cookies

Securing oauth bearer token against attacks such as XSS, CSRF in javascript apps

邮差的信 提交于 2021-02-20 15:06:18
问题 I am a bit unclear about how to secure (or protect) bearer tokens when using pure JavaScript applications. I know when user request token to the server it can come with a validity of 14 days or 24 hours. but once the user has token there is no neat (assured) way of securing this from XSS or CSRF attacks (am I missing something?). Now lets say user is logged into the web application and the browser has this token which is valid for 14 days. If the user is accessing another web application

Securing oauth bearer token against attacks such as XSS, CSRF in javascript apps

孤人 提交于 2021-02-20 14:59:28
问题 I am a bit unclear about how to secure (or protect) bearer tokens when using pure JavaScript applications. I know when user request token to the server it can come with a validity of 14 days or 24 hours. but once the user has token there is no neat (assured) way of securing this from XSS or CSRF attacks (am I missing something?). Now lets say user is logged into the web application and the browser has this token which is valid for 14 days. If the user is accessing another web application

Securing oauth bearer token against attacks such as XSS, CSRF in javascript apps

自古美人都是妖i 提交于 2021-02-20 14:58:38
问题 I am a bit unclear about how to secure (or protect) bearer tokens when using pure JavaScript applications. I know when user request token to the server it can come with a validity of 14 days or 24 hours. but once the user has token there is no neat (assured) way of securing this from XSS or CSRF attacks (am I missing something?). Now lets say user is logged into the web application and the browser has this token which is valid for 14 days. If the user is accessing another web application

What is a third party cookie? [closed]

拈花ヽ惹草 提交于 2021-02-20 04:35:32
问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 5 years ago . Improve this question What is a third party cookie and how is it used in Facebook connect feature? 回答1: A third-party cookie is a cookie from domain A , being set in domain B (while visitor is in domain B ). as you may know, a cookie is a file that is set on a per-domain basis

As an electron client, is there a way I can make session persist after an app close?

淺唱寂寞╮ 提交于 2021-02-19 05:35:23
问题 I have a couple of sites that I visit regularly. In fact, so much so, that I like to have a small electron app on my machine to check for updates (since the site doesn't support email updates or anything of that nature). My script basically just launches a browser, retrieves web content for the site, logs it to a file, and then checks for differences. It then notifies me of a difference, if there is one. The catch, though, is that while a given browser window is open (even if I close the

SSO Sustainsys.Saml2.Owin Request is not Authenticated - access_denied

[亡魂溺海] 提交于 2021-02-18 08:50:31
问题 I have to do SSO authentication with saml2 for my existing asp.net web application. I am using Sustainsys.Saml2.Owin example to do that. Identity provider is Azure ADFS ( https://sts.windows.net/TENANTID ) I have configured the Startup file. It loads the metadata file and certificate. And in my Login page, I am challenging if not authenticated. It is successfully redirecting to the login page but the Request is never getting authenticated after the login. And in the reply URL we are getting

Is there any difference between HttpContext.Current.Request and HttpContext.Request?

我怕爱的太早我们不能终老 提交于 2021-02-18 08:38:52
问题 If I want to access Request object in controller action I need to write HttpContext.Request , whereas if I want to access the same object in MVC view, I need to write HttpContext.Current.Request . Is there any difference between them? The problem I am facing is that, the cookies which I set through HttpContext.Response.Cookies.Add in controller action are not being retrieved in HttpContext.Current.Request.Cookies collection in an MVC view, though I can see those cookies through javascript.

C#/ASP.NET Selenium WebDriver - Re-using Cookies

若如初见. 提交于 2021-02-18 07:00:07
问题 I want to: Login to a website Save Cookies Give user a choice to do A, B or C A,B and C all require being logged in. Each will open a FirefoxDriver and do their own thing What i want to do, is login ONCE , save the cookies from that, and add them to any other FirefoxDriver i want to open. Right now I'm trying to save the cookies in public ReadOnlyCollection<Cookie> Cookies { get; set; } which is the result of WebDriver.Manage().Cookies.AllCookies; Assuming login worked and cookies were saving

`$cookies.put()` takes 30 seconds to save the cookie on disk on Android

你说的曾经没有我的故事 提交于 2021-02-18 05:35:28
问题 Context: We have a cordova application loading an online website. (We basically use cordova for the plugins) We store a cookie using $cookies.put() It works fine in desktop browsers and on iOS (as long we use expiration on the cookie) Problem: On Android if the user kill the application with 30 seconds after $cookies.put() is called the cookie will be gone on the next reboot. If the user wait more than 30 seconds (like 35 seconds or more) everything works fine. Question: How can we force the

PHP SameSite session problem, session doesn't work

有些话、适合烂在心里 提交于 2021-02-18 05:32:11
问题 I hope anybody can give me some ideas to my problem. I am trying to apply SameSite cookie to make session work but it seems it doesn't work. The visited site html: <iframe src="https://www.example.com/test/iframe.php"></iframe> Iframe source site: <?php header('Set-Cookie: cross-site-cookie=PHPSESSID; SameSite=None; Secure'); session_start(); if(!isset($_SESSION['test'])){ echo 1; $_SESSION['test'] = 'ee2'; }else{ echo $_SESSION['test']; } If I visit the website, I still receive A cookie