session management – What is the connection between CORS and SameSite cookie attribute?

For most of them may be its a silly question but I want it to know this in very simple language.

If an application is not using CORS at all then should we put this SameSite cookie attribute?

and if Application has subdomain like abc.domain.com then what is the role of Samesite attribute ?

authentication – Same session cookies for a user logging from different browser/machine

Having the session cookie specific to the machine or browser offers at least the possibility to associate machine/browser specific information with the cookie (like some kind of browser fingerprint). Such associated information might then be used to better detect if the cookie was used on a different machine, i.e. impersonation done via cookie theft.

Note that this cookie protection is purely optional, i.e. just because the cookie is machine/browser specific does not mean that such information will be definitely associated with the cookie but only that this could be done.

If the session cookie is instead machine/browser independent such protection is not possible at all, but instead a stolen cookie could easily be used from other systems. This means the risk of impersonation would be higher.

Which is more vulnerable …

None of this actually presents a vulnerability. A vulnerability would be if some attacker could steal the session cookie, for example using XSS or by sniffing unprotected connections. The options you present only offer more or less ways to mitigate the impact of the vulnerability by making it harder or easier for the attacker to misuse the stolen cookie.

oracle – How to connect to specific session id & serial# ? Blocked sessions

I have blocked sessions and see which session is blocking them, having session_id and serial#. Is it possible to connect to such session? How?

Background: using V$SESSION_BLOCKERS I see sessions are blocked by each other by INSERT statements to one of two tables: _REQUEST and _RESPONSE

Blocked sessions wait event: enq: TX - row lock contention

Query 1:

insert into _REQUEST (creation_date, IS_PROCESSED, name, packet, PARENT_SKID, BATCH_SKID, retry_delay, revision, SERVICE_NAME, ttl, type, REQUEST_SKID)
values (:1 , :2 , :3 , :4 , :5 , :6 , :7 , :8 , :9 , :10 , :11 , :12 )

Query 2a (from DB trigger, :B1 is a payload):

SELECT COALESCE(ERROR_DETAILS, ERROR_MESSAGE, FAULT_REASON, SOAP_ERROR) AS ERROR_MESSAGE, ERROR_CODE 
FROM XMLTABLE( '//*:DataHandlerWebServiceException | //*:Fault | //*:PLMDataHandlerError' 
     PASSING XMLTYPE(:B1 )
     COLUMNS ERROR_DETAILS VARCHAR2(256) PATH '*:errorDetails'
            ,ERROR_MESSAGE VARCHAR2(256) PATH '*:errorMessage'
            ,ERROR_CODE VARCHAR2(8) PATH '*:errorCode'
            ,FAULT_REASON VARCHAR2(256) PATH '*:Reason/*:Text'
            ,SOAP_ERROR VARCHAR2(256) PATH '*:COMMON_LOG_MESSAGE/*:LOG_MESSAGE' )

Query 2b (we already know APPEND is ignored here, see Note 1):

INSERT /*+ append */ INTO _response( RESPONSE_SKID, REQUEST_SKID, HAS_FAILED, WAS_TIMEOUT, IS_PROCESSED, SOAP_REQUEST_TIMESTAMP, SOAP_RESPONSE_TIMESTAMP, RESPONSE_HTTP_STATUS, ERROR_MESSAGE, RESPONSE_BODY )
values ( :1 , :2 , :3 , :4 , :5 , :6 , :7 , :8 , :9 , :10 )

How is it possible that INSERTs, to different tables, are blocking the sessions? I was looking into V$ACTIVE_SESSION_HISTORY but don’t find anything yet (I’m not a DBA yet)

Note 1: APPEND hint ignored

8 – Set and read data in session between anonymous and authenticated user

On my Drupal 8 site, when an anonymous user “A” visit this link: https://www.example.com/page-1?data=12345678, I want to store the data value in a session and save it later to the user account under field_user_data when this same user “A” login/signup to the site.

Note: The query data will be unique for every single user and will not be used twice ever.

I thought the best way to go is by using the data value in a session and use it later when the same anonymous user becomes authenticated on the site.

So on site load and when user “A” is using the site as anonymous, I am saving the data value in a session using:

// Get query values from url.
$request_query = Request::createFromGlobals();
$data = $request_query->query->get('data');

// Save the "$data" in a session variable.
$tempstore = Drupal::service('user.private_tempstore')->get('my_module');
$tempstore->set('data', $data);

and later, in another php file but within the same module, when the anonymous user “A” authenticate to the site, I am saving the session value to his user account as shown below:

// Get 'data' Session value
$tempstore = Drupal::service('user.private_tempstore')->get('my_module');
$data = $tempstore->get('data');

// Set 'data' value to user account.
$authenticated_user->set('field_user_data', $data);

// Save
$authenticated_user->save();

The problem is $data session is shared between all users and not being unique per user while $data value must be unique for every single user.

What is wrong with my code ?
Using cookies will be a better approach for my use case ?

What is a good pages per session?

Hello friends,

What is a good pages per session?

oracle – What is SYSRAC SESSION?

In my environment (oracle 19c) I can see several SYSRAC sessions. What is the purpose of this session?

SQL> select username,status from gv$session where type <> 'BACKGROUND';

USERNAME                       STATUS
------------------------------ ------------------------------
SYS                            INACTIVE
SYSRAC                         INACTIVE
SYSRAC                         INACTIVE
SYSRAC                         INACTIVE
SYSRAC                         INACTIVE
SOE                            ACTIVE
SYSRAC                         INACTIVE
SOE                            ACTIVE
SOE                            ACTIVE
SYS                            ACTIVE
SOE                            ACTIVE

USERNAME                       STATUS
------------------------------ ------------------------------
SOE                            ACTIVE
SYSRAC                         INACTIVE
SYSRAC                         INACTIVE

I need to know because sometimes I use a script to kill all sessions and I dont know if I always need to exclude this session of my script (where username <> ‘SYSRAC’)

I’ve already research about it, but I just found about SYSRAC role from oracle 12c r2

The following is a list of new features or enhancements provided with
Oracle Database 12c Release 2 (12.2):

New Administrator Role

Oracle Database 12c Release 2 (12.2) provides support for separation
of duty for Oracle Database by introducing the SYSRAC role for Oracle
Real Application Clusters (Oracle RAC) management. SYSRAC, like SYSDG,
SYSBACKUP, and SYSKM, enables you to enforce separation of duty and
reduce reliance on the use of SYSDBA on production systems. The SYSRAC
role is the default mode and is assigned only the priveleges required
for connecting to the database by the clusterware agent on behalf of
the Oracle RAC utilities such as srvctl.

magento2.3.5 – Magento CE 2.3.5-p1 Admin error when editing product – Session ID is not used as URL parameter anymore

Having recently upgraded to community edition ver. 2.3.5-p1, and I’ve run into an error when editing a product in the admin.

While logged in, if I goto a product page to edit, e.g.

hostname/admin/catalog/product/edit/id/1/key/0f76b993ab32a0a1700d6f5c1e0ecbe55ac5d88004e0971e2ac4f26cc0e837e5/

I see the product name, then an error and nothing else as shown in the photo.

The error text is:
User Deprecated Functionality: Session ID is not used as URL parameter anymore. in /domains/hostname/http/vendor/magento/framework/Url.php on line 763

The only error I’ve been able to find in the logs is the same.

(2020-05-20 22:40:06) main.CRITICAL: User Deprecated Functionality: Session ID is not used as URL parameter anymore. in /domains/hostname/http/vendor/magento/framework/Url.php on line 763 () ()

Text

I hope somebody can offer a suggestion? Note that Session IDs are not visible in the URLs on the consumer frontend. However I do have the site open in the same browser as the admin.

Thanks

Don

Problem of secure connection with PHP and Mysql with session and cookie

Hi! I am trying to make a connection which gives the possibility to record the connected session. The typical "Remember me on this computer". To start a session as soon as you open the page even if the browser has been closed.

I tried to do this by creating a secure cookie which is saved as follows:

public function checkInicioDeSesion($email, $contrasena, $recordarSesion){
        $tiempo_inicio = microtime(true);

        $contador = 0;
        $sql = "SELECT * FROM $this->TablaDb WHERE EMAIL=:email";

        $resultado = $this->Conexion->prepare($sql);

        $resultado->execute(array(":email"=>$email));

        while($registro = $resultado->fetch(PDO::FETCH_ASSOC)){
            echo "

Email: " . $registro('EMAIL') . " | Contraseña: " . $registro('CONTRASENA') . "

"; if(password_verify($contrasena,$registro('CONTRASENA'))){ $cliente = new Cliente_Modelo(); $cliente->setIdCliente($registro('IDCLIENTE')); $cliente->setEmail($registro('EMAIL')); $cliente->setContrasena($registro('CONTRASENA')); $cliente->setReloginCliente($registro('RELOGIN_CLIENTE')); $cliente->setNombreCliente($registro('NOMBRE_CLIENTE')); $cliente->setApellido1($registro('APELLIDO1')); $cliente->setApellido2($registro('APELLIDO2')); $cliente->setNifNie($registro('NIF_NIE')); $cliente->setTipoCliente($registro('TIPO_CLIENTE')); $cliente->setTelefono1($registro('TELEFONO1')); $cliente->setTelefono2($registro('TELEFONO2')); $cliente->setIdCliente($registro('IDCLIENTE')); $contador++; } else{ echo "
";
                var_dump(password_verify($contrasena,$registro('CONTRASENA')));
                echo "

";
}
}

$ refer = $ _SERVER (& # 39; HTTP_REFERER & # 39;);

if ($ counter> 0) {

if (session_status () == PHP_SESSION_NONE) {
//chased "

There is no session. I will start now.

";
session_start ();
} other {
//chased "

A session already exists.

";
}

$ _SESSION (& # 39; Client & # 39;) = $ client-> getClientName ();
chased "

You have successfully logged in!

Welcome, ". $ _SESSION (& # 39; Client & # 39;)."!

";
print_r ($ _ COOKIE);
if ($ Remember Session == true) {
$ this-> setRelogin ($ client-> getEmail (), $ client-> getContrasena (), $ client-> getIdCliente ());

chased "

A cookie has just been created which will last 1 year.

";

/*chased "

Content of the loginCliente cookie: {$ _COOKIE (& # 39; loginCliente & # 39;)}

"; * /
}
header ("refresh: 10; url = $ refer");

$ end_time = microtime (true);
echo "Time spent:". ($ end_time - $ start_time);
} other {
if (session_status () == PHP_SESSION_NONE) {
//chased "

There is no session. I will start now.

";
session_start ();
} other {
//chased "

A session already exists.

";
}
chased "

An error occurred while connecting!

Please make sure you have entered the email and password correctly.

";
header ("refresh: 5; url = $ refer");
session_destroy ();
}
}

The setRelogin function creates a secure coookie which it also saves in the database:

private function setRelogin($emailcliente, $contrasenacliente, $idcliente){
        $combinacionRelogin;
        $EmailCifrado = password_hash($emailcliente, PASSWORD_DEFAULT, array("cost"=>15));
        $contraCifrada = password_hash($contrasenacliente, PASSWORD_DEFAULT, array("cost"=>15));

        $combinacionRelogin = $EmailCifrado.$contraCifrada;

        $combinacionSeguraRelogin = password_hash($combinacionRelogin, PASSWORD_DEFAULT, array("cost"=>15));

        setcookie("RLID", $combinacionRelogin, time()+60*60*24*365, "https://es.stackoverflow.com/");

        $sql = "UPDATE $this->TablaDb SET RELOGIN_CLIENTE=:ReloginCliente WHERE IDCLIENTE=:IdCliente";

        $preparar = $this->Conexion->prepare($sql);

        $preparar->bindValue(":ReloginCliente", $combinacionSeguraRelogin, PDO::PARAM_STR);
        $preparar->bindValue(":IdCliente", $idcliente, PDO::PARAM_INT);

        $resultado = $preparar->execute();

        if ($resultado) {
            echo "

¡Se ha actualizado correctamente el cliente!

"; } else { echo "

¡Ha habido algún error intentando actualizar el cliente!

"; } }

The problem arises when I try to connect with the session recording option. Apparently it does everything well. If I close the tab and open the page in another new tab, nothing happens. but if i close the browser it tells me it can't find $_SESSION('Cliente');

The function that tries to connect with the cookie is:

public function checkRelogin(){

        $tiempo_inicio = microtime(true);

        if(isset($_COOKIE('RLID'))){
            $sql = "SELECT * FROM $this->TablaDb WHERE RELOGIN_CLIENTE=:ReloginCliente";

            $preparar = $this->Conexion->prepare($sql);
            $resultado = $preparar->execute(array(":ReloginCliente"=>$_COOKIE('RLID')));

            //$registro = $resultado->fetch(PDO::FETCH_ASSOC);

            echo "
";
            echo "Edsgoigfoi";
            var_dump($resultado->fetch(PDO::FETCH_ASSOC));
            echo "

";

/ * if ($ record) {
chased "

";
                echo "el entone ";
                var_dump($registro);
                echo "

";
} * /

while ($ register = $ result-> fetch (PDO :: FETCH_ASSOC)) {

$ client = new Client_Model ();

$ client-> setIdClient ($ record (& # 39; IDCLIENTE & # 39;));
chased "

Client ID: ". $ Client-> getIdClient ()."

";
$ client-> setEmail ($ registration (& # 39; EMAIL & # 39;));
$ client-> set Password ($ register (& # 39; PASSWORD & # 39;));
$ client-> setReloginCliente ($ register (& # 39; RELOGIN_CLIENTE & # 39;));
$ client-> setClientName ($ record (& # 39; CLIENT_NAME & # 39;));
$ customer-> setLastname1 ($ registration (& # 39; LASTNAME1 & # 39;));
$ customer-> setLastname2 ($ registration (& # 39; LASTNAME2 & # 39;));
$ client-> setNifNie ($ registration (& # 39; NIF_NIE & # 39;));
$ client-> setTipoCliente ($ register (& # 39; CLIENT_TIPO & # 39;));
$ client-> setTelefono1 ($ register (& # 39; TELEPHONE1 & # 39;));
$ client-> setTelefono2 ($ register (& # 39; TELEPHONE2 & # 39;));
$ client-> setIdClient ($ record (& # 39; IDCLIENTE & # 39;));

chased "

Welcome back, {$ customer-> getClientName ()}!

";

// return $ client;
}

$ end_time = microtime (true);
echo "Time spent:". ($ end_time - $ start_time);

} other {
chased "

The RLID cookie does not exist.

";
}
}

Apparently, the same is not saved in the cookie as in the database … The result of the cookie is 120 characters but in the database, in phpmyadmin (with mariadb, by the way, I don't know if this will have to do), this shows me less, saying when you place the mouse over that the original is 60 characters (and that I have it as a varchar with a capacity of 255 ).

Greetings!

magento2.3 – Magento 2: Increase the client connection session to 24 hours

Magento version – 2.3.3

I am trying to increase the client logon session to 24 hours. Here are the changes that I have already made but that don't work.

1] Stores -> Configuration -> Web -> Default cookie sessions => Cookie lifetime – Changed this value to 86400.

2] edited the php.ini file and updated session.cookie_lifetime and
session.gc_maxlifetime both values ​​at 86400.

Please let me know if there is another fix or change that needs to be made

php – WordPress session scaling

I have around 30k to 40k sessions per day on the wordpress site,
I have enabled caching, the wp-optimizes plugin
I have php-fpm enabled my pool options are below:
max-request = 200
process idle time = 30
max-children = 40

my real-time statistics for on-site sessions sometimes go up to 300.
I sometimes experience downtime on my dedicated server.

Where am I going wrong?

my server configuration:

16 processors
each:
cache: 16384
2.20 GHz Intel (R) Xeon (R) D-2141I processor
2199.998 MHz

Memory: 4975220k / 17825792k available (kernel code 7784k, 1049112k absent, 532940k reserved, data 5957k, init 1980k)