SEARCH KEYWORD -- COOKIE


  SameSite attribute in cookie

Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack. Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack. For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie: Set-Cookie:id=a3fWa; L...

   JAVASCRIPT,COOKIE,SAMESITE,CHROME,CSRF     2019-09-14 04:57:51

  How does PHP session work?

This article is about how PHP session works internally. Below are the steps : 1. Session in PHP is loaded into PHP core as an extension, we can understand it as an extension. When session extension is loaded, PHP will call core functions to get the session save_handler, i.e interface or functions for reading and writing session data. By default, PHP will handle session data by writing and reading files on the server. But PHP also supplies custom methods for handling session data, we can use sess...

   PHP, session, mechanism     2012-12-28 13:36:49

  What you may not know about PHP session

When we access one website, the site usually should have a mechanism to keep track of the status of the user on the site. There are a few mechanisms supported by many server side languages to help track user status such as session and cookie. Today we will talk about session, when creating a session, we need to keep track of many data, besides user data, we also need to tell the server what is the timeout of the session so that we can garbage collect the session data which should not be stored a...

   PHP session,session timeout,example     2013-07-06 08:44:18

  Check out YouTube new design

Recently, YouTube has developed its new design, but is is still not officially released. But you can check out the new design now by following the steps below:1. Open http://www.youtube.com on your Chrome or Firefoc2. Press Ctrl + Shift and J in Chrome to open the Developer Tools and Press Ctrl+Shift and K in    Firefox3. On the bottom part of the development tool, you can type some commands there. Copy the following code and paste on the console window on the bottomdocument.cooki...

   YouTube,New design,Chrome,Firefox,How to     2011-11-20 11:38:58

  Introduction to DTLS(Datagram Transport Layer Security)

Secure communication has become a vital requirement on the Internet. Lots of information transferred through the Internet are sensitive data such as financial transactions, medical information, media streaming etc. To ensure security of data transferred on the Internet, a few secure protocols have been designed including SSL/TLS and IPsec. Many large websites in the world have adopted TLS. Apart from SSL/TLS, there is some other protocol designed to be used in special cases. One of them is ...

   JAVA 9,DTLS,TLS,SECURITY     2016-04-02 05:55:36

  When no need 3 handshakes in TCP?

Overview In the previous article titled Why TCP needs 3 handshakes simple answers were provided to the following three questions: Can application data be carried during the first handshake? Can application data be carried during the second handshake? Can application data be carried during the third handshake? Briefly, traditional TCP requires a three-way handshake to establish a connection, and during these three handshakes, only simple SYN and ACK packets are sent. From the perspective o...

   REASON,NETWORK,TCP,EXPLANATION     2024-09-29 03:19:35

  Meta tag in HTML header

In server response, we can use response.setHeader() to set the meta information in header of a HTML page. The usage is response.setHeader(name,context); meta is used to simulate the response header of HTTP protocol in HTML page. It should be put between the <head> and </head> tag. 1. <meta name="Generator" content="" > <!--This is to specify the tool which generates this page such as Microsoft FrontPage 4.0 etc --> 2. <meta name="keywords" content=""> <!-- To tel...

   HTTP,meta,HTML,head     2013-05-22 11:34:08

  Password-less login

Most websites need user login in order to provide personalized content to visitors. The usual way is to request user to register an user account. Actually, this is not so appealing since if we need to remember one password for each website, it's troublesome, while for developers, it's their responsibility to protect password, once password is leaked, then it's a big headache to a website's business and reputation. So long time ago people started thinking about password-less login, this is a big ...

   Password-lesslogin,Authentication     2012-11-05 12:29:55

  What does session_destroy() do in PHP?

In PHP manual, the description for session_destroy() function is : session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. I am confused about this description. If this function destroys all session data, then why the global variables associated with the session are not unset? Why can we u...

   session_destroy,session_start     2013-08-31 09:59:05

  Some tricks on PHP session

1. Session timeout problem There is a nuance we found with session timing out although the user is still active in the session.  The problem has to do with never modifying the session variable. The GC will clear the session data files based on their last modification time.  Thus if you never modify the session, you simply read from it, then the GC will eventually clean up. To prevent this you need to ensure that your session is modified within the GC delete time.  You can accomp...

   PHP,Session,Timeout,Solution,Various domain     2015-03-13 07:05:37

RECENT