cppcms-users

[Cppcms-users] Sessions

[Frank E. <fra...@an...>]

Hi,

I try to use sessions. Though the system generates session cookies -
which are received by the browser - they are not available in the next
http request from the browser. I use server side sessions.

I just have to include session_interface.h and then can use
session()[key] = value to store and value = session()[key] to retrieve
values in sync sessions. Am I missing something here?

Any thoughts welcome.

Regards,

Frank

-- 
Dipl.-Ing. (FH) Frank Enderle

anamica UG (haftungsbeschränkt)
Beinsteinerstr. 6
71334 Waiblingen

Telefon:  +49 151 14981091
Telefax:  +49 7151 1335770
E-Mail:   fra...@an...
Internet: www.anamica.de

Handelsregister: AG Stuttgart HRB 732357
Geschäftsführer: Yvonne Holzwarth, Frank Enderle

Re: [Cppcms-users] Sessions

[Frank E. <fra...@an...>]

Nevermind - I solved it. I had 'secure: true' in config.js in thus the
cookie hadn't be sent back from the browser since this was no https
connection.

Another question: is it possible to have the session id to be
transparently added as a url parameter, when cookies are not available
(such as php does this)?

thank,

Frank

Am 20.08.2010 21:17, schrieb Frank Enderle:
> Hi,
> 
> I try to use sessions. Though the system generates session cookies -
> which are received by the browser - they are not available in the next
> http request from the browser. I use server side sessions.
> 
> I just have to include session_interface.h and then can use
> session()[key] = value to store and value = session()[key] to retrieve
> values in sync sessions. Am I missing something here?
> 
> Any thoughts welcome.
> 
> Regards,
> 
> Frank
> 


-- 
Dipl.-Ing. (FH) Frank Enderle

anamica UG (haftungsbeschränkt)
Beinsteinerstr. 6
71334 Waiblingen

Telefon:  +49 151 14981091
Telefax:  +49 7151 1335770
E-Mail:   fra...@an...
Internet: www.anamica.de

Handelsregister: AG Stuttgart HRB 732357
Geschäftsführer: Yvonne Holzwarth, Frank Enderle

Re: [Cppcms-users] Sessions

[Artyom <art...@ya...>]

No, as policy, CppCMS uses Cookies based sessions only as
adding SID to URL like in PHP has major security issues, for example
the sid is exposed by browser in referrer link and allows SID to
be stolen:

i.e.

   page www.foo.com/url?sid=1234566
    

       link to www.bar.com

Now user clicks on the link and now on bar.com I have

   Referrer: http://www.foo.com/url?sid=1234566

And now it can login to foo.com with your account. This is bad.

> 
> Another question: is it possible to have the session  id to be
> transparently added as a url parameter, when cookies are not  available
> (such as php does this)?
> 
> thank,


      

Re: [Cppcms-users] Sessions

[Frank E. <fra...@an...>]

agreed. youre right.

On Aug 21, 2010, at 10:31, Artyom <art...@ya...> wrote:

> No, as policy, CppCMS uses Cookies based sessions only as
> adding SID to URL like in PHP has major security issues, for example
> the sid is exposed by browser in referrer link and allows SID to
> be stolen:
> 
> i.e.
> 
>   page www.foo.com/url?sid=1234566
> 
> 
>       link to www.bar.com
> 
> Now user clicks on the link and now on bar.com I have
> 
>   Referrer: http://www.foo.com/url?sid=1234566
> 
> And now it can login to foo.com with your account. This is bad.
> 
>> 
>> Another question: is it possible to have the session  id to be
>> transparently added as a url parameter, when cookies are not  available
>> (such as php does this)?
>> 
>> thank,
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by 
> 
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev 
> _______________________________________________
> Cppcms-users mailing list
> Cpp...@li...
> https://lists.sourceforge.net/lists/listinfo/cppcms-users