'Security' shows nothing re: cookies
I'm trying to check/remove cookies as I just had a popup that took 20 minutes before it disappeared. It was http://a.tribalfusion, which I've never seen before, so I thought I'd go in & manage cookies & to see nothing had been hacked (as though I'd be able to tell!) The popup went away after I began searching it's URL to see what/who it was.
I've got my settings pretty secure, I think, but am unable to access cookies via Security at all; nothing in there from any available options. Am I missing something?!
Hi Noelene,
Glad that worked out.
scottishlass wrote:
Last question: are you familiar w/this a.tribalfusion? It seems to be a 'High' danger spyware, which I've not had problems w/at all since I switched to Mac 3 1/2 yrs ago.
I'm not familiar with it but a search on "a.tribalfusion" in Google gives a lot of hits. Seems some kind of advertising service used on some sites.
What you can do (all in Safari, so not in System Preferences ):
Make sure in the Safari menu the setting "Block Pop-Up Windows" is checked.
In the Security Screen, where we've been before, make sure to accept only cookies from sites you visit.
Remove all your cookies and restart Safari.
If the problem persists it might be good idea to create a separate topic on "a.tribalfusion". There for sure are people around here who have encountered it and can help you better than I can.
Eric
Similar Messages
-
PHP installed with Apache, php pages showing nothing [SOLVED]
I've followed a couple of guides to install a LAMP stack on my Arch install, and I seem to have done everything correctly (no errors anyway...), but I still can't see anything on my basic phpinfo page.
Viewing source shows nothing.
Is there anything commonly missed out I should be looking for, in order to get it showing properly?
If there's any more specific information I can give, please let me know. I'm new to these forums and realise I'm lacking detail, but any pointers would be greatly appreciated.
Thanks,
Adam
Last edited by tsdadam (2015-02-26 22:03:56)Here's my httpd.conf, I've not moved those lines yet,
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
ServerRoot "/etc/httpd"
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
# Mutex default:/run/httpd
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule dialup_module modules/mod_dialup.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule cgid_module modules/mod_cgid.so
#LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
<Directory />
AllowOverride none
Require all granted
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
<Directory "/srv/http">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Require all granted
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# uncomment out the below to deal with user agents that deliberately
# violate open standards by misusing DNT (DNT *must* be a specific
# end-user choice)
#<IfModule setenvif_module>
#BrowserMatch "MSIE 10.0;" bad_DNT
#</IfModule>
#<IfModule headers_module>
#RequestHeader unset DNT env=bad_DNT
#</IfModule>
LoadModule php5_module modules/libphp5.so
AddHandler php5-script php
Include conf/extra/php5_module.conf -
My created extension built in extension builder 1.5, when installed in inDesign CS6, shows nothing
Hi
Hope everyone is enjoying work.
I created my own extension in CS extension builder 1.5 for inDesign. It runs fine in debug mode with indesign CS5 and CS5.5 but when I tried to run this extension in debug mode with indesign CS6, the extension shows nothing in it. All UI components like input fields, buttons, texts etc are not shown. It stops me debugging the application.
Can anybody help me out?
Thanks and best regards.
SalAre you now using Extension Builder 2.0, or still 1.5?
If you're still using 1.5 then have you set PlayerDebugMode for CSXS 3? Normally CSXS will prevent extensions that are unsigned or have invalid signatures from loading for security reasons. Setting PlayerDebugMode turns that protection mechanism off, and allows the loading of unsigned extensions. Extension Builder 1.5 will automatically turn on PlayerDebugMode for CS5/5.5 (CSXS 2.0/2.5), but not for CS6 (CSXS 3.0), which was released after Extension Builder 1.5. You can turn on PlayerDebugMode manually though:
On Windows: Add a PlayerDebugMode registry key with value 1 under HKEY_CURRENT_USER\Software\Adobe\CSXS.3\
On Mac: Set the PlayerDebugMode key to 1 in the plist file at ~/Library/Preferences/com.adobe.CSXS3.plist
Let me know if that solves the issue.
Best wishes,
--Louis -
How to Set up HTTPOnly and SECURE FLAG for session cookies
Hi All,
To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
I have found the below solutions.
For setting up the HTTPOnly for the session cookies.
1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.httponly = true;
For setting up the secure flag for the session cookies.
2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.secure = "true"
Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
<cfapplication setclientcookies="false" sessionmanagement="true" name="test">
<cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
<cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
</cfif>
But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
Your timely help is well appreciated.
Thanks in advance.BKBK wrote:
Abdul L Koyappayil wrote:
BKBK wrote:
You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
I couldnt understand this. I mean how are you relating this with my question.
When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
Name:
JSESSIONID
Content:
782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
Domain:
xyz.abc.pqr.com
Path:
Send for:
Any kind of connection
Accessible to script:
No (HttpOnly)
Created:
Wednesday, September 3, 2014 2:25:10 AM
Expires:
When the browsing session ends
BKBK wrote:
2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
BKBK wrote:
3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea?? -
i can't see my purchased apps in itunes on new ipad mini. when I go into the itunes store. It shows nothing. I haven't changed my ID or country of purchase. It shows that I would have to rebuy them when I go into the store. Is there something in settings on Itunes I need to change? I do not have cloud.
Yes I am looking in the app store. When I look in Itunes on my computer and look at purchased apps it is there. And when I go on my other device and look at apps purchased all apps are there.
The new ipad doesn't show any apps purchased when I click on apps purchased and when I search the app store it doesn't show it is purchased. I am wondering if I am just missing something...need to turn something on in options or something. Never had this problem with previous ipad when I set it up. -
My iPhone 4 is shut off and wont turn back on, unless i plug it in an outlet & when i do that it says "connect to Itunes" & then i do that and the phone wont turn on & it shows nothing is plugged in . HELP!
& it keeps trying to turn on but it wont . like the apple logo pops up for a minute , then turns off.Had exact same problem. Rang Apple support and various apple repairers. All of them said in effect, too bad, you'll have to lose everything since your last backup. It's a work phone with very important stuff on it and the latest backup was on a computer that had a virus. Convergence of crap :/
Happened to talk to a friend who said to try replacing the battery. Did that. Problem fixed. All data saved.
To all Apple support people: rather than say 'once it's in recovery mode you lose all data' try saying 'replace your battery and see if that works first'!!!! -
I have a ipod classic 160GB , the problem with it is that it is dead no respond at all, i even tried to do a hard reboot, i tried to connect to itunes but it did not work, if somebody has a solution please let me know! the screen on the ipod shows nothing........
This is the iPod touch forum. I will request that you post be moved to the iPod Classic forum.
-
Updated my AppleID account info. Under password security shows an email address to be used to receive email with new password settings. I need to update that email address, how do I do that? Thanks!
Thanks for the help Niel. I couldn't change the rescue email address (an address that no longer exists and is therefore useless) until I could correctly answer the security questions. After numerous guesses, finally got them right. Was then presented with the option to change the rescue email address. Guess the only other option was to have Apple Support make the change or reset my account info. Have made note of the correct answers so this won't happen again. Thanks for the fast response!!
-
If the SSRS is changed to SSL mode and http binding is removed after Reporting Service Point is installed. The Configuration Manager Console shows nothing in Reporting Pane. After digging into this problem, the cause is that the SSRS information has not
been updated in Configuration Manager Database. The following steps are taken for finding the root cause.
1. After changing to SSL, the Reporting Service Point log shows the error as shown in Figure 1.
The request failed with HTTP status 404: Not Found.
(!) SRS not detected as running
Failures reported during periodic health check by the SRS Server DB2.SCJIZHO.COM.
Figure 1
From the error, seems the cause was the Reporting Service Point detected a wrong port. We digged around in Registry and found the information is a Registry key named ReportServerUri at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\SRSRP. After changing the Report
Server address to https. The error is gone as shown in Figure 2. But the issue remains, the Console still shows nothing. It is not a right direction.
Figure 2
2. Open the Console log file, it also shows some valuable information.
instance of __ExtendedStatus
Operation = "ExecQuery";
ParameterInfo = "SELECT * FROM SMS_Site WHERE SiteCode = 'PRI'";
ProviderName = "WinMgmt";
\r\n
[1, PID:3136][04/24/2014 01:46:00] :Property: 'LastModifiedTime'\r\nSystem.Management.ManagementException\r\nNot found \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.PropertyData.RefreshPropertyInfo()
at System.Management.PropertyDataCollection.get_Item(String propertyName)
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObjectBase.get_Item(String name)\r\nManagementException details:
[52, PID:3136][05/11/2014 20:14:15] :[ReportProxy] - User-specified default Reporting Point [PRI.scjizho.com] could not be found, [DB2.scjizho.com] is now the default Reporting Point (Figure 3).
Figure 3
It seems the Console wants to access the old http site and it fails to get into the site for sure. Actually, the Site Configuration information is come from Site Control File and as we all know that ConfigMgr 2012 doesn’t store the Site Control file in the
file system. However, it’s stored in the SQL database (as XML file). The XML file is stored in a view named vSMS_SC_SiteControlXML. This view is a read-only view. We cannot edit it directly. The related table stored the SSRS information for this view is SC_SysResUse_Property.
Running the following query will list the SSRS address. We can see the address is still the old one. This is why the Console shows nothing.
SELECT
name,
value2
FROM dbo.SC_SysResUse_Property
where name
='ReportServerUri'
or name=
'ReportManagerUri'
Remarks:
This article is just to let you know why the Console cannot show the Reports after changing to SSL mode. We do not intend to make you change the table in Database, if you want to change it, you will be at your own risk. The real solution to this situation
is to reinstall your Reporting Service Point.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Ok, but how do you solve this problem? Does uninstalling the RP and adding it back solve this problem?
http://www.enhansoft.com/ -
I got my iPhone 4s screen fixed, now in my Photos it shows nothing, although in my memory usage it shows 10.5gb of photos, thats 2000 photos not showing up. What happened?! Where did all my photos go?!
WOOHOO!!! i finaly fixed the problem. Here is what to do:
Chances are if you did the same thing as me you either have
A) No album names at all for ALL your songs in your library
or
B) Have the same name for every album for ALL your songs in your library.
Here is how to fix it (yah it will take a little work but its worth getting your iPod functioning properly).
Unless you dont want to have to go and actualy set al lthe album names for every song here is what you can do:
Go through to iTunes and arange your songs by Artist name. Click the top song for your first artist, hold Shift and click the last song for that same artist (to multi select all the songs for the artist) go into get info and check the Album box. Copy the name of the artist to the Album box and hit ok.
Now when u update your ipod and go into ur Artists section the actual Artist name should show up instead of the song names.
For some reason having the same album name for all your songs messes up the organization of the iPod.
Hope this helps anyone else that is having the same problem -
Hi! I just update my apple tv 2nd gen to the new solfware but it only show the itunes icon on the tv and after shows nothing on the tv screen. What i can do to fix that?
Welcome to the Apple Community.
If your problem persists get yourself a micro USB cable (sold separately), you can restore your Apple TV from iTunes:
Remove ALL cables from Apple TV. (if you don't you will not see Apple TV in the iTunes Source list)
Connect the micro USB cable to the Apple TV and to your computer.
Reconnect the power cable (only for Apple TV 3)
Open iTunes.
Select your Apple TV in the Devices list, and then click Restore.
(You may already have a micro USB cable if you have a camera or other digital device) -
Hello
I have a number of PDFs that have user permissions. When the files are opened in Adobe Reader the document's restriction summary lists differ and the form cannot be used as intended.
Example Open PDF Properties /Document Protection/ Security/ Show Details Properties/ Document Restriction/Security/Summary (I have changed
the order to make easier for comparison.)
Doc. Open Password NO
Permissions Pass Word YES
Printing High Resolution YES ......................................................................................... .....................................................YES
Changing the Document ALLOWED ........................................................................................... ..........................................NOT ALLOWED
Commenting ALLOWED.......................................................................................... ............................................NOT ALLOWED
Form Fill-in and Sign ALLOWED ......................................................................................... ........................................... Fill ALLOWED........ Sign NOT ALLOWED
Document Assembly ALLOWED............................................................................................ ..........................................NOT ALLOWED
Content Copying NOT ALLOWED.................................................................................. ............................................NOT ALLOWED
Accessibility ENABLED.................................................................................. ....................................................YES (Content copy for Accessibility)
Page Extraction NOT ALLOWED.................................................................................. ............................................NOT ALLOWED
Template NOT SPECIFIED................................................................................ .............................................NOT ALLOWED.
I am mystified why the two lists differ and the document when in use seems to be controlled by the list on the right, which takes away some of the user rights.
Is there an explanation for this. I would have thought that as the documents were password protected for permissions such as commenting and signing Adobe Reader could not change this.
Eric.Yes, thats right. I used Open Office 3 to generate the pdf. I have also tried using pdftk and Adobe Distiller 5 with the same result.
Your statement implies, the 'Adobe Reader' features cannot be fully utilized without a valid Adobe Acrobat Pro.
This is a document to which I have the source. I have been able to create the pdf with the required set of permissions based on standards. But I am being hassled because I didn't generate it with Adobe Pro! Well, I suppose this must have been a business decision, but its one thats standards contrary and morally low!
Adobe just lost an avid Reader user. I shall circulate my findings within my work and social circles. Thanks to competition and open source, I am sure to find a standards compliant reader without much delay.
Thanks for your help - graffiti
Rahul Iyer -
I received a phishing email supposedly from my bank and clicked on url - didn't enter any data though.Bank says to get ipad checked for viruses,but I understood ipad has built in security.I've cleared cookies in safari via settings. Anything else to do?
I know this has been solved as you reported, but I think you need to check with your e-mail provider. Did you also get this same e-mail on your computer? If you use the same ID for e-mail on computer and ipad, it should have appeared on both. It's very common spam. Check your computer to see if on it, the e-mail is in spam, or, if you deleted it on your ipad, check your recently deleted e-mails.
You might want to consider changing your password, though people sending spam, don't need it. My e-mail provider had me change my password, not because I was getting spam, but unknown to me, I was sending it! (You'll still get some spam, though.) It's when you learn that you're unknowingly sending spam...that you must change your password.
Hope this helps.
(Ss I was sending this, I just got an e-mail notification from the Nigerian... it got to my e-mail instead of going to spam.) -
While browsing a Mozilla Firefox alert popped up, stating that I had some activity going on. It said push the start tab to run a test, I did this. The results were that I had a virus (Trojan horse and Malware) on my computer. To fix, it said to download something from Creative Technologies...I did not download - not knowing what it was. My Avira anits-virus software shows nothing. Who is right/trust, and what should I do if I encounter it again???
thank you for your help
gerryIf you suspect malware issue, Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.
* http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
* http://www.superantispyware.com/ - SuperAntispyware
* http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
* http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
* http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site -
My mac mini is running slow. Bought it in 2009. Activity monitor shows nothing running that should not be. Someone suggested it might be my operating system? Check for software updates, and I am current. Suggestions?
Open Activity Monitor, Show:>All Processes, sort on CPU%, see if anything using too much CPU% when this happens, click on Memory tab, do you have many Pageouts?
Open Console in Utilities & see if there are any clues or repeating messages when this happens.
Check the S.M.A.R.T. status of the drive in Disk Utilty by highlighting the Drive & looking at the bottom of the window.
Maybe you are looking for
-
Job getting cancelled with Tbale_illegal_statement dump
hello, Hi Experts, i have a background job scheduled for a standard transaction SARA .it is getting cancelled and giving the following error: "TABLE_ILLEGAL_STATEMENT" Information on where terminated The termination occurred in the ABAP program "SAPL
-
Is their a compatibility problem with iMovie 5.0.2 and QT 7.1.3?
Since purchasing my G5 over a year ago, I have not been able to use iMovie. The video corrupted when I upgraded the QT just as I was finishing a 2-hr travel video. Tech support was unable to help me so I just gave up. It's now nine months later and I
-
Unable to view SQL Instance when install SP2
Hello All, I am trying to update my version of SQL 2012 (Build 11.0.3128) to at least CU2, however whenever I try and run any update package (even up to SP2), I am unable to see my instance to upgrade. I can only see shared features. I am using a Nam
-
TS2756 Is there a way to change the name of my hotspot network from iPhone4 to something else?
I want to change the name of my personal hotspot from iPhone4 to something else. Is this possible?
-
Computer Crashed, Now Safari Won't Open
My laptop overheated once again and I had Safari open at the time. I have used Safari for a while and it was working fine until last week. after the crash, everytime I click on the safari icon it says that Safari has stopped working. I have tried the