7 – url with parameter – anonymous vs registered users

I have a type of content that only registered users can create. The link where users click to access the edit page is /node/add/my_content_type?abc
(I use the abc parameter so that the Rules module can act on that later).


Anonymous users are redirected to the login page by clicking on that link. After logging in, the user is redirected to /node/add/my_content_type, however, the parameter abc It is gone.

I can solve it by creating the url with a coded question mark like this: /node/add/my_content_type%3Fabc

This works for an anonymous user (the redirected URL contains the abc parameter); however, if a connected user clicks on that link, it is only redirected to /node/add (my_content_type%3Fabc omitted).

What would be the best solution here? Thank you.

Anonymous authentication of the SharePoint communication site (modern) does not work

I created a SharePoint (modern) communication site and enabled anonymous access through the web application and site collection level, and when the anonymous user logs into this site, it shows a pop-up window for authentication.

anonymity – Practicality of direct anonymous certification

DAA (direct anonymous certification) is not the only scheme to achieve anonymous certification. In general, these schemes allow an entity to remain anonymous throughout the certification process. The concern here is not the certification but the revocation of the key. The TPM / FIDO DAA scheme requires maintaining a false list of compromised private keys to make revocation possible. But the assumption that the compromised device will have its public key filtered publicly is naive. In fact, in many scenarios, a hacker may not reveal a compromised key. This key can be used for attacks such as denial of service attacks, etc. Since the identity of the device is anonymous to the service provider, there is no way for the service provider to differentiate an attacker from a genuine user.

What makes it worse is to have the private key stored / protected using the hardware key store or HSM (Hardware Security Module). A hacker can have the knowledge to hack and extract the private key of an HSM using the zero-day vulnerability. Since the private key is designed not to generate a private key in flat format. Therefore, even if a user acknowledges that their device is compromised, but there is no way to inform the authority, since it is not possible to extract the private key as a normal user.

Therefore, does DAA sound like a wonderful technology but is not commercially viable?

How to get rid of anonymous sessions on my Drupal 7 site?

In a Drupal 7 site taken from a former colleague, sessions for anonymous users are always generated as the following screenshot:
enter the description of the image here

The security scanning service provider always states:

Our company also noted that the application states
Cookie "SSESSd84a1fe63b666c4294afc5029aa95bfd" before authentication
and does not update the session cookie value even after
authentication but as the user cannot fix the session
updating the cookie, it was not reported as a separate finding.

I am a rookie Drupaler. I installed a new Drupal 7 site from scratch, and there is no such cookie. But on Drupal.org, there is. I also verified the contributed modules on my site, disabled the 2 most suspicious modules (login_destination and betterlogin), I still had no luck. I added a line "ini_set (& # 39; session.cookie_lifetime & # 39 ;, 0);" in the settings.php file, no luck again. I don't know how to do next.

Magento Anonymous price block

I have a problem:

If you choose any default magento 1 theme (rwd, default, modern, base, etc.), the name of the price block is anonymous.

The only thing you found in catalog.xml is this:

This block should already be named, since there is a name set in this code, but it is not. The suggestions of AOE and the amazing FPC are also anonymous as a name for this block. How can I name this block? Maybe they are some orphan things, not established, I don't know. I'm stuck here for days. 🙁

VPS Offshore Servers Bulgaria – Anonymous Host Protected by Privacy – Multiple Payment Gateways

Offshore The | Privacy made easy

OffshoreDedicated provides simplicity and freshness to keep your website running. We are committed to providing reliable anonymous offshore accommodation with protection against any intrusion, while maintaining the rights of our clients to full freedom of information and independence.

We value and treasure freedom on the Internet because this is one of the few places where it still remains. We have always carefully protected customers' websites from all attacks and claims. Our company's policy, combined with experience, technical professionalism and proven agreements with data centers, ensure that all data on our servers is fully protected from the intervention of authorities, owners of annoying rights. We are constantly improving skills; We offer the latest solutions available in the market. Our services are characterized by high performance and network availability. We offer these services continuously since 2013. Our business partner offers proven network solutions and techniques.

Is it time to leave the normal web hosting account but not really ready for your own dedicated server? Then VPS is the perfect choice! Your VPS servers will be located on trusted Supermicro servers with Intel Xeon CPU, ECC RAM and enterprise-grade hard disk arrays. The servers are never overprovisioned, which means you will have enough power to run your applications at any time.

Bulgarian offshore VPS

No content limitation *, protected privacy, compromised quality


1 vCPU
1 GB of RAM
15 GB SSD storage
Traffic not measured
100 Mbps uplink
1 x IPv4
Full root access
Virtualization – KVM
~ 3 hours of setup time
Price $ 14.99 / MONTH
Click here to buy


2 vCPU
2 GB of RAM
25 GB SSD storage
Traffic not measured
100 Mbps uplink
1 x IPv4
Full root access
Virtualization – KVM
~ 3 hours of setup time
Price $ 24.99 / MONTH
Click here to buy


3 vCPU
3 GB of RAM
35 GB SSD storage
Traffic not measured
100 Mbps uplink
1 x IPv4
Full root access
Virtualization – KVM
~ 3 hours of setup time
Price $ 34.99 / MONTH
Click here to buy

Why choose us

  • No content limitation
  • Privacy protected
  • Committed Quality
  • Always learning
  • 99.99% network availability
  • Performance without compromise
  • Fast provisioning
  • Exactly as you want
  • Heroic support

& Much more!

Payment methods: Payoneer (+ bank and card payments), WMZ, Perfect Money, PayPal and BTC / ETH / LTC and more.

If you have any other questions, feel free to open a ticket after registration OR send us an email to Info@OffshoreDedicated.net Or contact us via Skype.

Contact details:

Web: https://offshorededicated.net/
Email: info@offshorededicated.net
Skype: OffshoreDedicated

Authentication: Can I use a hash encryption feature to prove my authorship of an anonymous article?

From what I understand, hash functions are unidirectional functions. Let's say I want to publish an opinion article anonymously, but there is a possibility that I want to prove later that it was I who wrote the article. Is it possible for me to simply put my identification information, such as my name, date of birth and social security number, in a cryptographic hash function and place that hash as my "pseudonym"? The question is the same as the Denied Authorship Test, but I don't understand the answer, and I'm not sure if the answer refers to the use of a hash function.

If this works, are there any disadvantages? Are there common mistakes people like me make? I don't see a way to break this function other than entering the identification information of each person in the world and see if it matches the pseudonym.

Also, what is a PGP? When I was searching for my question on the Internet, this term appeared quite frequently.

Let me know if this is not the right place to post this question.

8 – How to handle the session for anonymous users for CSRF tokens?

I need to provide a list of CSRF tokens in drupalSettings for each anonymous user so that JS can make secure requests to API endpoints.

The CSRF service mentions the need for a session for the seed, but I am not sure how to create the session correctly. I tried several approaches, but none seems to work properly.

So far I have tried:

if (session_status() === PHP_SESSION_NONE) {
// or
// or
// or
// or
// or

I'm trying this on my route controller hook_page_attachments_alter.

This is my code:

 * Implements hook_page_attachments_alter().
function foo_page_attachments_alter(array &$attachments) {
  // Needed for persistent, per-user, csrf tokens.
  $session = Drupal::request()->getSession();
  if ($session->isStarted() === FALSE) {
  // or

  /** @var DrupalCoreAccessCsrfTokenGenerator $csrf */
  $csrf = Drupal::service('csrf_token');

  $attachments('#attached')('drupalSettings')('foo')('tokens') = (
    'pathA' => $csrf->get('/pathA'),
    'pathB' => $csrf->get('/pathB')

  // or

8 – Is it possible to provide a temporary role to an anonymous session?

The use case is to provide a set of permissions to an "anonymous" user, that is, we do not know who they are and have not connected, we only have their IP range to confirm where they come from (yes, I know … no It is a system that I would design :)).

I don't necessarily know what permissions these users need in the future, that is, it can be access to certain types of nodes, it can be access to certain file entities … it will be a set of evolving permissions that should be configured later as A role would be.

Is it possible to define a role and then temporarily assign it to anonymous sessions that meet our criteria? I tried tentatively using an EventSubscriber to verify each time our module is loaded, but that doesn't work because obviously we can't really "save" an anon user, that is:

class CivicrmIpAccessSubscriber implements EventSubscriberInterface {

  public function CivicrmIpAccessLoad(GetResponseEvent $event) {
    $proxy = Drupal::currentUser();
    $roles = $proxy->getRoles();
    if ($roles === ('anonymous')) {
//Business logic to determine if a user gets access would go here
      $user = User::load($proxy->id());
//This user save doesn't work, and I wouldn't have really expected it to but I tried it

   * {@inheritdoc}
  public static function getSubscribedEvents() {
    $events(KernelEvents::REQUEST)() = ('CivicrmIpAccessLoad', 250);
    return $events;


Is there a good way to achieve something like this for a session? I feel that an anonymous user is barking the wrong tree and the session would be correct, but I'm not sure how to interact with the access from there.

anonymity: access control for anonymous users

What is the formal name, and description, of the problem of giving users access to a resource exactly once each without requiring them to identify themselves?

In other words, having a system that is capable of giving away access tokens to users provided they have never obtained any before.

Assuming that users can perform cryptographic functions, and it can be assumed that they have personal certificates signed by the system, but do not wish to disclose to the system for access.

Is there such a model? Is there a problem so well described?