|
Brad
in fact nothing happens - beside they don't can recall our user id and
password
next time you log in.
Nice to have user id's and passwords floating around in cookies - don't you
think ?
On Thu, Jun 11, 2015 at 10:23 PM, Bradley Stone <bvstone@xxxxxxxxx> wrote:
Sign into all your google and/or microsoft accounts, clear your cookies,
and then see what happens. You may want to let google and MS know session
cookies are "old and unsafe". :)
Brad
www.bvstools.com
On Thu, Jun 11, 2015 at 2:55 PM, Henrik Rützou <hr@xxxxxxxxxxxx> wrote:
Bradleyunsafe
In practice AJAX calls are never made while other things are loading and
therefore number of connections are arbitrary and only controlled by the
browsers maximum.
In regards to cookies for session management it is a rather old and
technology to use. You may hold a session number in a cookie but thatwrote:
aren’t really not enough. You will need server side managed security.
On Thu, Jun 11, 2015 at 8:07 PM, Matt Olson <Matt.Olson@xxxxxxxx>
detail.
This is not a windows limitation. It is a browser implementation
connections
http://www.browserscope.org/?category=network
-----Original Message-----
From: Bradley Stone [mailto:bvstone@xxxxxxxxx]
Sent: Thursday, June 11, 2015 1:01 PM
To: Midrange Systems Technical Discussion
Subject: Re: 'green screen' not sellable --> WE(?) are the problem
Another problem is most Windows PC limit to 4 (or is it 2?)
atNot
once... so if a page is loading images, running ajax, retrieving JS or
anything else from a server it may not load as fluidly as possible.
andsure how *nix distros or iOS handle this.
As far as using session cookies, I've used them for years with great
success. Just create 256 byte (or larger) random (but unique) keys
usevariables,
that (as well as local IP address you can get from environment
want.or any other info) to tie it back to the info on the server side (ie,
customer number, sign on info, etc). Base64 encode it too if you
:)out
Yes, someone could manipulate the cookie, but I doubt they'd figure
wellthe proper 256 byte sequence to get logged onto someone else's PC as
wrote:as spoofing the local IP of the user.
Brad
www.bvstools.com
On Thu, Jun 11, 2015 at 10:40 AM, Henrik Rützou <hr@xxxxxxxxxxxx>
initiates
Nathan
<iframes> is not the problem, AJAX is since many modern UI's
objectparallel AJAX conversations.
To illustrate that here is what happens when I fire up my Viewport.
The Viewport has an accordian menu where each main topic is an
leastthat is populated by the server through an AJAX call.
This means that if there are 5 main topics the client will fire five
AJAX call's to the server for the menu content under its topic.
What happens behind the scene is illustrated here:
http://www.powerext.com/RESTTIER0.png
On Thu, Jun 11, 2015 at 5:07 PM, Nathan Andelin <nandelin@xxxxxxxxx
wrote:
Henrik,
Thanks for the reply. If I understand correctly, there are at
findaccommodate new users.two problems with "persistent CGI". First, when the "maximum"
threshold is reached, then existing "sessions" may be closed to
implement AJAX.The second problem is that developers may be forced to create some
rather unique plumbing in order to accommodate certain application
designs, such as using <iframes>, where each frame may need to
wrote:
On Thu, Jun 11, 2015 at 8:07 AM, Henrik Rützou <hr@xxxxxxxxxxxx>
changed.actually
Nathanuserprofile
It is a combination of several things.
Normally the Apache server runs it QZSRCGI jobs under a common
(serverUserId) in the config file. That is that the QZSRCGI job
runs under user QTMHHTTP as job user id and the common user fromserver
the
config as adopted/actual user profile.
The number of possible QZSRCGI jobs under and Apache instant is
also a config setting.
If all QZSRCGI jobs are active processing and a request comes in
the request I queued until a QZSRCGI job is idle.
When you set up the Apache to run persistent this scenario is
requestingQZSRCGI jobs now runs under the real user profile asnew
adopted/actual. A
request will cause apache to create a new QZSRCGI job for the
useruser.
When the allowed number of active QZSRCGI jobs is reached and a
new
makes a request the trouble starts. What Apache will do is to
andrequestthe first idle QZSRCGI job allocated to another user, close itstart a
down and
new QZSRCGI job for the new user. This will of course mean thatclosed
the
job will lose persistency.client
Now, today we run AJAX and AJAX may fire parallel requests from
one
against the Apache server. The Apache server will not queue this
for one QZSRCGI job but execute them in different QZSRCGI jobs
persistentthat doesn’t matter if you run stateless or persistent.
So suddenly one user may have a number of in this case
restartingQZSRCGIrequest.
jobs and nobody knows which of the jobs are used for a single
This
will of course also add to the overhead of closing and
IQZSRCGI
jobs when the maximum threshold is reached.
There may be techniques to avoid this behavior, but as standard
CGIwillnot
call it persistent.
On Thu, Jun 11, 2015 at 3:36 PM, Nathan Andelin
<nandelin@xxxxxxxxx>
wrote:
PS. If you run Apache there is no such thing as persistent
CGI"thatbut
is
another rather long story. If you like I could explain it.
Henrik,
Yes, I would be interested in your views about "persistent
Andunder Apache. My understanding is that Profound UI uses it.
periodit seems to maintain a session which may time-out after a
inof inactivity.
What
makes you say there is "no such thing"?
BTW, I agree with your method of storing "session" variables
subscribe,IBMan
imailing
DB, keyed by a secure value.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
pleaseunsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
pleaselisttake a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
Regards,
Henrik Rützou
http://powerEXT.com <http://powerext.com/>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
mailinglisttake a moment to review the archives at--
http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
Regards,
Henrik Rützou
http://powerEXT.com <http://powerext.com/>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
takelist To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take aa moment to review the archives at--
http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
http://archive.midrange.com/midrange-l.moment to review the archives at
listlist
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
Regards,
Henrik Rützou
http://powerEXT.com <http://powerext.com/>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
Regards,
Henrik Rützou
http://powerEXT.com <http://powerext.com/>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.