irigsoft

I try on Laptop Win 7 Chrome, it it's not work again. In my code (that I write above) is not change RemoteIP (using TUniGUISession(ASession).ARequest.RemoteIP) when I change network

Yes, I will try.

I try it with mobile device Samsung (Android 10 Chrome + WebView), RedMi (Android 10 Chrome) , Lenovo Tab 3 (Android 5.0 Chrome) I use uniGui Proffessional 1551 and Desktop StandAlone Application for Server

Hello, How to make some protection from Session Hijackas is explaned here: https://www.linkedin.com/advice/1/what-best-ways-prevent-session-hijacking#monitor-and-audit-sessions? Is there a way to protect the app from session token theft? here https://www.imperva.com/learn/application-security/session-hijacking/ they talk about how to protect the user with: Prevention is the most effective strategy against session hijacking. For users, this includes basic security practices such as avoiding public Wi-Fi for sensitive transactions, using VPNs, and keeping software up to date. It’s also important for users to be aware of phishing tactics and to understand the importance of logging out of sessions, especially on shared computers. but how to secure communication between server and client? Is it somehow possible to: 1. We get the session ID generated when the session was opened 2. We get some user data that is unique to this session 3. Add some variable from the server 4. with points 1 + 2 + 3, we create a unique token for this session and its user data So when someone tries to use a hijacked session id, the server knows about it? like here is explained: For web developers and organizations, prevention requires a more technical approach. This includes implementing HTTPS across all pages, using secure cookies, and adopting robust session management practices. ...... Developers play a crucial role in preventing session hijacking by building security into their applications. This includes: Additionally, developers can utilize custom session handlers that store session data more securely and regenerate session IDs after a successful login, further reducing the risk of session hijacking Creating strong session management mechanisms Monitor and audit sessions: https://www.linkedin.com/advice/1/what-best-ways-prevent-session-hijacking#monitor-and-audit-sessions (this is already applyed) Employing secure coding practices to mitigate XSS and other vulnerabilities Using multi-factor authentication (MFA) to add an extra layer of security

No, I don't know why but when creating the new session the RemoteIP is for example 123.123.123.123 After I change the network (from Wi-Fi to Mobile they are from different operators) and try to keep working with my StandAloneApp, through the function TUniMainModule.UniGUIMainModuleHandleRequest I check what is TUniGUISession(ASession).ARequest.RemoteIP, it is always the same (123.123.123.123) as when opening the session. I think the RemoteIP should change but even after 5 minutes it still hasn't, and session is still Alive!?! @Sherzod, I must to say that I change network to User's mobile device, not at Server !

Thanks, but this not work. RemoteIP is always the Same !!! My code (uniGUI_runtime_1.90.0.1551 - Proffessional) : 1. procedure TUniMainModule.UniGUIMainModuleCreate(Sender: TObject); begin mInnerSessionID := UniSession.RemoteIP; end; 2. procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); begin if (mInnerSessionID <> TUniGUISession(ASession).ARequest.RemoteIP) then begin Handled := True; TUniGUISession(ASession).Terminate ('Session is closed'); end; end;

My case is this: 1. The user is connected to public Wi-Fi 2. a new session is created and the server knows from which remoteIp 3. after 15 minutes, as the User works with the open session, the Wi-Fi signal is lost and automatically connects to a mobile network on his phone 4. The session has not timed out and the session has not been terminated, but the user's IP address has already changed. I need to know when point 4 happens, is this possible? I try via TUniMainModule.UniGUIMainModuleHandleRequest get it from TUniGUISession (ASession).RemoteIP, but the IP doesn't change, the RemoteIp is always equal to what we started the session with ! is there some Global variable that collect this information ?

Thanks I will try it.

is possible to give me some kind of code example ?

Yes. How to use it on uniEdit.ClientEvents.ExtEvents ['keydown'] ?

Hi. uniMainMOdule public ReplacePswCnt : Integer; 1. FormCreate ReplacePswCnt := 5; 2. uniEdit.ClientEvents.ExtEvents.Values ['keydown'] 3. I enter some key and result must be (ReplacePswCnt + 5) = 10: alert ('key=10'); 4. result nothing is happening !

Hello. I need to read (and use) value in MyVariable declared as public on uniMainModule I have uniEdit.ClientEvents.ExtEvents keydown and I want to show alert with MyVariable value, is it possible to do it? function keydown is hardcoded on uniEdit, so is not possible to use it when form is created.

if the user does nothing then i also close the session if no answer of question My idea is to keep a small amount of sessions active, so if I don't get a response, I terminate that session. If the user works in the system, each of his actions resets the counter for displaying the message, so the time until the message is displayed starts running when there is no activity

Because server send ShowMessage with callback, then server can wait client to answer. At this point i set Y seconds to wait from answer, if no answer then server kill session. This works even if the browser tab is closed!

UniServerModule.SessionTimeout this is how many miliseconds server will wait for answer from client. (on client side)

You not understand my logic. I have 3 time period expired: 1. Session Ajax request - uniServerMоdule.AjaxTimeOut 2. Session Timeout - uniServerMоdule.SessionTimeout 3. Time to wait answer from client (Y seconds) and then if no answer (If browser is dead) a Server kill session. 3.1 I have settings how many time for one hour to ask from user answer of "Are You there" ? 3.2 I have settings how many seconds will wait from this answer before kill session So try my code and please write results. uniTimer event is Server Side event, so I don't need answer from client to kill session. I will give you point 4. Try to save in database Session_ID when open session, then on every X minutes/seconds just kill it !

"TuniTimer REQUIRES that the BROWSER send the timer event" - I thing this is not true ! Because if you try to set uniTimer.Chainmode = False then no action will execute. I have on MainForm uniLabel that show every second Date/Time from server. If no server then no label.caption will be changed, this is because action start from server and go to client. Try my proposal and see that is not like You thing. That is because Server wait Y seconds and close if no action from user

Hi, I have simple solution. 1. My session will be closed (on server side) if no user action in X minutes 2. I ask every 15 minutes client to confirm question (Are You there) 2.1. When I ask from user confirmation i wait Y seconds to confirm 2.2 if no answer after Y seconds (browser tab is closed, browser hang on or else) , then server close this session I hope this can help:

Please add, if possible, other web server encoding options like Brotli and/or zstd to speed up compression and loading. Here's some info if it might be helpful: https://blogs.embarcadero.com/flexible-brotli-compression-library-for-your-delphi-c-builder-vcl-and-fmx-apps/ There are more different libraries based on different compression algorithms and more modern techniques, for instance, the Brotli – Brotli is similar in speed with deflate but offers more impenetrable compression. Brotli is open-sourced under the MIT License by Google. https://forum.lazarus.freepascal.org/index.php?topic=43211.0 Quote from: asdf121 on November 14, 2018, 09:03:50 pm Probably not, at least not anytime soon. But there is nothing stopping you from implementing your own Compressor class for it, and then use it with TIdHTTP. And if you get something working, you can always submit it for review for a possible future inclusion. https://stackoverflow.com/questions/60026043/decoding-brotli-in-delphi I can't speak for ICS, but Indy does not natively support Brotli at this time. But it is possible to manually set TIdHTTP is accept Brotli on HTTP responses if you are prepared to decode the Brotli data manually. – Remy Lebeau Feb 2, 2020 at 18:07

Hi. How can set Accept-Encoding with more than gzip, deflate There : https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding are more possible values, how can I use them: Accept-Encoding: gzip Accept-Encoding: compress Accept-Encoding: deflate Accept-Encoding: br Accept-Encoding: zstd Accept-Encoding: identity Accept-Encoding: * at least can I add br - Brotli from Google https://eu.siteground.com/blog/brotli-vs-gzip-compression/ "Gzip was originally intended to compress files and has been adapted to compressing streams so it could work on the web. Brotli on the other hand, was designed from the beginning to compress streams. This makes it a better choice for web servers to compress content before streaming it to a browser." https://learn.microsoft.com/en-us/iis/extensions/iis-compression/iis-compression-overview here are some comments from the Embarcadero if that might be helpful: https://blogs.embarcadero.com/flexible-brotli-compression-library-for-your-delphi-c-builder-vcl-and-fmx-apps/ https://stackoverflow.com/questions/60026043/decoding-brotli-in-delphi https://forum.lazarus.freepascal.org/index.php?topic=43211.0

can you try to set : position: relative based on: https://stackoverflow.com/questions/32033104/element-disappears-when-not-setting-opacity-0-99 try this : Method 3: Set opacity to 0.99 Setting the opacity of the element to 0.99 can also fix the z-index issue on Safari. This is because Safari treats an element with opacity less than 1 as a new stacking context. By setting the opacity of the element to 0.99, you can prevent it from overlapping with other elements.(15.03.2022 г.) https://github.com/vaadin/vaadin-form-layout/issues/110#issuecomment-497676969

Hi, what browser you use on mobile device, name and version can you tell me ?

this is know issue on Safari: This should probably fix your issue on safari -webkit-transform:translate3d(0,0,0); full example: { -webkit-transform: translate3d(0, 0, 0); transform: translate3d(0, 0, 0); position: absolute; z-Index: 900000 !important; } https://stackoverflow.com/questions/40895387/z-index-not-working-on-safari-fine-on-firefox-and-chrome https://ecomgraduates.com/blogs/news/fixing-z-index-issue-on-safari-browser https://www.flowradar.com/answer/causes-of-z-index-issues-sticky-header-safari-webflow

https://www.wolfe.id.au/2012/10/20/what-is-hmac-authentication-and-why-is-it-useful/ Hi, I'm adding a topic about using basic authorization here. If anyone can help how to use HMAC in it, I will be grateful:

@Sherzod at this example how to: 1. set another users and pass ? 2. how to set Authorization Header with HMAC values ? like this example: https://www.wolfe.id.au/2012/10/20/what-is-hmac-authentication-and-why-is-it-useful/ 3. Is possible to apply Authorization Header (with HMAC) on every request after user log in, and how ?