Group items tagged

"Problems with the Sitecore 6 staging module part 2 - extranet user loses session"

Come hear how the Reactive Extensions ("Rx") framework takes care of the difficult parts of asynchronous programming by viewing asynchronous computations as push-based collections. Instead of focusing on the hard parts, developers now can start dreaming about the endless possibilities of orchestrating and synchronizing computations at a high-level of abstraction. In this session we cover the design philosophy of the new Reactive Extensions for JavaScript, rooted on the deep duality between the well-known iterator and the observer design patterns. From this core understanding, we start looking at various combinators and operators defined over observable collections, as provided by Rx, driving concepts home by a bunch of samples. Democratizing asynchronous programming starts today. Don't miss out on it!

"SQL Server Session State Problems"

The Sitecore Users' Virtual Group is dedicated to supporting the Sitecore community wherever they exist across the globe. We're excited to announce a monthly education series on Sitecore topics. We have some great speakers lined up for our first sessions, and we're looking forward to their deep expertise on Sitecore development. All sessions are free of charge and conducted over the web.

"Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "

Quite interesting article on keeping ELMAH secure

Classic Singleton vs. Singleton per Request vs. Singleton per Session

"Usersessions in sitecore (logout users from backend)"

Fix a Sitecore timeout issue with the editor.