I'm creating a session to transfering data between asp.net pages. Here is my session create in first page:
Session["Data"]=depo.Value;
Response.Redirect("rapor.aspx");
I using it with rapor.aspx(second page):
TextBox1.Text = Session["Data"].ToString();
this process runs perfect.But after I read data from session,I will end(drop) the session,because I don't will occupying the server.I'dont will using timout,I'll ending(droping) the session after user getted the data on second page.is tehere any way to do ending(droping) asp.net session?i.e
Session["Data"].end ?
If you want to only remove the key "Data" from your session you can do:
Session.Remove("Data");
But if you want to completely end the session and delete it's contents, you can do:
Session.Abandon();
Session.Clear();
See How to Kill A Session or Session ID (ASP.NET/C#) for more discussion on this topic.
To destroy a session, use
Session.Abandon();
If you want to remove a specific item from the session use
Session.Remove("YourItem");
And if you only want to clear a value use
Session["YourItem"] = null;
Related
I'm trying to create a new API that allows me to automatically check session status from an external application (SSO) based on the presence of a cookie (cross-domain),
following moodle's logic (code), I found that you key session key by just calling sesskey() function (based on $_SESSION['USER'] )
but when I call this function in externallib file every time it gives me a new random session key
The problem was call sessKey() from an external lib get an empty $_SESSION['USER']
any help would be greatly appreciated
I am currently migrating an old Zend 1.1 website and need a replacement for the uses of Zend_Session_Namespace.
Does one exist for Yii2? Or alternatively is there a plugin or something to add this functionality?
-Edit:
Specifically the ability to set expiry timeouts and hop limits like Zend has.
Thank you.
UPDATE
The info you have added in the edit was never mentioned earlier and makes your question too broad you might create a separate question for that.
By default session data are stored in files. The implementation is locking a file from opening a session to the point it's closed either by session_write_close() (in Yii it could be done as Yii::$app->session->close()) or at the end of request. While session file is locked all other requests which are trying to use the same session are blocked i.e. waiting for the initial request to release the session file. this can work for dev or small projects. But when it comes to handling massive concurrent requests, it is better to use more sophisticated storage, such as a database.
Zend_Session_Namespace instances provide the primary API for manipulating session data in the Zend Framework. Namespaces are used to segregate all session data, if you are converting the script to Yii2 framework you might need to look into https://www.yiiframework.com/doc/api/2.0/yii-web-session
A simple example to compare both of the functionalities by example are
Zend Framework 1.1 Counting Page Views
$defaultNamespace = new Zend_Session_Namespace('Default');
if (isset($defaultNamespace->numberOfPageRequests)) {
// this will increment for each page load.
$defaultNamespace->numberOfPageRequests++;
} else {
$defaultNamespace->numberOfPageRequests = 1; // first time
}
echo "Page requests this session: ",
$defaultNamespace->numberOfPageRequests;
Yii2 Framework Counting Page Views
public function actionIndex()
{
$session = new \yii\web\Session();
$session->open();
$visits = $session->get('visits', 0);
$visits = $visits+1;
$session->set('visits', $visits);
return "Total visits $visits";
}
Hope someone can help me explain some of my questions in order:
1. When i set application/config/config.php:
Determines whether the XSS filter is always active when GET, POST or
COOKIE data is encountered.
$config['global_xss_filtering'] = TRUE;
So if I set the default value is FALSE. What benefits will I get? For example, the performance or processing speed of the server?
2. Session
function save(){
$data = $this->input->post('number',TRUE);
$this->session->set_userdata('TEST',$data);
}
//Suppose Client request GET to action
function insert(){
$num = $this->session->userdata('TEST');
//Do I need to filter data in session?
$num_clean = $this->security->xss_clean($num );
$this->model->run_insert($num_clean);
}
I do not trust the user. And I still do not understand much about: session activity
The server just sends the ID Session to the client. Does the server send the data, which I set up to the session, to the client?
Best way xss_clean for session Which i am using is: Filter the client data by xss_clean input class. Is that enough? And need to re-filter session again?
Hope someone helped me because I just using only Codeigniter's XSS filter. Thanks
part 1:
From CodeIgniter User Guide Version 2.2.6
XSS Filtering
CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead.
So answerto your 1st part of question : yes ,
setting $config['global_xss_filtering'] = false; has performance benefits. also in codeigniter 3 its This feature is DEPRECATED. So i prefer to set it false.
part 2 :
Session is different from cookie
Unlike a cookie, the information is not stored on the users computer. So when you store a session ,its safe to trust the session data.
session data are stored in server. Most sessions set a user-key on the user's computer that looks something like this: 765487cf34ert8dede5a562e4f3a7e12. Then, when a session is opened on another page, it scans the computer for a user-key. If there is a match, it accesses that session, if not, it starts a new session.
here is a simple guide to session to read https://www.w3schools.com/php/php_sessions.asp
deftailed one : http://php.net/manual/en/intro.session.php
in short $num_clean = $this->security->xss_clean($num ); this is unnecessary.
I have an app on unity that uses ParseUser to store the user Level and Experience. When the user reaches a new Level a ParseCloud function call is made. However whenever user is retrieved via:
Parse.Cloud.define("LevelUp", function (request, response){
var user = request.user;
});
All the attributes in user have the values that are currently saved on the database, but not the ones that the ParseUser that made the request have in the Parse client.
Do I need to call ParseUser.CurrentUser.SaveAsync(); before every call to the server to get current user values or is there a way to send the dirty ParseUser values to the ParseCloud function and update them from that function.
Thanks!
Short answer yes.
Long answer: Not necessarily, but you need to wrap the unsaved (or dirty) attributes in an object and send it to ParseCloud, due the fact that you can't send ParseObject in a ParseCloud call.
In my case, I ended up changing the approach: retrieve the necessary
information about the level, and do the modifications on the ParseUser on the client.
I have created Zend_Auth adapter implementing Zend_Auth_Adapter_Interface (similar to Pádraic's adapter) and created simple ACL plugin. Everything works fine with default session handler. So far, so good.
As a next step I have created custom Session SaveHandler to persist session data in the database. My implementation is very similar to this one from parables-demo. Seems that everything is working fine. Session data are properly saved to the database, session objects are serialized, but authentication does not work when I enable this custom SaveHandler.
I have debugged the authentication and all works fine up till the next request, when the authentication data are lost.
I suspected, that is has something to do with the fact, that I use $adapter->write($object) instead $adapter->write($string), but the same happens with strings.
I'm bootstrapping Zend_Application_Resource_Session in the first Bootstrap method, as early as possible.
Does Zend_Auth need any extra configuration to persist data in the database?
Why the authentity is being lost?
I have found the cause of the problems.
I used 'data' as a column name. Session SaveHandler from parables-demo was calling code similar to this:
$string = 'test'
$doctrineModel->data = $string;
echo gettype($doctrineModel->data); // displays 'Array', not string as some would expect
So the data I wanted to save were accidentally converted to arrays.