for various programming langauges such as JAVA).
    This one needs dynamic libraries or shared libraries to be linked.
    There also is a pure JAVA approach.
    Have a look at this:
    http://www.zope.org/Members/Dirk.Datzert/MySapSsoSupport/
    But:
    The approach of decrypting the cookie does not really make since when you are in a SAP system it is more intended for 3rd party systems in order to implement SSO.
    Hope this helps
    Cheers

  • How to Set up HTTPOnly and SECURE FLAG for session cookies

    Hi All,
    To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
    I have found the below solutions.
    For setting up the HTTPOnly for the session cookies.
    1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
         this.sessioncookie.httponly = true;
    For setting up the secure flag for the session cookies.
    2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
         this.sessioncookie.secure = "true"
    Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
    <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
    <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
      <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
      <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
    </cfif>
    But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
    Your timely help is well appreciated.
    Thanks in advance.

    BKBK wrote:
    Abdul L Koyappayil wrote:
    BKBK wrote:
    You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
    I couldnt understand this. I mean how are you relating this with my question.
    When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
         If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
    Name:
    JSESSIONID
    Content:
    782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
    Domain:
    xyz.abc.pqr.com
    Path:
    Send for:
    Any kind of connection
    Accessible to script:
    No (HttpOnly)
    Created:
    Wednesday, September 3, 2014 2:25:10 AM
    Expires:
    When the browsing session ends
    BKBK wrote:
    2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
    Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
         I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
    BKBK wrote:
    3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
    It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
         I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

  • CFID and CFTOKEN Being Deleted from Session Cookie

    I can't believe that no one else has run into this - but I
    have found nothing on the internet.
    When I copy a piece from a web page that is generated by my
    coldfusion server, and paste it into a word document, the session
    cookie is altered, and the CFID and CFTOKEN information is deleted,
    so I lose my login. Recently, I've developed a problem on a
    different application - when I open a word document that is stored
    on the server, using CFCONTENT, same thing happens - the cookie is
    altered, CFID and CFTOKEN are deleted, and I lose my login.
    I'm tearing my hair out. Has anyone seen this behaviour, any
    ideas as to why this would occur? Any ideas as to how to get around
    it?

    Here's my CFAPPLICATION tag:
    <cfapplication name="DashBoard"
    clientmanagement="Yes"
    sessionmanagement="Yes"
    setclientcookies="Yes"
    clientstorage="cookie"
    loginstorage="session"
    sessiontimeout="#CreateTimeSpan(0, 0, 30, 0)#">
    Not sure what you mean by application sections. It's one
    application.
    I don't refer to the cookie in any other way. It's there only
    to do what CF does with it - maintain the information that's used
    to find the session.

  • 3 question about cookie and session please.

    1. I know that session automatic use in JSP by default and save session id in cookie. I have code that show all cookie on my computer
    <%
         Cookie [ ] listcookie = request.getCookies();
         Cookie mycookie = null;
         for(int i=0; i<listcookie.length; i++)
              mycookie = listcookie;
              out.println("<tr><td> " + mycookie.getName() + "</td>");
              out.println("<td> " + mycookie.getValue() + "</td></tr>");
    %>
    When I first run this code it now show cookie. But when I click refresh it show session cookie. Why it not show session cookie at first time?
    2. I use tomcat on window. Is session on server is save as file. Which directory it save?
    3. I use method getCreationTime() to check first create session time and method session.getLastAccessedTime() to check last access session time. I have to file
    showsession1.jsp
    first time create is <%=session.getCreationTime()%>  <br>
    last time access is <%=session.getLastAccessedTime()%> <br>
    <a href="showsession2.jsp"> showsession2.jsp</a>showsession2.jsp
    first time create is <%=session.getCreationTime()%>  <br>
    last time access is <%=session.getLastAccessedTime()%> <br>When I open browser and run showsession1.jsp first time create and last time access is equal when I click link to showsession2.jsp it also equal. Why it still equal because it is second time that I access JSP file? It change when I refresh file showsession2.jsp

    1. When I first run this code it now show cookie. But
    when I click refresh it show session cookie. Why it
    not show session cookie at first time?
    When you first request the JSP, the session cookie does not exist on your PC and so your browser cannot supply it which means that the JSP cannot display it. The session cookie is created when the JSP returns the response to the first request. The browser can then send the cookie on subsequent requests.
    2. I use tomcat on window. Is session on server is
    save as file. Which directory it save?How the server saves the session info is server dependent and it's unlikely you will be able to view it.
    3. I use method getCreationTime() to check first
    create session time and method
    session.getLastAccessedTime() to check last access
    session time. I have to file
    showsession1.jsp
    When I open browser and run showsession1.jsp first
    time create and last time access is equal when I click
    link to showsession2.jsp it also equal. Why it still
    equal because it is second time that I access JSP
    file? It change when I refresh file showsession2.jspProbably showsession2.jsp was already in the browser cache and so there was no request to the server until you refreshed

  • Differences between cookies and sessions

    Hi there,
    I want to learn the differences between sessions and cookies in PHP.Please help me.
    Please let me know if there any video demonstrations that explain sessions and cookies.
    Thanks in advance.

    Cookies and server side sessions are related in that they are both ways to persist data. This is required because of the fact that http is a stateless protocol, meaning that each request and response are independent transactions. Cookies are stored on the client. You might use them to store the contents of a shopping cart, or a user login id for a particular site. Or you could store a setting so that the user is automatically logged in, similar to what occurs here in the adobe site / forums. You can set various options for when cookies expire. Cookies that persist when the browser is closed are store in files, otherwise they could be store in memory only. Cookies can be created using either client or server side code.
    Server side sessions are created on the server with a server side scripting language. A session id is generated and stored as a token on the client (in an in memory cookie) so that the server can track requests from the same originating client. Session variables are ways to store data related to the session on the server. Sessions use server resources which is why you should only use them when necessary and destroy them when done. When the session is destroyed, the session variables are gone so if you want to keep them for later you can store them in a database or store them in a cookie.
    HTTP cookie - Wikipedia, the free encyclopedia
    Hope that helps

  • Maintaining session both with cookies and jservsessionid

    Can the same session be maintained both with cookies and jservsessionid?
    If not, does anybody know how to link a request without cookie to an existing session? Can that be achieved by means of just the sessionid?
    Thanks,
    Modulab

    repost

  • Session timeout and custom sso

    Hi,
    can anyone tell me how the session and idle timeout feature in Apex exactly works?
    I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
    Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
    Jens

    Anyone?

  • Session handelling and routers

    Hi,
    this is a simple yes or no question. If you know the answer this will only take a few seconds of your time.
    We plan to develop an application using java session objects and run it on multiple servers balanced by an Alteon webswitch. Can webswitches read the session id (called jsession id) even if the end user has cookies disabled (ie the jsession id is written in the url)?
    If you have done this, or know this can definately be done, just say "YES". We will figure out how later on.
    Thanks in advance for your help,
    Sean Cronin.

    Yes. The session object relies on cookies and/or URL re-writing. the sessiontracker just decides what methode to use depending on cookies enabled or not.

  • Login cookie and internet explorer

    Hello,
    Is there a way to be able to login into an application without changing the privacy options in IE to LOW?
    Without setting the IE privacy to LOW the users don't pass the login screen.
    Thanks.
    NJ

    NJ,
    So maybe rewriting the login cookie procedure to allow logins with the slider set to Medium High.This sentence fragment indicates that you do not understand what I've tried to say several times. I accept this as my failure and hope you will kindly consider yet another rendition:
    I don't care how you configure whatever browsers you want to use with the HTML DB internal applications or the applications you develop with HTML DB. If you want to mess around with different settings of IE, then it's up to you to understand the implications. I am telling you (again) that your browser must accept and send session cookies from/to the HTML DB host in order for the built-in authentication mechanisms to work. If you find that a particular setting does not allow you to meet those requirements, then you should not use that setting.
    By twisting the login cookie procedure I was trying to give you a new reference for workaround, but you don't understand this also.That is correct. And I refer you to my earlier statement about how devising a "workaround" is the wrong way to think about a situation that calls for nothing more than meeting a clearly stated requirement.
    Scott

  • Weblogic.httpd.session.cookies.enable not working in WLS4.5 sp 11 ?

    I want to disable the use of cookies in WLS 4.5, and set the following
    weblogic.httpd.session.cookies.enable=false
    In WLS 4.5 sp7, this correctly prevents the server from using cookies
    for session-tracking, forcing the extraction of the session id from a
    rewritten URL.
    However, for WLS 4.5 sp11 cookies are still sent from the server
    Is this a known issue ?
    jo

    I want to disable the use of cookies in WLS 4.5, and set the following
    weblogic.httpd.session.cookies.enable=false
    In WLS 4.5 sp7, this correctly prevents the server from using cookies
    for session-tracking, forcing the extraction of the session id from a
    rewritten URL.
    However, for WLS 4.5 sp11 cookies are still sent from the server
    Is this a known issue ?
    jo

  • Can portal session cookies be used between two data centers

    OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
    See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
    resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
    GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
    Accept: */*\r\n
    Accept-Language: en-us\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
    Host: www.thomson-pharma.com\r\n
    Connection: Keep-Alive\r\n
    Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
    \r\n
    HTTP/1.1 503 Service Unavailable\r\n
    Cache-Control: private\r\n
    Content-Type: text/html\r\n
    Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
    Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
    Connection: Keep-Alive\r\n
    Keep-Alive: timeout=5, max=999\r\n
    Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
    Content-Length: 710\r\n
    Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
    \r\n
    Thanks -John

    Hi John,
    This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
    Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
    Regards,
    Peter

Maybe you are looking for

  • Conditional display in textbox based on calculated value

    Hello, I have radio buttons that each have a numeric value. For example A=1 B=2 C=0. In the example below, the total equals 5. The sum is displayed at the bottom of the document and is passed to another text box: Instead of "5" being displayed in the

  • Connecting to MS Access In Windows 7 64-Bit

    Hi. As usual, Microsoft has done its best to make this as difficult as possible. The essence of a solution to this problem that I found at http://sushantnayak.wordpress.com/2010/10/25/connect-ms-access-using-jdbc-odbc-in-windows-7-64-bit/ is as follo

  • Build distribution error - WINNT.H

    When I go to build a distribution for my project I get an error for WINNT.H. It says:     cviincludes.h - 20 errors                   "WINNT.H"[523,10) syntax error; found 'indentifier' expecting ','. In the WINNT.h it highlights a line    __inline U

  • Disable windows start key

    hello, this question is related to the windows operating system only, i have been tryin to look for examples where the start menu key is disabled but i havnt found any so far, has anyone done it before? one of my fren said that i have to use JNI but

  • Subcontracting PO for Non Valuated Material

    Hi, We are taking the customer's material for Job work, which is non valuated material. But for one process we are giving the same material to the subcontractor. We are unable to raise a Subcontracting PO in the system for the same. Because system is