Session variables change at each request

Hello

We have a problem with session variables (jsessionid), is to change a page to another page, and also when we page.code to referesh worked well on other servers. When we moved to problem of production server came.

In application.cfc, we used the settings below.

this.applicationTimeout = CreateTimeSpan (4, 0, 0, 0);

This.clientmanagement = false;

This.loginstorage = "session";

This.sessionmanagement = true;

This.SessionTimeout = CreateTimeSpan (0, 0, 20, 0);

this.setClientCookies = true;

this.setDomainCookies = true;

this.scriptProtect = 'all ';

In the coldfusion administrator allowed us to use"J2EE session variables", 'application variables',the session variables.and we also added "

"Dcoldfusion. sessioncookie. HttpOnly= true "in the Java virtual machine.

Details of the operating system: windowsserver2008R2

Coldfusionserver: 9.0.1,274733

Is it related to sessionfixation question? All other things we need to verify or add? Please let me know.

Thank you

We have solved the problem, in the jrun.xml configuration file there is the "cookie-config" section that we have removed:


true
true

Tags: ColdFusion

Similar Questions

  • Session variable changes from one page to the other in firefox

    I build the site http://www.carpet-n-rug-cleaning.com and I put the privileged service area using a session. If you visit the website and goto the page areas of service to select a service area and the swithch between the home page and any other page of favorite sector changes. This only happens in firefox and only during the passage of the homepage located to another page. Thanks in advance.
    http://www.dominanrt-domains.com

    I found that the problem was with the prefetch of Fire Fox. I added the following to my htaccess file to attach:

    RewriteEngine on
    RewriteCond % {HTTP:X - moz} prefetch
    RewriteRule. . [F, L]

  • The many variables at each request load performance

    Hello fellow CFheads.

    My web application customized for each of my clients based on a preferences file that is called at the beginning of each page by using Application.cfm. The file is basically just a < cfscript > containing a list of variable names/values which defines the various parameters, values and allows or to turn off features.

    For example:

    SiteName = 'my website '.

    ActivateCalendar = 'yes '.

    ActivateOnlineStore = 'no '.

    Etc...

    Currently, there are about 250 varying preferences with each request and I wonder when I should be concerned about performance with loading problems of so many variables (100? 500? 1000?). Don't you think it's something I'd be worried or do you think that a list of variables loading would take such a small performance hit that I would not be concerned at all?

    Curious to hear your thoughts and comments.

    Two suggestions here:

    1. Put all these things in a single structure.  This makes it much easier to deal with.  Like ColdFusion hands you a predefined structure named, say, SHAPE, you use the same technique to keep all these maybe - hundreds of distinct values ' in a 'bag' ".". " The implementation used in ColdFusion is directly comparable to the "hash" under different words to fashion in different languages.  You must not fear a drop in performance ',' even with thousands of keys: the only reasonable vulnerability is "stolen".
    2. Avoid putting massive data quantities in things that could reside in RAM.  By 'massive', I'm not talking of, say, "more than a few tens of kilobytes," and of course, it depends also just the amount of user traffic simultaneous your site may need to manage in real life.  For example, if one of the elements that you process could be "a document of size arbitrarily", you'll want to be storage in a database and now a kind of "handle" or "nickname" in your Application or Session-pools of data, just to be able to find him.

    While ColdFusion is somehow a structurally weak language in this regard, I would consider placing the preferences management functionality in a single CFC that can be shared by all.  Should the application a day need to be changed, it is highly desirable to be able to do it in one place.

  • Create Unique Session Variable based on the login page

    Hello:

    I'm building a dynamic website with Dreamweaver CS5 with Coldfusion 9.

    My question is how can I set a session variable to read a certain value. It is currently when my clients go to the login page they enter their username and password. I was able to create a session variable that contains the user name as value. So in all their pages read Welcome website "all that was their connection username. Now, I want to get the session variable to read the same table but the different FullName field. This way, that the web pages will say Welcome "FullName (based on their login user name)" I tell myself that I have to configure a query parameter, but after trying and failing for four hours to produce a successful result, I resorted to post my problem here. I appreciate the help and advice.

    My information:

    DataSource = Table 'Access' = 'Logininfo' (current) land (for the session variable) = 'User_name' (desired) field (for the session variable) = "full name".

    Currently using (server behaviors: Variable de Session) MM_Username on each relevant page for the user.

    My sign in page code is as follows:

    Head:

    < IsDefined ("FORM.username") cfif >

    < cfset MM_redirectLoginSuccess = "members_page.cfm" >

    < cfset MM_redirectLoginFailed = "sorry.cfm" >

    < "MM_rsUser" datasource = cfquery name = "Access" >

    "SELECT AccessLevels FROM Logininfo WHERE username, password, username, FullName is < cfqueryparam value =" "#FORM.username #" cfsqltype = "cf_sql_clob" maxlength = "50" > AND password = < cfqueryparam value = "#FORM.password #" cfsqltype = "cf_sql_clob" maxlength = "50" >

    < / cfquery >

    < cfif MM_rsUser.RecordCount NEQ 0 >

    < cftry >

    < cflock scope = "Session" timeout = "30" type = "Exclusive" >

    < cfset Session.MM_Username = FORM.username >

    < cfset Session.MM_UserAuthorization = MM_rsUser.AccessLevels [1] >

    < / cflock >

    < cfif IsDefined ("URL.accessdenied") AND false >

    < cfset MM_redirectLoginSuccess = URL.accessdenied >

    < / cfif >

    < cflocation url = "' #MM_redirectLoginSuccess # ' addtoken ="no">"

    < cfcatch type = 'Lock' >

    <! - the timeout of cflock management code - >

    < / cfcatch >

    < / cftry >

    < / cfif >

    < cflocation url = "' #MM_redirectLoginFailed # ' addtoken ="no">"

    < cfelse >

    < cfset MM_LoginAction = CGI. SCRIPT_NAME >

    < cfif CGI. QUERY_STRING NEQ "" > "".

    < cfset MM_LoginAction = MM_LoginAction & "?" & XMLFormat (CGI. QUERY_STRING) >

    < / cfif >

    < / cfif >

    Body:

    Connection < h1 > < / h1 >

    < p > please enter your login information the registration form in order to access your member account page. < /p >

    < form ACTION = "" < cfoutput > #MM_loginAction # < / cfoutput > "method ="POST"id ="login"> < table width ="auto"border ="0"align ="center">"

    < b >

    < td > < label for = "username3" >

    < div align = "right" > user name: < / div >

    < / label > < table >

    < td > < span id = "sprytextfield1" >

    < input type = "text" name = "user name" id = "NomUtilisateur2" accesskey = "n" tabindex = "10" >

    < span class = "textfieldRequiredMsg" > a value is required. </span > < / span > < table >

    < /tr >

    < b >

    < td > < label for = "password" >

    < div align = "right" > password: < / div >

    < / label > < table >

    < td > < span id = "sprypassword1" >

    < input type = "password" name = "password" id = "password" accesskey = "n" tabindex = "15" >

    < span class = "passwordRequiredMsg" > a value is required. </span > < / span > < table >

    < /tr >

    < b >

    < td colspan = "2" > < div align = "center" >

    < input type = "submit" name = "submit" id = "submit" value = "Login" accesskey = "n" tabindex = "20" >

    < / div > < table >

    < /tr >

    < /table >

    < / make >

    < script type = "text/javascript" >

    var sprytextfield1 = new Spry.Widget.ValidationTextField ("sprytextfield1");

    var sprypassword1 = new Spry.Widget.ValidationPassword ("sprypassword1");

    < /script >

    I'm sure it is something simple and will show my status as a rookie for the asking, but thanks for your help!

    A session variable is also the best route to go? I'll use this to query databases to display and allow them to change contact information, also show their invoices and request services.

    I don't know CF so forgive me, but you can create a session for fullname variable or use a query on your pages to filter the data WHERE username = user session variable. Looking at your code, it looks like you can add a session to the full name variable here:

  • security question about session variables

    Is it possible for a user to have access to modify session variables that are stored on their computer?  Like lets say I stored a session variable on the computer of someone who was < cfset session.number = 100 >, they would be able to change this session variable to be a different number?

    Thank you

    Ben

    Uh, no.

    Because the session variable is NOT stored on the client system.  It is stored on the server.

    What is sent to the client is a token that is sent with each request which allows the server to know what requests belong with what session data.

    By default, this token is a set of cookies called CFID and CFTOKEN but can alternatively configure ColdFusion to use a different cookie called JSESSIONID.  The latter has the advantage of being a memory cookie that is ignored when the browser closes automatically and being common to JRUN JSP sessions if ever, we need coordination with such a system.

    There are known risks if someone guesses any token existing and currently available on the server they can divert from this session.  It's a little more risky if one chooses to use get (URL alias) variables for cookies rather than chips.  But few bother with this option, these days.

  • Scripts of connection and SESSION variable.

    For decades, I've used the line "if/i ' % NomSession: ~ 0, 8% '==' ICA - tcp #" OUTPUT "to prevent login scripts running on Citrix servers. I also used other variants of "if/i ' % NomSession: ~ 0, 8%"=="RDP - tcp # ' and if/i"% sessionname "is" console"in scripts." Recently, these scripts began to behave badly and I discovered that the SESSION variable is no longer available when running it of login scripts. The SESSION variable does not get set until later. Once my desktop, I can open a DOS command prompt and see the SESSION variable. I suspect a fix released last month, 6/2016 led to this change in behavior. BTW, Windows XP systems do not have this problem

    I already get a work around for this, but I'm curious if anyone else has seen this and they know patch that caused it.

    FOR INFO. The solution is to add this stuffed animal at the beginning of my scripts. "

    If 'NOMSESSION % '==' ' for /F "tokens = 2" % in ("user request ^ |") "." trouver/i "% username %" ') set NOMSESSION = % f

    "

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    If you give us a link to the new thread we can point to some resources it

  • View a session variable in the jspx page.

    Hi, I followed the code to get the session variable in my AMImpl.
            ADFContext afc =
            (ADFContext)ADFContext.getCurrent().getSessionScope().put("desc", vor.getAttribute("Description"));
Strinf desc = (String)ADFContext.getCurrent().getSessionScope().get("desc")
    I need to show the desc in my Jspx Page

    Hello

    as you do this:

    1. create a bean managed within the scope of the request
    2. create a pair of methods setter/getter for a property (variable) "desc".
    3. provide the Get accessor as

    return (String) ADFContext.getCurrent () .getSessionScope () .get ("desc")

    4. Optionally, you can use the Set accessor to change the session attribute value
    5. in the page using #{managedBeanName.desc}

    Frank

  • Session variables J2EE &amp; random ID of Session no

    Our server keeps the failure of our compliance PCI because of the Session ID being non-random test.

    Description: Web Server uses no random Session ID Synopsis: the remote web server generates predictable session IDS.      Impact: The remote web server generates a session for each connection ID.  Usually, a session ID is used to track the actions of a user while there visiting a web site.  The remote server generates non-random session IDS.  An attacker could use this flaw to guess the session ID to other users and steal their session.  See also: http://pdos.csail.mit.edu/cookies/seq_sessionid.html received data: send several requests gives us the following session ID: CFID = CFID = CFID = CFID 896746 896745 896744 = CFID = 896748 896747 resolution: Configure the remote site and CGI to use the random session ID.       Risk factor: Medium / CVSS2 Base Score: 6.4 AV:N / AC:L / to the: N / reports / I: P / A:N

    We use which I was so the more secure option. There is another thing you have to do to ensure that the Session ID is non-random, or is it the compliance test pick up on a false positive?

    P.S. This is a recent migration to CF10, don't know if that has anything to do with it.

    Even if you have sessions enabled JEE, CF will continue to create CFID and CFToken cookies unless you tell her to not do.  It does this for use with the CLIENT scope.

    If you do not use the scope of client for nothing then you can safely stop CF say setting these cookies to the client.

    If you use Application.cfc, then add this to your pseudocontstructor box:

    If you use Applicaiton.cfm, then I begrudingly tell you to add this to your tag

    If you use the scope of client, then you may be out of luck and need to reimplement everything you are using the scope of client for the use of the session extends its scope instead.

    Jason

  • Help with the session variable PHP CS5.5 - Please

    Hi all

    I am needing a little help with the help of a session variable, and I hope someone can point me in the right direction.

    I created a PHP page that uses the Dreamweaver 'User authentication' feature and the basics of this works very well, to direct a user to the correct page depending on whether they are or are not a valid user. I want to customize the page 'user valid' with people, user name entered in the authentication of the user table... a seemingly simple task using a session variable, but I just seem not to be able to make it work!

    The generated code for the AU on page 1 is the following:

    <? PHP

    Validate request to connect to this site.

    If (! isset {})

    session_start();

    }

    $loginFormAction = $_SERVER ['PHP_SELF'];

    If (isset($_GET['accesscheck'])) {}

    $_SESSION ['PrevUrl'] = $_GET ['accesscheck"];

    }

    If (isset($_POST['txtfirst_name'])) {}

    $loginUsername = $_POST ['txtfirst_name'];

    $password = $_POST ['txtsurname'];

    $MM_fldUserAuthorization = "";

    $MM_redirectLoginSuccess = "member_update.php";

    $MM_redirectLoginFailed = 'login.php ';

    $MM_redirecttoReferrer = false;

    @mysql_select_db ($database_panto, $panto);

    $LoginRS__query = sprintf ("SELECT firstname, name OF web_access WHERE firstname = %s AND family name = %s",

    GetSQLValueString ($loginUsername, "text"), GetSQLValueString ($password, "text"));

    $LoginRS = mysql_query ($LoginRS__query, $panto) or die (mysql_error ());

    $loginFoundUser = mysql_num_rows ($LoginRS);

    If {($loginFoundUser)

    $loginStrGroup = "";

    If (via PHP_VERSION > = 5.1) {session_regenerate_id (true) ;} else {session_regenerate_id() ;}

    Declare two session variables and assign them

    $_SESSION ['MM_Username'] = $loginUsername;

    $_SESSION ["MM_UserGroup"] = $loginStrGroup;

    If (isset($_SESSION['PrevUrl']) & & false) {}

    $MM_redirectLoginSuccess = $_SESSION ["PrevUrl"];

    }

    Header ("Location:".) $MM_redirectLoginSuccess);

    }

    else {}

    Header ("Location:".) $MM_redirectLoginFailed);

    }

    }

    ? >

    First of all, the text highlighted in red above seems to be setting the session variable that I need. Is this correct?

    If so, what is the code that I need to put on page 2 to use this session variable? or

    I have to do something else on the page 1 to correctly assign the session variable?

    Would be very grateful for your expertise

    Mark

    It seems that you put the columns incorrectly in the user authentication server behavior. This is the SQL query that checks the credentials of the user:

    $LoginRS__query = sprintf ("SELECT firstname, name OF web_access WHERE firstname = %s AND family name = %s",

    GetSQLValueString ($loginUsername, "text"), GetSQLValueString ($password, "text"));

    You are looking for first name and last name, while you should look for the user name and password of the user.

    $_SESSION ['MM_Username"] is a session variable that stores the login name of the user. To use it in a page, all that is needed is the page start with session_start(). You can then echo the value to display.

    If you want to display the person's true name, you must create a recordset in the second page, use of $_SESSION ['MM_Username'] to search for the first name and the patronymic. Alternatively, you can change the code like this (I copied only part of it):

    $LoginRS__query = sprintf ("SELECT firstname, surname OF web_access WHERE firstname = %s AND password is %s",

    GetSQLValueString ($loginUsername, "text"), GetSQLValueString ($password, "text"));

    $LoginRS = mysql_query ($LoginRS__query, $panto) or die (mysql_error ());

    $loginFoundUser = mysql_num_rows ($LoginRS);

    If {($loginFoundUser)

    $loginStrGroup = "";

    $row = mysql_fetch_assoc ($LoginRS);

    $_SESSION ['full_name'] = $row ["FirstName"]. ' ' . $row ['name'];

    If (via PHP_VERSION > = 5.1) {session_regenerate_id (true) ;} else {session_regenerate_id() ;}

    Declare two session variables and assign them

    $_SESSION ['MM_Username"] = $loginUsername;

    $_SESSION ["MM_UserGroup"] = $loginStrGroup;

    You can then use $_SESSION ['full_name'] in a page which begins with session_start().

  • Need help: understanding of the Session Variables

    Greetings-

    Maybe I'm just not understand how function of session variables and
    I hope that someone here can help me to do so.

    I am trying to establish an auto-dialing for a client process report
    so when a person displays an online report, a number of declaration is
    generated and stored in a variable session and when information
    is submitted, download number of report and the additional information provided
    a database. Everything seems to work as expected, except for this.

    I use an application.cfm file to define the session management and to create a
    Report number and set this number to a session variable.

    When the person opens the report form page, there is a teaching section
    for their study, followed by a 'Proceed' button to go to the next section of the
    page.

    When they click on the "Continue" button, is when the number of report which is held in a
    session variable (application.cfm) should insert in a hidden for later form field
    upload, which seems to happen.

    Now for the part that I don't understand. I thought that both a session
    had not expired, the session variable would remain in use and so if
    the report page has been updated (reloaded) of the same session would be variable
    be used.

    What I feel, is that whenever the report page is to be regenerated,
    a new report number is loaded in the session variable. I'm not
    understand how to work the session variables? Am I missing some criticism
    piece of coding or point here?

    I have included below the structure of folders and files used in the process
    for review.

    Thanks in advance for any help to do this work.

    Leonard B

    ===============================================
    ===============================================

    Folder structure
    area/reports
    -area/reports/input /.

    Files
    -domain/reports.cfm <-Entry Point for dealing with the
    --domain/reports/application.cfm
    --domain/reports/input/report_form.cfm

    ====================
    application.cfm

    < name cfapplication sessionmanagement = "yes" ' LanceApp"=
    SessionTimeout = "#CreateTimeSpan (0,0,20,0)" # ""
    applicationtimeout = "#CreateTimeSpan (0,0,2,0) #" >

    < cfset DSN = "datasource" >

    < name cfquery = "getnumber" datasource = "#DSN #" >
    SELECT report_number
    OF report_numbers
    < / cfquery >

    < cfset Session.report_number = #getnumber.report_number # >

    < cfif getnumber.recordcount IS 0 >
    < name cfquery = "insertnumber" datasource = "#DSN #" >
    INSERT INTO report_numbers (report_number) VALUES (1)
    < / cfquery >
    < cfelse >
    < / cfif >

    < name cfquery = "updatenumber" datasource = "#DSN #" >
    UPDATE report_numbers
    SET report_number = report_number + 1
    < / cfquery >

    ====================
    report_form.cfm

    < cfparam name = "Button" default = 'Start' >

    < cfif #Button # is 'Start' >

    < action = "report_numbers.cfm cfform" method = "post" enctype = "multipart/form-data" > "
    < input type = "submit" name = "Button" value = "Proceed" / >
    < / cfform >

    < cfelseif #Button # is "Proceed" >

    < div style = "padding: 5px 5px 15px 50px" >
    #Session.report_number # < cfoutput > < / cfoutput > < / div >

    < / cfif >

    Quote:
    Posted by: Leonard B
    Hi Dan,.
    Thanks for the answer, let me clarify what is the goal. This process of numbering
    is a public service organization. The goal is not to create a primary key.
    but to establish a process of sequential numbering to fill online reports that
    can be reset to zero at the beginning of each year.

    I'm certainly open-minded for doing things in a more easy way and if you have a
    easier, I'm all ears or should I say all eyes. However, with the requirement of
    reset the process back to zero, I couldn't get to any other way of
    treatment of the task at hand.

    Thank you

    Leonard B

    "In this case he would stil be easier to run the following code" number "just before you insert your data. What you have said so far, it's the only time where you really need it.

    But if you want to stick with the application.cfm approach, there is a difference in what you say you do and what your code is showing. You say "I checked to see if the session variable has been set and he has been.", but I don't see any if/else logic in the part of your application.cfm code where you set the variable. Remember, the code runs on each page, including request refreshes.

  • Help to update session variables

    I have a page "update account" where a user can update their account. I am using session variables, but may not know how to perform the update and reset session variables. Of course, if a user is on the site, session variables are used, so I'm confused.

    I posted a similar message a few weeks back, but never had what I was looking for. In any case, I've posted the code below with a few notes:

    I have attached the code, it is quite long.

    You can see that I want to use a single page (action = "#CGI.script_name #"), but having to do with a second page would agree. Also, I'm not updated each variable field and database session. For example, the fields JoinDate and birth date and session variables are left alone.

    Thank you.

    Doug, I have probably 20 different books, I need to read, still only use them for reference, so I know what you're saying...

    you want to store all this information of Member to the sessions, that's what I say...
    in the table of your members, your Member ID (what is a user name or an incremented number?) either or, you can save that, as the single session var. so whenever you need to refer to it, have a query to get...


    SELECT FullName, username, password, SecurityQuestion, SecurityAnswer, Email, Email2, date of birth, address.
    Address2, city, region, PostalCode, country, phone, telephone2, PostalCode2, list mailing, MemberID, Mem berRoleID
    Members
    WHERE MemberID = #SESSION. Member ID #.

    But whatever it is, that this number can NEVER change, they must never have the opportunity to change it. This is their unique identifier, even better, you can store it in a COOKIE on their machine so he can remember who they are when they come to the site.

    using this method, when a user needs to update their information, their cookie or session.memberid never changes, and there is no need to change in the workplace application session variables. Just do a query UPDATE to update your database and a query on the db to get the information from user with their uniqueID

  • IsDefined / Session Variable / application.cfm - does not

    Greetings-

    If someone can throw a glimpse as to why the second
    scenario below does not work like the first?

    < < < < First scenario > > > > (work)

    [Main folder |-secure_access]
    [file] - login.cfm
    [file] - authenticate.cfm
    [file] - application.cfm

    [Sub folder] - secure_access/view
    [file] - first_page.cfm
    [file] - second_page.cfm

    [file] - application.cfm
    < name cfapplication = "CF_Password2."
    ClientComm = "Yes" sessionmanagement = "Yes".
    SessionTimeout = "#CreateTimeSpan (0,0,2,0)" # ""
    applicationtimeout = "#CreateTimeSpan (0,0,2,0)" # ">"

    The variable session.ual is defined on the
    Authenticate.cfm page saved in database.

    A person accesses the login.cfm file to the main folder and between appropriate username and password and the product. The login.cfm page passes on the the authenticate.cfm and is checked against a database, and if the record found, go to first_page.cfm.

    [file] - first_page.cfm
    < IsDefined ('session.ual') cfif >
    < p > < a href = "second_page.cfm" > to the second page < /a > < /p > "
    < cfelse >
    < /P > < p > access denied
    < / cfif >

    [file] - second_page.cfm
    < IsDefined ('session.ual') cfif >
    < p > This is the second page < /p >
    < cfelse >
    < /P > < p > access denied
    < / cfif >

    After a period of two minutes, if I update the first_page.cfm or try to click on the second_page.cfm file, I get the message 'access denied '.

    < < < < Second scenario > > > > (does not work)

    [Sub folder] - secure_access/view
    [file] - application.cfm
    [file] - first_page.cfm
    [file] - second_page.cfm


    [file] - cfapplication.cfm

    < IsDefined ('session.ual') cfif >

    < cfelse >

    < /P > < p > access denied

    < cfabort >

    < / cfif >

    In the second scenario, I added an application.cfm file check to see if the session.ual variable is present. If it is, then the process must continue and first_page.cfm, with subsequent to second_page.cfm and of course link display where the post.
    is not the case.

    I have the impression that placing the application.cfm in this folder and checking the session variable, covers all pages in the file rather than having to add the verification code to each page.

    What Miss me in this process? I'm sure it's something simple and I've just dealt with this too long. Perhaps a new set of eyes on the situation can enlighten us to the right way for me to accomplish my task.

    Thanks - Leonard B

    That's what I thought.

    But when a request is made for a model based in the sub folder, only the
    Application.cfm IN this FOLDER gets run. If one main folder
    NOT run. And it is the one in the main file that implements the
    parameters of the session with .

    One thing that confuses people - perhaps you, in this case - is there
    nothing particular Application.cfm or tags, in itself, in
    with regard to the persistence once they have been executed the first time (the application
    Scope is something different; who IS persistent between requests).

    So to be able to access your session variables, you must hit that
    tag * each * request *. Sessions of the people are based in part
    the CFTOKEN and CFID values sessions, but also the name of the application
    (different applications have different sets of session variables). The
    the application name must be set to each request (via a tag),
    otherwise CF don't know where the request is for the application.

    I think that all you need to do is add<>
    "model = '... / Application.cfm" > at the top of your file under "
    Application.cfm.

    Who is?

    --
    Adam

  • FLex: Creation and access to session variables

    Hi all

    Good morning people.
    Am new on SDS and using Flex 2.0

    I have hotel_list in the collection. and have a mapped datagrid which has a "Book now" button on each row (hotel).
    Then click on the 'book now' button, I want to spend the more information in the same row to the next page.
    Can I create the session variable and access session variables in the next page side server.
    How do I do... ?


    Pls any one advice me on creating session variables and access even in another page?
    Can one after the code example?

    My code is as follows...

    < mx:Script >

    <! [CDATA]

    import flash.net.navigateToURL;
    public void OnBook_click(hcode:String):void {}
    ("var request: URLRequest = new URLRequest("/quick_search/booking.mxml ");
    var uv:URLVariables = new URLVariables();
    UV.hotelcode = hcode;
    Request.Data = UV;
    navigateToURL (request, "_self");
    }
    < / mx:Script >


    < mx:DataGrid id = "dg" width = '100% ', rowHeight = styleName "38" = "GridColumnText."
    "dataProvider ="{hotel_details}"enabled =" {! ds.commitRequired} "creationComplete =" fill_hotelDetails () ".
    verticalScrollPolicy = "{mx.core.ScrollPolicy.OFF}" rowCount = "10" height = "404" > ""
    < mx:columns >
    < mx:DataGridColumn dataField = "hotel_address" headerText = "name of the hotel.
    headerStyleName = "DynamicLabel" width = "300" wordWrap = "true" editable = "false" / >

    < mx:DataGridColumn id = "pr_rate" dataField = "prdt_rate" headerText = "rate."
    headerStyleName = "DynamicLabel" paddingRight = "10" editable = "false" width = "50" / >

    < mx:DataGridColumn dataField = "hotel_status" headerText = "availability".
    headerStyleName = "DynamicLabel" editable = "false" width = "75" / >

    < mx:DataGridColumn headerText = "book now" editable = "false" dataField = "hotel_code."
    headerStyleName = "DynamicLabel" width = "75" sortable = "false" >
    < mx:itemRenderer >
    < mx:Component >
    < mx:HBox width = "25%" horizontalCenter = "0" horizontalAlign = "center".
    styleName = paddingTop "GridColumnText" = "5" >
    < mx:Button id = "book" label = "book now" click = "outerDocument.OnBook_click (data.hotel_code)" / > "
    < / mx:HBox >
    < / mx:Component >
    < / mx:itemRenderer >
    < / mx:DataGridColumn >
    < / mx:columns >
    < / mx:DataGrid >

    Instead of pass... is the values to booking.mxml as request parameters possible to define session variables?
    pls someone help me...


    THX in advance
    Raphael alboury

    Take a look at the shared objects, I think these are the kind of thing you're after. In my view, that the subtopic "By specifying a path" must be particularly pertinent for sharing variables/objects between two swf files.

    LiveDocs - shared objects

  • Hacking the Session Variables?

    I have a php MySQL CRM site with lots of sensitive information...

    To protect it, I have a session based login system.

    Login page - password controls and assigns, name of user, group of users and working groups, to session variables.

    Pages restricted - controls usergroup Access id level and group work.

    I've heard say that if a hacker has re-written the cookie (didn't know sessions created a cookie) it can trick the server into thinking he's using someone elses session and could therefore view, edit and delete these normally protected records.

    I know that the Session data cannot be read or modified, but this could pose a huge security problem.

    It was also suggested that the user must retype his password on each page, but it is both unusual and would be a real pain for the user.

    Is there a simple way around this?

    .oO (RichardODreamweaver)

    > I have a php MySQL CRM site with lots of sensitive information...
    >
    > To protect it, I have a session based login system.
    >
    > Login page audit password and right holders, user name, user group and working group to
    > session variables.
    >
    > Pages limited - controls usergroup Access id level and group work.
    >
    > I've heard say that if a hacker has re-written the cookie (did not know sessions
    (> created a cookie)

    The session ID can also be added to the URL, but using a cookie is
    the preferred and considered to be the safest way.

    > It can trick the server into thinking that he uses a person
    > elses session and therefore could view, edit and delete these records normally
    > protected.

    Just a few key words to learn more:

    Hijacking a session to steal the cookie usually requires a XSS
    (cross-site scripting) attack. Try Wikipedia or Google for more details and
    How to prevent this problem. This should be the first task, because XSS
    the vulnerabilities are quite common and often the basis for many
    types of attacks, including the following.

    Another not so well known attack called session fixation. What follows
    paper goes quite in detail on this subject:

    http://www.Acros.SI/papers/session_fixation.PDF

    > I know that the Session data cannot be read or modified, but this could pose a
    > huge security problem.
    >
    > It was also suggested that the user must retype his password on each
    > page, but it is both unusual and would be a real pain for the user.

    Agreed. The user would never return. But it is quite common in the largest
    the systems that the user must retype the password before performing a
    critical action, for example before ordering in an online store or
    during the change of personal data.

    > Is there a simple way around that?

    Security is never simple. It depends on how much security is
    necessary.

    Micha

  • Bind session variables

    By trawling through the internet and this forum, I worked a little link to session variables that are defined by ADR, for example:

    Control pagination -: page_size,: page_offset,: row_offset,: row_count

    For authenticated requests -: current_user

    Body of the queries PUT and POST -: body

    It doesn't seem to be a definitive duty list anywhere, especially in the documentation accompanying the ADR.  If anyone knows of such a list?

    Hi RHARDEY,

    I pretty much like the list here: http://www.smartdogservices.com/oracle-applications-integrations/ords-use-case-integrating-salesforce-com-customers-ebs/

    Seems fairly complete. Although from my experience the following request headers DON'T work with RESTful services that you define in the APEX sql workshop, in the ADR 3.0 repository:

    -x-apex-base

    -x-apex-path

    -x-apex-charset

    -x-apex-method

    -x-apex-favorite-content-type

    But you can retrieve directly from owa_util.get_cgi_env (). They are called just differently there. But with owa_util.print_cgi_env, you can see all the available variables.

    X-apex-status and x-apex-forward response headers still work in the repository of the ADR.

    Hope that helps,

    ~ Dietmar.

Maybe you are looking for