Stack Overflow
Stack Overflow

Questions tagged [session-cookies]

Session cookies enable a server and a browser to establish an identified connection (through cookies) and communicate though it.

Session cookies are temporary files that exist for a particular user for a pre-defined duration. Once this duration is expired, the session cookies are erased.

Session cookies allow a website to keep a state or memory of the visitor as they navigate between pages of the website.

4816 questions
63
votes
2 answers

What is the difference between signed and encrypted cookies in Rails?

The documentation of ActionDispatch::Cookies gives nearly identical descriptions for both signed cookies and encrypted cookies. It appears that both use secrets.secret_key_base to prevent client-side tampering.…
Sean Huber
  • 3,945
  • 2
  • 26
  • 31
62
votes
6 answers

Scrapy - how to manage cookies/sessions

I'm a bit confused as to how cookies work with Scrapy, and how you manage those cookies. This is basically a simplified version of what I'm trying to do: The way the website works: When you visit the website you get a session cookie. When you make…
Acorn
  • 49,061
  • 27
  • 133
  • 172
61
votes
1 answer

Why not generate the secret key every time Flask starts?

When using sessions, Flask requires a secret key. In every example I've seen, the secret key is somehow generated and then stored either in source code or in configuration file. What is the reason to store it permanently? Why not simply generate it…
Arseni Mourzenko
  • 50,338
  • 35
  • 112
  • 199
57
votes
1 answer

Is a URL with // in the path-section valid?

I have a question regarding URLs: I've read the RFC 3986 and still have a question about one URL: If a URI contains an authority component, then the path component must either be empty or begin with a slash ("/") character. If a URI does not…
Christian Kuetbach
  • 15,850
  • 5
  • 43
  • 79
53
votes
5 answers

Session/cookie management in Apache JMeter

We have a simple performance test flow in an application. We login Search based on some criteria repeat searches for different parameters. We are using Jmeter to do a performance testing. We need to have multiple threads running to test this in a…
Priyank
  • 14,231
  • 18
  • 78
  • 107
49
votes
1 answer

Using Python Requests: Sessions, Cookies, and POST

I am trying to scrape some selling data using the StubHub API. An example of this data seen here: https://sell.stubhub.com/sellapi/event/4236070/section/null/seatmapdata You'll notice that if you try and visit that url without logging into…
user2238685
  • 707
  • 1
  • 6
  • 8
47
votes
2 answers

when should I use cookie-parser with express-session?

In most ExpressJs example, I found using cookie-parser with express-session. If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser?
surenyonjan
  • 2,097
  • 3
  • 17
  • 26
46
votes
2 answers

Single page application with HttpOnly cookie-based authentication and session management

For several days now I've been looking for a secure authentication and session management mechanism for my single page application. Judging by the numerous tutorials and blog posts out there about SPAs and authentication, storing JWTs in…
Ege Ersoz
  • 6,461
  • 8
  • 34
  • 53
39
votes
3 answers

What is meaning of "Remember Me" functionality on login page?

I want to include "Remember Me" functionality on login page but I don't know its actual meaning (how its work). I have seen different uses at many websites but I didn't get its actual meaning.
Naresh Ramoliya
  • 770
  • 2
  • 8
  • 25
38
votes
6 answers

How secure are PHP sessions?

I'm primarily a C++ programmer, but I'm trying to pick up some PHP. Apparently the way to implement web user sessions is to store the user's login ID in a cookie using the $_SESSION variable. Is it not possible for someone to just modify their…
James
  • 1,430
  • 4
  • 20
  • 27
36
votes
1 answer

how to set individual session maxAge in express?

I understand that you can set the maxAge when starting up the app as follows: connect.session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}) However, i would like to implement something along the lines of "remember me" setting, how would i…
FurtiveFelon
  • 14,714
  • 27
  • 76
  • 97
36
votes
5 answers

How to add a cookie to the cookiejar in python requests library

I am trying to add a cookie to an existing cookiejar using the python requests 1.2.3 library. Every time I add the new cookie, the data in the jar is munged for the new cookie. Keys missing, Values missing or matched to incorrect Keys. I'm not…
fat fantasma
  • 7,483
  • 15
  • 48
  • 66
36
votes
1 answer

uninitialized constant ActionDispatch::Session::EncryptedCookieStore (NameError)

i'm on rails 4 with passenger. everything was working great until i did a bundle just now. now i'm hitting the following error: Web application could not be started uninitialized constant ActionDispatch::Session::EncryptedCookieStore (NameError) …
yee379
  • 6,498
  • 10
  • 56
  • 101
34
votes
10 answers

how to refresh JSESSIONID cookie after login

A product I work on got a tough security audit by a potential customer and they are upset that Tomcat sets a JSESSIONID cookie before authentication has happened. That is, Tomcat sets this cookie when our stateless Login Page loads, but before…
Nathan Beach
  • 2,497
  • 2
  • 24
  • 25
34
votes
8 answers

Setting HTTPONLY for Classic Asp Session Cookie

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. ~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~ Can…
E.Shafii
  • 341
  • 1
  • 3
  • 4
1
2
3
99 100