44,196 questions
1
vote
2
answers
57
views
Flask redirect causes session details not modified
I am building a simple shopping cart using cookie sessions to keep track on the content of the shopping cart.
I just added a function that would remove single item from the list of items. But I ran ...
- 43
0
votes
0
answers
73
views
Extracting skills and professional experience from career networking platform profiles
I am automating login to a session-based website using Playwright, then reusing the extracted cookies in Python's requests library to call a protected API endpoint. The login works fine, but my ...
- 1
0
votes
0
answers
64
views
Fetching another container from nextjs middleware in docker
I have a docker structure which contains backend (binded on localhost:3001) and frontend (binded on localhost:3002). In my frontend which uses NextJS framework, I have a middleware that check if the ...
- 13
0
votes
0
answers
42
views
Cookie is not created in Blazor Server App
I'm working on a Blazor Server App which has to authenticate via LDAP (it works), and set a cookie so that the user must authenticate only e.g. once a week.
I have created a minimalAPI in the program....
- 21
Best practices
0
votes
0
replies
60
views
Store credentials session in the database or use JWT in AuthJS, NextJS?
Which session management strategy should I use in case mixing credentials and OAuth logic in AuthJS (next-auth) ? In official docs there is a recommendation to store everything in the db. It doesn't ...
1
vote
1
answer
77
views
Rails 6, session keys are strings, contrary to all guides
I have been battling unreliable sessions with an old Rails project that has been maintained and upgraded for years.
A problem that has been getting worse over the years is that sessions are unreliable....
- 193
Advice
2
votes
4
replies
94
views
What's the difference between server.servlet.session.timeout, server.servlet.session.max-age and spring.session.timeout?
I followed this tutorial to get my authentication session up and running. However, I am unsure of the differences between spring.session.timeout, server.servlet.session.timeout and server.servlet....
- 306
0
votes
0
answers
52
views
How use event 'after_bulk_update' in @event.listens_for() for sqlalchemy?
I try use SQL event "before_update" but it is not have reaction for method update(). I need "after_bulk_update" but it not have reaction on update() in my code too. I won't clear ...
0
votes
0
answers
27
views
Using BFF-Session Auth - How to configure express session when deploying as SWA and Container App
I tried to follow this example of setting up an Session based authentification:
https://www.heise.de/hintergrund/Keine-Chance-dem-Token-Klau-Das-Backend-for-Frontend-Pattern-10988224.html?seite=all
...
- 105
1
vote
0
answers
87
views
Tensorflow C API: First TF_SessionPRun() complains "Local rendezvous is aborting with status: CANCELLED: PRun cancellation" and subsequent calls fail
I am trying to use TF_SessionPRun() from Tensorflow C API.
I want to do consecutive calculations over a period of time. I do not have all the data available at the moment, data is streaming from an ...
- 11
Best practices
1
vote
1
replies
62
views
Where should I create the application session when using an internal SSO (Gin + OAuth2)?
I’m integrating an internal SSO (OAuth2) into a web application using Gin (Go), and I’m a bit unsure about the right place to create the application session.
The SSO is the only authentication ...
- 25
0
votes
0
answers
104
views
.NET 8.0 getting session and authorization working together
I am having problems understanding how to get .NET 8.0 session and authorization working together.
Most of my controllers are decorated with the Authorize attribute, and I am accessing session ...
- 13.8k
0
votes
0
answers
52
views
Users getting 401 "Unauthorized" error after direct database credential/session deletion - Keycloak 26.3.0
Environment
Keycloak Version: 26.3.0
Deployment: Kubernetes (multiple pods)
Database: Oracle
Issue: Persistent 401 errors after database manipulation
Error message screen
Problem Description
After ...
0
votes
2
answers
158
views
My authentication setup requires a setTimeout before redirect to allow cookies to write in the browser
Authentication flow:
User is redirected back to my site (to /auth/callback) after logging in with a 3rd party. The redirect back includes query params. The React function on the callback page sends ...
- 7
0
votes
0
answers
73
views
how to save the client-id from request cache when a user is redirected to the spring authorization server?
I have implemented or extended on top of Spring Authorization server. I have a authentication controller that accesses the client-id from the RequestCache object.
Now, I have built a sample OAuth app ...
- 1,430
0
votes
0
answers
113
views
How to recognize a user even after clearing cache and data?
I'd like to implement a system that allows recognizing a user even after the app's cache and data have been cleared from the system settings, as X (Twitter) appears to do.
However, I can't figure out ...
- 4,638
-1
votes
1
answer
86
views
SQLAlchemy session initialization in Command pattern [closed]
A question on consideration for case/approach choice.
Let's say we have an app that has an ORM model and also uses simple realisation of the Command pattern. Inside of each command we need to ...
- 341
0
votes
0
answers
94
views
How to save global variable in Spring application
I need to integrate with a third-party system. I need to authenticate there and obtain a sessionId. So, my application will have a URL, login, and password to obtain a sessionId. But to avoid having ...
- 1,583
0
votes
0
answers
66
views
Laravel session lifetime on recursive ajax
I'm using laravel 8 with SESSION_DRIVER=file
I have code that run like below, and I have a problem why the recursive not extending the expired time of session?
Each process take 30sec, but after ...
1
vote
1
answer
153
views
gin-contrib/sessions creating new session for every request
I'm trying to use gin-contrib/sessions but every time I make a request to the server a new session is created. It is never finding a previously created session and I can't access any data that should ...
- 799
0
votes
0
answers
72
views
How to suppress redundant update in Hibernate when insert + update happen in same transaction (trigger firing twice)?
In my Jakarta EE application (EJB + JPA with Hibernate), I have the following scenario:
A Contact entity is created (INSERT).
Immediately after creation, for some business reason, the same entity is ...
- 347
0
votes
0
answers
76
views
Need help updating token in next auth. (next.js app router)
I have a Next.js frontend and NestJS backend.
In the backend there is token generation with refresh token rotation logic, and I want to use the same tokens in the frontend with NextAuth setup.
Here’s ...
1
vote
1
answer
120
views
Check $_session does not appear to be working for Location but does for outputting html based on condition
I have the following file
/common/session.php
<?php
session_start();
$secret = getenv('SECRET');
$userinfo = array(
'private'=>$secret
);
if(isset($_GET['logout'])...
- 3,347
0
votes
1
answer
250
views
Prevent session collision / override from cross-site requests when using SameSite=lax
I am using session ids to enable various features for logged and unlogged users on my website. This include matching the csrf token to the session id.
I store the session id as a SameSite=lax cookie.
...
- 91
1
vote
1
answer
72
views
Alamofire network api request for uploading images failed on putting application into background ios
The updated API request which support background execution, for uploading images to server.
UIApplication.withBackgroundTask(name: "UploadImage") { endTask in
self.ShowHUD()
...
- 133
0
votes
0
answers
83
views
SpringBoot 4 Redis session and ViewExpiredException
I'm trying to create the skeleton for a new web app, with SpringBoot 4, JSF 4 and session cluster with redis. Everything works until I try to replicate Spring session with Redis.
This is abstract of ...
- 1
3
votes
0
answers
97
views
How do I generate a stable document ID for SQL executions when polling Oracle gv$session into Elasticsearch via Logstash?
I’m building a pipeline that polls Oracle’s gv$session joined with gv$sql every 5 seconds to track query executions. Each poll returns multiple rows (one per active session), and I need to aggregate ...
0
votes
1
answer
143
views
Keycloak + Symfony (KnpU OAuth2Client) users getting logged out after ~30–60 minutes despite long session settings
I'm integrating Keycloak with a Symfony app using knpuniversity/oauth2-client-bundle and a custom authenticator. The flow works fine, but my users (and myself) are getting logged out after about 30–60 ...
- 167
1
vote
0
answers
110
views
supabase-js v2: PKCE session lost after tab switch (persistSession + autoRefreshToken not working)
Using @supabase/[email protected]
PKCE flow enabled
Config: persistSession: true, autoRefreshToken: true
On tab switch → auth.getSession() returns null
Question: Is this a known bug with PKCE session ...
1
vote
1
answer
75
views
Session variables are not set on mock request Fat Free Framework
I am trying to write Tests for my App. In the controller I set a message in the session:
$f3->set('SESSION.error_message', 'Some error');
I my test I mock a request to that route and try to check ...
- 440
0
votes
0
answers
118
views
Preferred approach for handling session expiration due to inactivity with django + react
I have looked all around for this and read through the docs but still cannot seem to find the exact answer I am looking for.
I have a web app using auth0 that requires inactivity timeout of 20 minutes....
- 513
1
vote
0
answers
58
views
req.session returns without data, session cookie exists but data missing (Express + Render/Vercel)
I’m trying to deploy a MERN stack website that I’ve been working on locally. While everything works fine locally, after deploying to Render and Vercel, I can’t access session data through req.session. ...
- 11
2
votes
1
answer
215
views
IFrame integration within salesforce
I'm developing an CPQ system and I want to integrate it as an iframe within salesforce or any other CRMs.
There are few problems,
A Session needs to be maintained for authentication and authorization
...
- 65
0
votes
1
answer
43
views
Incognito Tabs, different sessions in Spring
Is it possible to handle in Spring Web App that two incognito tabs (within the same profile, e.g. Chrome) have different sessions? Currently, as far as I can see, two tabs have the same sessionId. Is ...
- 13
1
vote
1
answer
189
views
How to enforce authentication and redirect on client-side navigation in SolidStart?
I'm building a SolidStart app using the latest version (1.1.0) and cookie-based sessions for authentication.
To check if a user is logged in, I created a server query() function called getUser() that ...
- 21
2
votes
1
answer
272
views
How to get remaining ASP.NET Core session expiry time to return it to the client?
I'm working on an ASP.NET Core Web API where I use session middleware with a configured idle timeout, e.g.:
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(20);
});
...
- 1,344
1
vote
1
answer
363
views
Laravel 12 creates a new session on each request
I created a new Laravel 12 application following the Installation guide. The project is generated correctly and I ran all migrations.
When I run php artisan --version I get: Laravel Framework 12.20.0 (...
- 917
1
vote
1
answer
72
views
OpenCart 4.x: AJAX request returns "Invalid token session" despite valid user_token
I'm developing a custom OpenCart 4.x module that adds a button to the order page to log order data via AJAX. The button makes a GET request to my custom controller, but I'm getting an "Invalid ...
- 99
0
votes
1
answer
100
views
How to go from Rust Async-Session's Memory Store to a production setup?
I am currently using Rust Async-Session's Memory Store as a session storage (because I followed the OAuth example in Axum examples). While my code works, the module for Memory Store explicitly states ...
- 235
1
vote
0
answers
276
views
Internal server error "Cannot read properties of undefined" during Google OAuth
I created authentications using Better-Auth and Google as the auth client. I have the correct URL for the authorized JavaScript origins and for the authorized redirect URL and I believe my set up is ...
- 11
0
votes
0
answers
69
views
Next.js : signout user do not unauthenticate the session on production why
I'm facing an inconsistent logout issue in a Next.js app using next-auth. The user is redirected after calling the logout function, and tokens are supposed to be cleared. While most of the time ...
0
votes
2
answers
188
views
Nginx on aapanel blocks PHP session cookies on cross-domain POST requests, causing Laravel 419 error
Hello,
I'm facing a persistent session/CSRF issue with my Laravel SPA setup on aapanel, and I've concluded the problem lies within the server configuration.
Setup:
Frontend (React): https://andiamo....
0
votes
1
answer
283
views
Is using HttpOnly cookies to manage AWS Cognito access and refresh tokens a secure and recommended approach?
We're implementing authentication for multiple SPAs across subdomains of the same parent domain (e.g. app1.mycompany.com, app2.mycompany.com) using AWS Cognito, a custom login UI, and a centralized ...
- 37
0
votes
0
answers
234
views
Caused by: java.lang.ClassNotFoundException: Didn't find class "com.google.firebase.sessions.SessionLifecycleService"
In the new 12.8.6 version of our app, we removed the Firebase Crashlytics component. However, after release, we found that the SessionLifecycleService service from the firebase-sessions component—...
0
votes
0
answers
42
views
session timeout not working in lex chatbot
There is a lex chatbot created in AWS.Session timeout is not getting detected in lex chatbot despite configuring the session timeout to 1 minute.
Even lambda function created on the code hook intent ...
0
votes
1
answer
73
views
SM-AAD and retrieve objectId from persisted claims
I have a technical profile for login, that also include UseTechnicalProfileForSessionManagment = SM-AAD. Once user is fully authenticated; I have another Journey that allows them to change their ...
0
votes
0
answers
95
views
OpenIddict asociate refresh tokens with session
I’m migrating from IdentityServer4 to OpenIddict. Previously, I had functionality that associated refresh tokens with sign-in sessions. This was done so that refresh tokens could be revoked if the ...
-1
votes
1
answer
99
views
Symfony 6 functional test can't get session value
After an update from SF5 to SF6 I'm unable to get session value set in a functional test in my tested service. The service is called by the controller from the route '/myurl/'.
Here relevant part of ...
- 707
0
votes
0
answers
72
views
Securing & Verifying Remember Me Cookie/Token Is From The Same Person/Environment After User Has Been Logged In To Website?
TLDR - How can I be sure that the users login token being sent to my site is actually legit and originates from the original user? In the event that an auth cookie was stolen from someone after they ...
-5
votes
1
answer
76
views
How to save my cart to my database in symfony? [closed]
Im trying to come up with a way to save my cart to my database as a order, but cant figure out how, the tricky part for me is how to fill the data of my cart items in the order, i want the order to be ...
