Use cookies or sessions or what?

I am using frames on Web Site One, with a frame on Web Site
One pointing to Web Site Two (I own both web sites).
Problem: Web Site Two needs remember variables in the Web
Site Two frame displayed on Web Site One.
When I use cookies on Web Site Two, they work fine when
actually on Web Site Two. But cookies will not work in the Web Site
Two frame on Web Site One.
I have tried using cfcookie with the domain setting, but it
doesn't work... probably because they are completely different
URLs.
I have tried using session variables, which also work on Web
Site Two when on that web site, but not when accessing Web Site
Two's pages in a frame on Web Site One.
Is there a way to retain variables within a frame on Web Site
One that is pointing to a completely different URL? Again, I have
complete access to the coding on both web sites.

Only if you pass the variable in a url in that frame.
Sessions and Cookies (
in many cases the same thing) are domain specific, and not
only would this not be allowed security-wise by the browser, but CF
will attempt to stop it as well.
What you are attempting is basically cross-site scripting.
Passing a variable to the url of each fram ewould be the only
way to send the same variable to a completely different website.

Similar Messages

Urgent: how to use cookies or session in javafx

Hi....
i am new to javafx and need help to learn how to use cookies and session in javafx.i want to create a simple website using javafx.....
Urgent reply is requested
mufaddal

Please correct me if I'm wrong: I think LiveConnect is not supported on IE, and Mozilla has plans to discontinue it.
Didn't an earlier version of JavaFX allow access to the Applet instance, including the AppletContext? Seems to me, just generally, that JavaFX applets are hobbled unless they have that functionality available. Cookies are one example. Also applet parameters, hyperlinks, and the browser status display.
Especially hyperlinks.

Whether to use cookie for session mgmt

i m using session mgmt by getsession ,setvalue& getValue methods.
whether it is necessary to use cookies for it

you don't use get/setValue, you should be using get/setAttribute
you don't need to do anything with cookies. session tracking cookies are inserted automatically.

Use cookies with sessionManagement?

I'm trying to create cookies that I can pass to subsequent
webpages - all of my webpages are controlled by an Application.cfm
file with sessionManagement turned on (enabling session variables).
When a user logs in, I create a cookie for his org name (i.e.
<cfcookie name="orgname" value="#org_name#"
domain=".sprint.com">. With the debugger on, I can see the
cookie set on the login page. However, when I go to another page,
the debugger no longer shows the cookie. I only see CFID and
CFTOKEN.
Are we not allowed to use cookies with session
management?

Are we not allowed to use cookies with session management?
Sure you are. What version of CF. There was some cookie
issues with
older, pre 5.0, versions of ColdFusion.
Are you doing anything on the subsequent pages with the
cookie? I'm not
sure a cookie would show up in debugger on any page if you
are not
writing or reading it on that given page.

Cache file(pdf) in user's browser using Servlet -Cookie, or Session

How can I save a file (pdf) in the cache of a browser (IE 6) in a user's computer? I am using Servlet and Tomcat 4.1.24. PDF file is sitting in server (remote computer) under a URL space.
The idea is to NOT to download the pdf file on user's computer (from the remote server) if the user has a cached copy of the pdf file and pdf file in the server is the same as the pdf file in the browser. If cached pdf is different from pdf in browser, or, if the user does not have that pdf file in cache, then download pdf file from the server.
Can I come up with a way to use Cookie class? Cookie class does not have an API which will let me save a file in it. I could have saved the pdf file in the Cookie with 999999999 setMaxAge. Is storing that pdf file in session the only choice? I do not see session serving my purpose - session should not be valid for a longgg duration e.g. week or month.
Also, how would I create a file whne I am given a URL to that file.
URL fileInServer = new URL("http://www.myDomain.com/myWebApp/PDF/my.pdf);
URLConnection conn = fileInServer.openConnection();
Does getContent() help and what are the steps after that?
Any help with the source code will be appreciated.
Thanks,
Sam
[email protected]

I am NOT creating this PDF file on the fly. This pdf file is sitting in the server (remote machine) under URL e.g. http://10.10.10.xxx:8081/myApp/PDF/my.pdf
I need to check if this pdf file is in the cache in user's computer (differnt machine than the server) and if the cached pdf is the same as the pdf in the server. If that file is not in the cache, or if they are not the same, then, I need to save the pdf file from the server into user's browser cache.
I am writing all that code in Servlet. I can save the file in session. I do NOT know how else can I cache the file, other than saving it in session. I can not think of any setHeader() which will let me save a file in user's browser cache. Headers like If-Modified-Since are of no help, as it does not let me compare file in browser cache with the file in server.
Also, how would I create a file, given a URL to that file.
URL fileInServer = new URL("http://www.myDomain.com/myWebApp/PDF/my.pdf");
URLConnection conn = fileInServer.openConnection();
Do I use getContent()? What are the steps after that?
Thanks,
Sam
[email protected]

Use cookie on client to save session authentication...how?

I am calling a web service that has a login method. It sets a session id in
a cookie. Every subsequent call fails and says I'm not logged in. How do I
save their cookie or session ID such that the server thinks I'm logged in?
Here's the client code (I used clientgen to create jar from wsdl);
DatashareManager dsm = new DatashareManager_Impl();
WebServiceContext wsContext = dsm.context();
WebServiceSession session = (WebServiceSession)wsContext.getSession();
DatashareManagerSoap dsmsoap = dsm.getDatashareManagerSoap();
String result = dsmsoap.login("username", "password"); // this works
EResult result2 = dsmsoap.deleteReusableList(1, "bob"); // this fails 'Not
logged in'
thanks, Michael Lee

see bug id: CR202025
Before the fix, the client can only set the property like:
On the Call object:
call.setProperty(Call.SESSION_MAINTAIN_PROPERTY, "true");
On the Stub object:
(Stub)port)._setProperty(Stub.SESSION_MAINTAIN_PROPERTY, "true");
After the fix, the client can also set the property like:
On the Call object:
call.setProperty(Call.SESSION_MAINTAIN_PROPERTY, new Boolean("true"));
On the Stub object:
(Stub)port)._setProperty(Stub.SESSION_MAINTAIN_PROPERTY, new
Boolean("true"));
"

Please help me-it's urgent,maintaining session and security using cookies.

hi folks,
i presently developing a web site for an engineering colleege ,i am facing prob in maintaining the session using cookies,and destroying a cookie and keeping security to the user,There are four links on my webpage ,including a logout link,when i click the other links other than the logout,it works perfectly,and when i click the logout link,i am not able to disable the cookie and still able to visit previous pages by clicking the back button.please give a suggestion as such to disable the cokie and maintain the security for my web site.
Thank u....

Try out this login if it helps you.
Create a bean that stores some String value. Then make a object of this bean using the useBean tag with session scope when a user logs in. Store the name of the user in the bean and also set the same name value in the Session object. Then on every JSP page compare the value set in the session object with the bean variable (which will be having a session scope). If the value match, then the JSP page output must be displayed to the user. Then on the logout link, invalidate the session object using the invalidate() method of the session class. As a result now when you will try to navigate back to the old JSP page, null will be returned to you when you will try to retrive the name value from the session object. And since this null will not match with the value in the bean, you should not proceed further with generating the output. Hope this help
Nirav ([email protected])

How can I use active user session that's in an application scope Hashtable?

First of all, is it possible to use the same session after a user exits and then returns?
Second, if it is possible, then please tell me what I need to do. So far, this is what I have been doing...
1.) The user submits login credentials
2.) The user is authenticated.
3.) The user does not have an existing session, so a new one is created.
4.) The user closes the browser.
5.) The user returns to login page and submits login credentials.
6.) The user is authenticated.
7.) The user has an existing session, so it should be used.
This is where I'm having trouble. All active sessions for my application are stored in a Hashtable. I have been using <%@ page session="false" %> so that a new session is not automatically created. Each time before I create a new session, I check my Hashtable to see if that user has an existing session. If a session exists for that user, then I would like to continue using that session if possible. I have used the methods request.getSession() and request.getSession(false), but a new session is always returned.
I could create a new session, copy the attributes from the old session(which is stored in my Hashtable) to the new session, and then invalidate the old session, but I'd rather not do that.
Is there a way that I can use existing sessions that I have stored in my Hashtable?

First of all, is it possible to use the same session after a user exits and then returns?No, I don't think so. Let me explain why. When the server creates a session object for each client, it needs to know which client is making the request. Remember that HTTP is a stateless protocol. Every time a client makes a request, it sends some sort of session id to the server to let the server know who is trying to make the request. The server will then check to see if a session object exists for that particular client and if so, it will make sure that the max inactive interval (maximum time alloted for that client's session) has not been exceeded. If every thing is okay, then the client can access the session object to get values that were previously placed there. There are many ways that servers try to keep track of clients. One way is to have the clients write the session ID using cookies. But, many people like disallow cookies. So some servers do what is known as URL rewriting. That is, they will write the session ID on the end of the query string. This can also be accomplished programmatically, but it can be taxing to do. Anways, the point is that the client and the server have to have some sort of link between each other and that link is the session ID. So, if the browser is closed, the session ID is lost. That particular client will be forced to get a new session ID the next time the following code is executed:
//create a session object and set its values
HttpSession session = request.getSession(true);>
Second, if it is possible, then please tell me what I
need to do. So far, this is what I have been doing...
1.) The user submits login credentials
2.) The user is authenticated.
3.) The user does not have an existing session, so a
new one is created.
4.) The user closes the browser.
5.) The user returns to login page and submits login
credentials.
6.) The user is authenticated.
7.) The user has an existing session, so it should
be used.If you really want to do something like this, you could make up your own ID and store it as a cookie on the client. I've never tried anything like this before so you would have to do your own research. Are you sure you want to do something like this. There is a reason why it works the way it does. There is also a reason why you want to keep the session timeout value some what small. Let me give you an example of some craziness with sessions. A client we once had wanted to keep their sessions open for 4 hours because they said there clients simply did not like to log in all the time. I nearly gasped when I was told we needed to do this. When you make the session time out large (i.e. the maxInactiveInterval( )), then session objects stick around longer in the server. Let's say a client logs into the server and receives a session object. Then, the client makes a few requests. The server knows to keep the session alive as long as the time between requests has not exceeded 4 hours. Then the client closes the browser. How is the server suppose to know that the browser was closed. Well, it doesn't. It just knows to check times between requests. So, that particular session object won't be garbage collected until the session times out. What if a whole bunch of clients did this. Yucko. The server would have a whole bunch of session objects living in memory. What a waste. This is all above and beyond the typical security problems that can arise from having a session open for so long. To make a long story short, you really shouldn't do what you are trying to do unless it is the nature of the app.
>
This is where I'm having trouble. All active sessions
for my application are stored in a Hashtable. I have
been using <%@ page session="false" %> so that a new
session is not automatically created. Each time
before I create a new session, I check my Hashtable
to see if that user has an existing session. If a
session exists for that user, then I would like to
continue using that session if possible. I have used
the methods request.getSession() and
request.getSession(false), but a new session is
always returned.
I could create a new session, copy the attributes from
the old session(which is stored in my Hashtable) to
the new session, and then invalidate the old session,
but I'd rather not do that.
Is there a way that I can use existing sessions that I
have stored in my Hashtable?

Firefox always uses the same session id

Hi,
our company changes standard browser from IE6 to Firefox 3.5.10 .
Now we have great problems with with our ColdFusion application when running it inside Firefox ,because Firefox doesn't create new session id
when working in two tabs or two windows. It always uses the same cfid and cftoken.
So it is not possible to work with two different sessions.
IE6 always creates new session id when opening new window.
Has somebody solved this problem? It is very urgent!!!
regards
Claudia

I suspect that this is browser issue, not a server-side (CF) issue. In order to support different cookies in different tabs you will probably need to try to find a Firefox extension to change how the browser uses cookies.
This extension is advertised as doing what you need. Note that I have never used this product.
http://www.nektra.com/products/cookiepie-tab-firefox-extension

ApplicationPoolException: JBO-30006: The cookie for session

Hi
Presently we are using the followings s/w for our product development:
1.     JDeveloper 11g (11.1.1.0.2) - yet to migrate to JDev 11g R1 (11.1.1.1.0)
2.     Weblogic 10.3.0
3.     Target Browser Client is IE7 – and to extend to FF3+
Now we have completed few of the modules and is in the process of moving to Customers Beta Env. During our testing we are getting some sort of JBO errors (server log) and the browser displays ‘Cancel or Retry’ message.
A portion of error message from the stack trace has been pasted below
oracle.jbo.common.ampool.ApplicationPoolException: JBO-30006: The cookie for session 0K5ZKVDL7wNcJ2qXTkQhjCQvq0sJSykgnV8P0WQMvNqdbF9QdThk!1335475191!1247101864354 and application 378381615_1_PcmsSysDataControl_$beandc$_ is not a valid handle for application pool, InternalDCAMs. The cookie may not be used to access this pool instance.
at oracle.jbo.common.ampool.ApplicationPoolImpl.validateSessionCookieInPool(ApplicationPoolImpl.java:3496)
at oracle.jbo.common.ampool.ApplicationPoolImpl.removeSessionCookie(ApplicationPoolImpl.java:769)
at oracle.jbo.common.ampool.SessionCookieImpl.removeFromPool(SessionCookieImpl.java:609)
at oracle.jbo.common.ampool.SessionCookieImpl.destroy(SessionCookieImpl.java:528)
at oracle.jbo.common.ampool.SessionCookieImpl.timeout(SessionCookieImpl.java:586)
at oracle.adf.model.bc4j.DCJboDataControl.releaseImmediateAMUnmanaged(DCJboDataControl.java:2414)
at oracle.adf.model.bc4j.DCJboDataControl.releaseApplicationModule(DCJboDataControl.java:2324)
The present scenario:
1.     ADFModel1.jar - An ADF Model Project contains a set of views to be used across multiple Model projects by Importing Business Components.
2.     ADFModel2.jar - This project uses ADFBC import from the above model project – ADFModel1.jar
All the view implementations are available here as the Core Model
3.     ADFModel3.jar - Imports ADFModel2.jar – used as a Customization layer (refer error message above - PcmsSysDataControl)
4.     ViewController.war - Contains all the JSPX, Page Defs, Html, JS, CSS, Images
Both ADFModel3.jar and ViewController projects are under a separate .jws (Application Workspace) and running as a separate application. Similar way all other applications have been modeled.
Both ADFModel2 and ADFModel3 has the DataSource Names defined. Please help us to resolve this issue.
If you need any more info, please let me know
Krish

have you ever solved the problem? I have a similar issue on Linux RedHat with a load-balanced cluster of Tomcat. The strange thing is that only one of the servlets always issues the problem. The incriminated app module is created with "Configuration.createRootApplicationModule..." and released at the end. I have a similar servlet that creates the same app module with the same command and has no problems.
The ADF Team, what does it say about?
Thanks

Is there a way of not using cookies or "customized" url's? (servlets+jsp)

Hi there.
I'm wondering if there's an already implemented way of establishing a session without using cookies or url withs session id variables. Maybe it's possible uging IP to know wich computer is connected along with something else.

Actually, I don't hace any requierements to use only IP but I'm learning to develop web apps in general and this is a doubt I've been having for a while.
I guess IP+browser+screen res.+something else could work.
Someone would possibly want to use this so the browser user, even with some skills wouldn't know he's being tracked.
Maybe I have this doubt because I always hear about all the tracking done by companys for several purposes. But I'm not sure.
Anyway, all this started when I started reading about sessions and users loging in.
Now. My real doubt is: What kind of tracking should be used and how should it be done?

How do I use cookies to control which part of the timeline to play from?

Hi there,
I have created an animation with Adobe Edge. My site uses Concrete5 and I am pulling in the Edge content into an IFRAME on my home page (there my be a better way to do this and I'm open to suggestions). I want the animation to play from the start when someone first visits the site, but if during their browser session they navigate back to the home page, I want the animation to only play a shorter segment of frames near the end.
My question is, how do I use cookies to acheive this? I'm new to javascript/jquery.
I've included the following code on compositionReady, (found in another post on this forum) but don't have a clue how to continue...
// insert code to be run when the composition is fully loaded here yepnope( { nope:[ '/js/jquery.cookie.js' ], complete: init } ); function init() { //create your cookie's initial values here }
My temp site is here - http://79.170.40.43/nutcrackerdesign.co.uk/
On revisting the homepage, I only want to play from when the green 'How can we help?' button drops in.
Many thanks!
Russ

Hi, Russ-
I found this article, which seemed really helpful in describing how cookies work in JavaScript:
http://www.quirksmode.org/js/cookies.html
Remember that JS works just fine within Animate, so on your compositionReady, you can read your cookie and then set the play based on that. You should probably uncheck the autoplay for your Stage and control the play of your Stage from the compositionReady.
Good luck!
-Elaine

My software is STUCK on "Retrieving current session status" What is this and how do I fix it? i am not able to convert any files at all!! Please help!

My software is STUCK on "Retrieving current session status" What is this and how do I fix it? i am not able to convert any files at all!! Please help!

Hi JulietaQ,
In order to help you better.
Please let me know which application or Service of Adobe you are using. If this is subscription i would request you to log-out and log-in back and let me know if that helps.
~Ajlan Huda

Issue at login page using cookies

Hello all
I have some issue with my first cookies-jsp.
Basically i have a homepage and i would like it to prompt a login form in case no cookies are found, and display the userName in case a cookie is found(and stored the name)
In case the user have to log in, the data entered in the form are sent to a "Register" servlet.
I will paste both the jsp and the servlet code, in the bottom i will explain then the problem
The jsp
<body>
        <h1 align="center" style="font-style:italic; color:olive">Welcome</h1>
        <%
        Cookie[] cookies=request.getCookies();
         if(cookies==null || cookies.length==1){
        %>
        <form action="Register" method="post">
        <table cellspacing="5" border="0" align="center">
           <tr>
               <td align="right">Name:</td><td align="right"><input type="text" name="name"></td>
           </tr>
           <tr>
               <td align="right">Email:</td><td align="right"><input type="text" name="email"></td>
           </tr>
           <tr>
               <td align="right">Submit</td><td align="right"><input type="submit" value="submit"></td>
           </tr>
        </table>
        </form>
        <%
          else {
         String cookieName="userName";
         String cookieValue="";
          for(int i=0; i<cookies.length; i++){
              Cookie cookie=cookies;
if(cookieName.equals(cookie.getName())){
cookieValue=cookie.getValue();
%>
<h3 align="center" style="font-style: italic; color:#6666FF">Welcome back <%=cookieValue%></h3>
<%
%>
</body>
The servlet (the relevant part, the doPost() method):protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//get the user details
String name=request.getParameter("name");
String email=request.getParameter("email");
//create the cookie and add to response
Cookie userName=new Cookie("userName",name);
userName.setPath("/");
userName.setMaxAge(60*60*24);
response.addCookie(userName);
//prepare for forwarding
String url="/home.jsp";
RequestDispatcher dispatcher=this.getServletContext().getRequestDispatcher(url);
dispatcher.forward(request,response);
The problem is that when i enter the userdetails the first time in the form (because no cookies was found), the login page with the form is redisplayed, and if i click on refresh or reclick on th submit button then the message with the name is displayed.
I dont understand this behaviour, since the amount of cookies after the first login is made will be "2", the homepage with the username should be redisplayed and not the one with the login form.
Any advice?
p.s:
the if(cookies==null || cookies.length==1){ its to prevent that the jsp will consider the JSESSIONID as "logged in" cookie
Edited by: enrico on Jan 23, 2011 10:36 PM

Turn off the cache in your browser or set an expire header in your servlet.
Also, you might want to consider using the servlet session instead of manipulating the cookie directly.

How do you get firefox 4 to save tabs and windows and restore them? Don't say set preferences to open them on startup or use restore previous session under history; those do not work. Or is it no longer possible to save windows and tabs?

Question
How do you get firefox 4 to save tabs and windows and restore them? Don't say set preferences to open them on startup or use restore previous session under history; those do not work. Or is it no longer possible to save windows and tabs?

'''IT'S A EASY AS IT SHOULD BE.'''
This is essentially paulbruster's answer, but I've added the steps some might assume, but which aren't so obvious to those of us who are new at this, like me.
This solution might ''appear'' to be long and complicated, but after you follow the directions once, you'll find it's quick, clean, and simple. Almost like they designed it this way.
# If you haven't already, open a bunch of tabs on a few different subjects.
# Click the List All Tabs button on the right side of the tab strip.
# Select Tab Groups.
# Create a few groups as described [http://support.mozilla.com/en-US/kb/what-are-tab-groups#w_how-do-i-create-a-tab-group here] , i.e. just drag them out of the main thumbnail group into the new groups they create.
# Now click on any thumbnail in any new group, but not the original big default group you may have left some tabs in.
#A regular Firefox window will open, but'' only the tabs in that group will be visible.'' You also now have the Tab Groups button in the tab strip.
# Right click on any tab, and there it is: Bookmark All Tabs. Click on it in the list of options. Or you can hit Ctrl+Shift+D instead and go straight to the dialogue box from the tab without any clicks. But don't go looking for this familiar option anywhere else, 'cause it's not there.
# Now pick an existing folder or create a new one just like you would have before and '''shlpam!''' there they are. New folders are supposed to end up in the Unsorted category all the way at the very bottom, but for some reason mine show up at the bottom of my last sorted category.
# DO NOT CLICK THE UPPER-RIGHTMOST X to close this group of tabs. This will close ALL of your tabs in all groups, currently visible or not. At least it asks if you're sure first. Instead, click your new Tab Groups button to return to the Boxes 'O Thumbnails window, and click the X in the group box you just bookmarked.
# Click on another thumbnail to repeat the process with another group, or click on a thumbnail in the big default box to return to the original FF window. You can also click the Tab Groups button at the upper right, or Ctrl+Shift+E, which will also get you ''into'' the Boxes 'O Nails window ''from'' FF.
# So now when you reopen FF after shutdown, simply select your folder from your Bookmarks and Open All in Tabs. '''Just like paulbruster said. '''

Use cookies or sessions or what?

Similar Messages

Maybe you are looking for