cookies

问题 I am new to sessions and this is my first serious coding project. I've tried a million things and I can't figure out why the session isn't persisting through different routes. When I log req.session.id from two routes, it gives me two different ids when it should be the same one. const express = require('express'); const cors = require('cors'); const mongoose = require('mongoose'); const session = require('express-session'); const bcrypt = require('bcrypt'); let User = require('./models/user

问题 I'm currently building a little angular page. In this page I'm using ngx-cookieconsent (https://www.npmjs.com/package/ngx-cookieconsent) for handling the cookies. Everything works but now I'm a little bit confused. I've set it up with the parameter opt-in but when I visit the page first, there are already cookies stored in the browser even if I press decline or nothing: Thats really confusing. I've also tried subscribing to the status change of the consent: this.statusChangeSubscription =

问题 In oTree, two cookies are created: sessionId and csrf_token . I want to disable both; however, I don't know how to do that. I know that when I use participant_label in the URL, I can avoid the sessionId -cookie. However, then I still have the csrf_token -cookie. Do you know how to unset it? I heard that django-cookieless should be a solution, but I don't know how to use that. 回答1: Ok, it's a bit untrivial. For injecting csrftoken in Django (which oTree is based on) they use CsrfViewMiddleware

问题 I'm struggling to find a way to securely save an Access-Token, which my web application retrieved from the DiscordAPI after the user authorized the application. I'm creating a web-interface for a Discord Bot. Here it is important, that not everyone can use it. Only server-moderators and such on a specific Discord server should be allowed to access most parts of the website. For this I'm using the OAuth2 stuff from Discord to retrieve an Access-Token with which I can get user info, such as

问题 I'm attempting to set a cookie just before a header redirect but it is not working. I have read that setting the cookie after the header redirect line should solve the problem, but I am having no luck. Similarly, a post here previously suggested that if you were using a 'human URL' in the location redirect, you should use '/' in the path parameter of the cookie. This has also been done with no luck. header("Location: $url" . $params); setcookie('cartstlang', 'lang', 0, '/', '', FALSE, FALSE);

问题 I'm attempting to set a cookie just before a header redirect but it is not working. I have read that setting the cookie after the header redirect line should solve the problem, but I am having no luck. Similarly, a post here previously suggested that if you were using a 'human URL' in the location redirect, you should use '/' in the path parameter of the cookie. This has also been done with no luck. header("Location: $url" . $params); setcookie('cartstlang', 'lang', 0, '/', '', FALSE, FALSE);

问题 What is the "best practice" to prevent a valid cookie from being used by more than one client at a time in ASP.NET MVC? In this scenario, we are using all the OWASP tricks. Strict HSTS: HTTPS/SSL on every page Cookies are listed as HTTPS-only Cookies are marked secure Cookies have a short expiration There is also code to prevent cross-site request forgery (XSRF) from altering values page to page. That's all great and prevents users from changing values, but it doesn't prevent a bad actor from

问题 What is the "best practice" to prevent a valid cookie from being used by more than one client at a time in ASP.NET MVC? In this scenario, we are using all the OWASP tricks. Strict HSTS: HTTPS/SSL on every page Cookies are listed as HTTPS-only Cookies are marked secure Cookies have a short expiration There is also code to prevent cross-site request forgery (XSRF) from altering values page to page. That's all great and prevents users from changing values, but it doesn't prevent a bad actor from

问题 I have the below javascript function that currently runs on every visit. I do not want to spam our visitors with this popup on every visit so I am trying to get my head around cookies and running this once a week. setTimeout(function() { jQuery(document).one('mouseleave', function() { console.log('mouse left'); jQuery('.open-popup-link').magnificPopup('open'); }); }, 10000); I placed this within a cookie function that I found on here however nothing runs and no errors in the console. function

问题 I have the below javascript function that currently runs on every visit. I do not want to spam our visitors with this popup on every visit so I am trying to get my head around cookies and running this once a week. setTimeout(function() { jQuery(document).one('mouseleave', function() { console.log('mouse left'); jQuery('.open-popup-link').magnificPopup('open'); }); }, 10000); I placed this within a cookie function that I found on here however nothing runs and no errors in the console. function