Re: Facebook Federate 400 error with session id.

; cause of the issue. I may be wrong, so hopefully this can be clarified. > > What I notice is on failing authentication attempts, the redirect URL > > contains the session id which doesn't match the stored URL in facebook. > > Like I said, my guess is this is do to the remember me op

Re: Facebook Federate 400 error with session id.

ow the cause of > the issue. I have the remember me token set to true which I believe is the > cause of the issue. I may be wrong, so hopefully this can be clarified. > What I notice is on failing authentication attempts, the redirect URL > contains the session id which doesn't mat

Re: Facebook Federate 400 error with session id.

I ended up just using a url rewriter to remove the session id from the URI. Everything is now working perfectly. On Sun, Nov 23, 2014 at 1:41 PM, George Christman wrote: > http://jira.codehaus.org/browse/TYNAMO-100 > > On Sun, Nov 23, 2014 at 1:38 PM, George Christman > wrote:

Re: Facebook Federate 400 error with session id.

et to true which I believe is the > cause of the issue. I may be wrong, so hopefully this can be clarified. > What I notice is on failing authentication attempts, the redirect URL > contains the session id which doesn't match the stored URL in facebook. > Like I said, my guess is thi

Facebook Federate 400 error with session id.

ation attempts, the redirect URL contains the session id which doesn't match the stored URL in facebook. Like I said, my guess is this is do to the remember me option, but I could be wrong. Once the cookie has been established for the first time, the session id no longer exist in the URL and auth

Re: Prevent session id from appearing in URL while being indexed by google

I just disabled coolkies within my browser and I'm finding >> every link is being generated with a session id despite not needing to be >> logged in. What would cause this? >> > > Any page with @Persist or @SessionState being visited can cause a session >

Re: Prevent session id from appearing in URL while being indexed by google

On Wed, 04 Jun 2014 12:11:00 -0300, George Christman wrote: Hi Thiago, I just disabled coolkies within my browser and I'm finding every link is being generated with a session id despite not needing to be logged in. What would cause this? Any page with @Persist or @SessionState

Re: Prevent session id from appearing in URL while being indexed by google

ust disabled coolkies within my browser and I'm finding every > link is being generated with a session id despite not needing to be logged > in. What would cause this? I'm not sure if this would effect things, but > I'm using remember me with tapestry-security, however I'

Re: Prevent session id from appearing in URL while being indexed by google

Hi Thiago, I just disabled coolkies within my browser and I'm finding every link is being generated with a session id despite not needing to be logged in. What would cause this? I'm not sure if this would effect things, but I'm using remember me with tapestry-security, however I

Re: Prevent session id from appearing in URL while being indexed by google

On Wed, 04 Jun 2014 10:16:24 -0300, Dmitry Gusev wrote: I don't think requiring cookies is a bad idea. I think every normal user would have cookies enabled. Some proxies mess up with cookies, causing them to not work. At my work I've got lots of client complaints because of that. I thin

Re: Prevent session id from appearing in URL while being indexed by google

fish v3, and any other > Servlet > > > > 3.0-compliant servlet container. First, you can add this to your > > web.xml > > > > webapp config: > > > > > > > > > > > > COOKIE > > > > > > > > > > > >

Re: Prevent session id from appearing in URL while being indexed by google

3, and any other Servlet > > > 3.0-compliant servlet container. First, you can add this to your > web.xml > > > webapp config: > > > > > > > > > COOKIE > > > > > > > > > > > > On Wed, Jun 4, 2014 at 6:58 AM,

Re: Prevent session id from appearing in URL while being indexed by google

> > > The ID appears in URLs if your app creates session for current user & > > this > > > user has cookies disabled. > > > > > > You can either not create a session for guests, or disable session ID > in > > > URLs in servlet con

Re: Prevent session id from appearing in URL while being indexed by google

appears in URLs if your app creates session for current user & > this > > user has cookies disabled. > > > > You can either not create a session for guests, or disable session ID in > > URLs in servlet container level, > > here's an example for tomcat: &

Re: Prevent session id from appearing in URL while being indexed by google

isabled. > > You can either not create a session for guests, or disable session ID in > URLs in servlet container level, > here's an example for tomcat: > https://fralef.me/tomcat-disable-jsessionid-in-url.html > > > > On Wed, Jun 4, 2014 at 10:48 AM, George Christma

Re: Prevent session id from appearing in URL while being indexed by google

Hi George, The ID appears in URLs if your app creates session for current user & this user has cookies disabled. You can either not create a session for guests, or disable session ID in URLs in servlet container level, here's an example for tomcat: https://fralef.me/tomcat-disable-jses

Prevent session id from appearing in URL while being indexed by google

Hi guys, I'm noticing Google is indexing a lot of pages with the session id appended to the URL, how do I prevent this? Please see link below for example. https://www.google.com/search?q=site:cardaddy.com&client=firefox-a&hs=qLR&rls=org.mozilla:en-US:official&channel=sb&

Re: session id

> It won't work, as the jsessionid is not a query parameter. By that Thiago means that it's not a query parameter managed by the Link, so you can't remove it. The jsessionid query parameter is added by the servlet container when you call to*URI. Josh On Fri, Feb 25, 2011 at 3:43 PM, Thiago H. de

Re: session id

On Fri, 25 Feb 2011 20:36:55 -0300, Mark wrote: Ah ok. That explains why I see it sometimes and not others. This is what I ended up doing: Link link = pageRenderLinkSource.createPageRenderLinkWithContext("page", context); link.removeParameter("jsessionid"); return link; Any problems with th

Re: session id

011 at 4:28 PM, Josh Canfield wrote: >> Any idea on how to prevent these session ids from being part of the >> links created in this manner? > > You'll get a session id if you try to persist anything into the > session, for instance if you use @ApplicationState as a page secu

Re: session id

> Any idea on how to prevent these session ids from being part of the > links created in this manner? You'll get a session id if you try to persist anything into the session, for instance if you use @ApplicationState as a page securing mechanisms might do. Tapestry calls encodeRedir

session id

I am using: Link link = pageRenderLinkSource.createPageRenderLinkWithContext("PageName", pageContext); To get a link to a page with a particular context that ties into a Facebook share component. This has worked well, but now I'm occasionally seeing it rendered with a jsessionid. Which of cours

Re: change session id after login

On Tue, 26 Oct 2010 12:14:43 -0200, Muhammad Mohsen wrote: Excuse me, I understand that I should not invalidate the session from the directly from the httpsession object. But how can I access the httpsession object through tapestry in the first place ? Or the mentioned "Session" object ? Ge

Re: change session id after login

as using the container supported session id but it works fine. > > Markus > > On Mon, Oct 25, 2010 at 5:18 PM, Kalle Korhonen > wrote: > > But typically, you'd just invalidate the session which of course > > forces a new session id. > > > > Kalle > > >

Re: change session id after login

Do you know any webframework that allows that? We recently had the same requirement but finally went the route to use an extra id in a https only cookie that was set during login. Not as nice as using the container supported session id but it works fine. Markus On Mon, Oct 25, 2010 at 5:18 PM

Re: change session id after login

But typically, you'd just invalidate the session which of course forces a new session id. Kalle On Mon, Oct 25, 2010 at 12:21 AM, Mike Oestereter wrote: > Hi > > In my mind it is not a peculiar requirement but a basic security 101 > requirement. > Session ID should chang

Re: change session id after login

Hi In my mind it is not a peculiar requirement but a basic security 101 requirement. Session ID should change after login, after logoff and after reauth (for sensitive operations). On Wed, Oct 20, 2010 at 1:51 AM, Kalle Korhonen wrote: > That's a rather peculiar requirement. Sessions

Re: change session id after login

In tapestry 5.0 the value of the cookie (somewhat magically and unexpectedly) changed when a new instance of my SessionState object was created: e.g. Are you sure? This doesn't make a lot of sense. As you can have more than one session state object, changing the session id would be

Re: change session id after login

That's a rather peculiar requirement. Sessions are semi-managed by the container and I don't know of a container that would allow you to do that. If you used Shiro in native session mode, you could probably change the id but even then, you'd need to cast and use the implementation classes directly.

Re: change session id after login

The problem is that I don't want to invalidate the session from an application point of view. After successful login I want to store details about the authenticated user in the user session. I just want to kill the existing cookie and associate a new (and different cookie) with the current sessio

Re: change session id after login

On Mon, Oct 18, 2010 at 1:45 PM, Thiago H. de Paula Figueiredo > Are you sure? This doesn't make a lot of sense. As you can have more than > one session state object, changing the session id would be the same as > invalidating the session. This would be a serious bug. > I

Re: change session id after login

On Mon, 18 Oct 2010 10:26:00 -0200, Andreas Andreou wrote: Yea, that's session fixation... see http://www.owasp.org/index.php/Session_Fixation Thanks for the link! :) Grabbing the session and invalidating directly does the trick but you have to be sure this occurs at the end of the reques

Re: change session id after login

post us something about the vulnerability? I'm curious to read > about it. :) > >> In tapestry 5.0 the value of the cookie (somewhat magically and >> unexpectedly) changed when a new instance of my SessionState object >> was created: e.g. > > Are you sure? This d

Re: change session id after login

a new instance of my SessionState object was created: e.g. Are you sure? This doesn't make a lot of sense. As you can have more than one session state object, changing the session id would be the same as invalidating the session. This would be a serious bug. -- Thiago H. de Paula

change session id after login

Hi How can I change the value of the JSESSIONID cookie after succcessfull login - failure to do this will result in a session hijacking vulnerability. I'm not using Spring or AECGI (sp?) and am not interested in it at the moment. In tapestry 5.0 the value of the cookie (somewhat magically and un

Re: Best Approach to retrieve a session ID in Tapestry 5.1

later, but that seems to be the only thing the wrapper keeps track of. Hope that was helpful :) Best Christian Am 21.07.2010 um 11:35 schrieb Mark Heimann: > Hi everyone, > > I was wondering what would be the best approach to retrieve a session ID > using Tapestry 5.1. My und

Best Approach to retrieve a session ID in Tapestry 5.1

Hi everyone, I was wondering what would be the best approach to retrieve a session ID using Tapestry 5.1. My understanding is that the wrappers Tapestry creates around the HttpSession object does not expose a getId() method that would return a string representation of the session to me. I

Re: Tap 5.0.11 How to store Session id in ASO

I have found a solution. I need to inject the shadow service HttpServletRequest into my ASO. Shing --- Shing Hing Man <[EMAIL PROTECTED]> wrote: > I need to retrieve the http session id. One way to > get > session id is to inject > RequestGlobals into my page and then get

Re: Tap 5.0.11 How to store Session id in ASO

Seems like an odd request. Assuming you are storing the ASO in the session (the only option with the default implementatons), then you (or the servlet API) must already know the session id (i.e., from the request object, from cookie in the request). So storing it in the ASO isn't useful.

Tap 5.0.11 How to store Session id in ASO

I need to retrieve the http session id. One way to get session id is to inject RequestGlobals into my page and then get the HttpRequest from RequestGlobals. For simplicity sake, I try to inject the httpRquest into an exisitng (session) ASO X (which is already injected to my page) and retrieve

RE: Tapestry 4.1.1: incorrect dojoPath, tapestryPath - session id is appended

seeing this as well? Hope the above helps. Anna -Original Message- From: Stefan Esterer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 3:08 AM To: users@tapestry.apache.org Subject: Re: Tapestry 4.1.1: incorrect dojoPath, tapestryPath - session id is appended I'm hav

Re: Tapestry 4.1.1: incorrect dojoPath, tapestryPath - session id is appended

the AjaxShellDelegate and specifying the dojoPath and > tapestryPath. > > > Anna > > --------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional

Tapestry 4.1.1: incorrect dojoPath, tapestryPath - session id is appended

A little while ago I had posted this error, which occurs the first time our site is loaded: Could not load 'dojo.logging.Logger'; last tried '__package__.js' dojo.js;jsessioni... (line 14) Could not load 'tapestry.namespace'; last tried '/__package__.js' dojo.js;jsessioni... (line 14) [Exception..

Re: how to get the session id

Hi, My solution to this is to inject the session on the .page file: Then in the java file of the page, get the session. From that you can get the session ID: * Declare in the class: public abstract WebRequest getWebRequest(); * Then where you need it: WebSession sess = getWebRequest

Re: how to get the session id

Hi! You can get the Session id like this: cycle.getInfrastructure().getRequest().getSession(true).getId(); Cheers, Mika Tapestry User List wrote: > Hello, > > I need to retrieve the session ID (JSESSIONID) from IRequestCycle. Is there > way to do that ? > > Would be nice i

how to get the session id

Hello, I need to retrieve the session ID (JSESSIONID) from IRequestCycle. Is there way to do that ? Would be nice if someone have the solution of this non-urgent problem. Cheers, Didier