CTSESSION cookie is used in WebSSO to identify a user. I wonder what does CT stand for in the name of the cookie?
I've tried to search CTSESSION word in stackoverflow, but it gives only 5 results and abbreviation of CT is not expanded there.
I need to get the redirected URL or id in JSF using FacesContext. For current URL, I'm using.
String currentPage = FacesContext.getCurrentInstance().getViewRoot().getViewId();
Closest you can get is the referer header via ExternalContext#getRequestHeaderMap():
String referrer = externalContext.getRequestHeaderMap().get("referer");
// ...
You should only keep in mind that this is a client-controlled value and can thus be fully spoofed from client side on (i.e. the enduser can easily edit or even remove it).
Even then, there are cases where the client application won't send it along. For an overview, see among others this question: In what cases will HTTP_REFERER be empty.
Depending on the functional requirement, you'd better manually pass it along as request parameter, or store it in view or session scope.
I have a url address on my website:
register.php?username=jz&email=jz#hotmail.com
the code used to create this url address is currently:
echo '<p class="c7">Click here to back and try again.<br><img src="resources/img/spacer.gif" alt="" width="1" height="15"></p>';
I am currently using GET on register.php to retrieve the values
I was wondering if anyone could show me any encrypting/decrypting methods to mask this data passed from page to page to the user to prevent any tampering from the user.
For example what could I replace the username/email variables with in the URL for example
register.php?u=jz&e=jz#hotmail.com
or this
register.php?token=khkhkhg33424g
token being the username/email value merged and encrypted but of course on register.php the information can be descrambled and split back into the two variables of username and email to be echoed on the form
These are just a few ideas that I'm hoping to develop.
Use sessions.
<?php
session_start();
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
var_dump($_SESSION);
Only people with access to your server can modify this data.
Store those variables in $_SESSION and check their values from there instead of looking for them in $_GET.
How can I just check if a document exists, mabye get the revision, but not make couchdb send the body of the document?
I remember I saw this explained somewhere but I cannot find it.
Edit: Iirc in the example you received only a http header with no data. The header indicated if present or not.
Edit2: Evan suggests to make a HEAD request (instead of GET). This answers my question.
CouchDB sends an ETag Header for document requests. The ETag Header is simply the document's revision in quotes.
Quoted from: http://wiki.apache.org/couchdb/HTTP_Document_API#ETags.2BAC8-Caching
Instead of performing a HTTP GET request, do a HTTP HEAD request. This will only return the headers and no content. The returned status will tell you if the object exists.
The United States District Court for the Southern District of New York in re Doubleclick Inc. stated:
"GET information is submitted as part of a Web site's address or "URL," in what is known as a "query string." For example, a request for a hypothetical online record store's selection of Bon Jovi albums might read: http://recordstore.hypothetical.com/search?terms=bonjovi. The URL query string begins with the "?" character meaning the cookie would record that the user requested information about Bon Jovi.
Is it true that a URL query string with a "?" would have the cookie record the user requested information? If so, what RFC/standard includes this?
Edit: I understand the United States District Court doesn't define standards, but I would like to have something concrete to note that they were incorrect.
If you read the whole document, you'll note that they say
DoubleClick's cookies only collect
information from one step of the above
process: Step One. The cookies capture
certain parts of the communications
that users send to
DoubleClick-affiliated Web sites. They
collect this information in three
ways: (1) "GET" submissions, (2)
"POST" submissions, and (3) "GIF"
submissions.
They are describing a process used by DoubleClick, not an internet standard.
You (and anyone else, including DoubleClick) can take information that is available to you (including information that might be sent as part of a GET submission) and store it in a cookie.
You should interpret the sentence in question (in context) like this:
DoubleClick stores information from the query string in a cookie.
The URL query string is the portion of a URL that begins with the "?" character.
The query string portion of the hypothetical URL is "Bon Jovi".
DoubleClick's process would use a cookie to record that the user requested information about Bon Jovi
Supported Conclusion:
DoubleClick takes/took information from a URL query string (which is the part of the URL that begins with a "?") and uses a cookie to record information that the user requested.
Unsupported Conclusion:
A URL query string with a "?" would have the cookie record the user requested information. There exists some RFC that describes this behavior.
It's certainly possible to store the query string in a cookie, but there is no technical standard that forces that to occur.
They are likely referencing something specific to the code on that specific website, which is presumably storing the query string in a cookie.
Cookies get set and submitted seperately from the URL, so in the HTTP-header it would look like this:
GET /search?terms=bonjovi
Cookie: $Version=1; UserId=JohnDoe
The only way the query string would be stored in a cookie would be if a cookie path is used in conjunction with rewritten URLS or if the server explicitely sets a cookie with some sort of id or the query string.
Last time I checked, the US District Court for the Southern District of New York didn't define Internet standards.
The query string does not affect the cookies, they are using technical language in a sloppy way.
That text may be just an example and you shouldn't stick to that.
Including any text in the query string does not imply a cookie is created with that information, although some sites may contain additional code to do so.