Session Hijacking: JSESSIONID resets when changing to a valid one

I am trying to understand session hijacking, and I read that to avoid session fixation, the ID should be regenerated at the end of authentication, and I have implemented it in my application.

Playing a little, I discovered a site that doesn't do this.

Setting aside the session, as I understand it, if I copy the session ID of an authenticated session into another session (possibly with an identical user agent or more), I should be able to obtain the authenticated session. However, this particular site resets the session. (The mention of JSESSIONID is only so that if it is useful to locate the reason).

I wanted to know how the site can distinguish between the two requests: one, from the really authenticated session, and another, whose session ID was replaced by the first one. Is there an exhaustive list of things associated with a request that can help distinguish whether a request comes from a falsified session ID?

Apart from that, is a session fix with only http established if the server uses only HTTPS?

Thank you!

visas: can I get a new ESTA while I still have a valid one?

Your post is confusing. There is no "90 day visa". You are probably talking about the 90-day admission period in the Visa Waiver Program. When you enter the US UU. In the Visa Waiver Program, you are almost always admitted for 90 days (unless you have only been to Canada, Mexico or the Caribbean Islands since your last stay at VWP), regardless of how long you have stayed in previous stays.

To enter the Visa Waiver Program if you arrive by plane, you need an ESTA. (To enter by land, you do not need an ESTA). The ESTA must only be valid on the day of entry. The ESTA is valid for 2 years from when it was obtained. Therefore, as long as the day you plan to enter your next trip is before the end of the 2-year ESTA validity (even if it is the expiration date), you will be admitted to the Visa Waiver Program during 90 days, enough for a 6 week visit.

United States: the visa in the passport has expired, my i-20 is valid and I am changing the bachelor's to master's levels. Will the automatic revalidation rule apply to me?

I think you'll be fine. Automatic revalidation applies even when the nonimmigrant category changes, so a change in the details of I-20 should not be a problem.

See 22 CFR 41.112 (d) (1) (ii):

(d) Automatic extension of validity at the input ports.

(1) Provided that the requirements set forth in paragraph (d) (2) of this section are fully met, the following provisions apply to non-immigrant foreigners seeking readmission at ports of entry:

(i) The validity of an expired nonimmigrant visa issued under INA 101 (a) (15) may be considered to extend automatically until the date of the readmission application; and

(ii) In cases where DHS has changed the original nonimmigrant classification of a foreigner to another classification of nonimmigrant, the validity of an expired or non-expired nonimmigrant visa can be considered automatically extended to the date of readmission request, and the visa can be converted as necessary to that changed classification.

(2) The provisions of paragraph (d) (1) of this section are applicable only in the case of a nonimmigrant alien who:

(i) Is in possession of a Form I-94, Arrival-Departure Record, endorsed by DHS to show an unexpired period of initial admission or extension of stay, or, in the case of a qualified student F or J or Exchange visitor or the spouse or accompanying child of said foreigner, is in possession of a current Form I-20, Certificate of Eligibility for Nonimmigrant Student Status, or Form IAP-66, Certificate of Eligibility for Visitor Status of exchange, issued by the school that the student has DHS, or the sponsor of the exchange program in which the foreigner has been authorized to participate by DHS, and the issuing school official or program sponsor has authorized it to indicate the initial admission period or extension of stay authorized by DHS;

(ii) Request readmission after an absence that does not exceed 30 days only in contiguous territory, or, in the case of an exchange student or visitor or spouse or accompanying child who meets the provisions of paragraph (d) (2 ) (i) of this section, after an absence not exceeding 30 days in adjacent territory or adjacent islands other than Cuba;

(iii) has maintained and intends to resume nonimmigrant status;

(iv) request readmission within the authorized period of initial admission or length of stay;

(v) Is in possession of a valid passport;

(vi) Does not require admission authorization under INA 212 (d) (3); and

(vii) You have not applied for a new visa while you were abroad.

(3) The provisions of paragraphs (d) (1) and (d) (2) of this section shall not apply to nationals of countries identified as supporters of terrorism in the Department's annual report to Congress entitled Patterns of Global Terrorism .

(emphasis added)

See also 8 CFR 214.1 (b) (1) (iv), which is specific to the I-20 requirement for F-1 students:

(b) Re-entry of nonimmigrants under section 101 (a) (15) (F), (J), (M) or (Q) (ii) to complete unexpired periods of prior admission or extension of stay –

(1) Section 101 (a) (15) (F). The inspector immigration officer shall readmit for the duration of the state as defined in § 214.2 (f) (5) (iii), any nonimmigrant foreigner whose nonimmigrant visa is automatically considered revalidated in accordance with 22 CFR 41.125 (f) and request readmission under Section 101 (a) (15) (F) of the Act, if the foreigner:

(i) is admissible;

(ii) Requests readmission after an absence from the United States that does not exceed thirty days only in contiguous territory or adjacent islands;

(iii) Is in possession of a valid passport unless it is exempt from the requirement to present a passport; and

(iv) Presents, or is the spouse or child of an accompanying foreigner, an Arrival and Departure Record, Form I-94 (see § 1.4), issued abroad in connection with the previous admission or stay, the Form Foreign ID Copy I-20, and:

(A) A page 4 of Form I-20A-B duly approved if there has not been a substantial change in the information on the student's most recent Form I-20A since it was initially issued; or

(B) A new Form I-20A-B if there has been any substantial change in the information on the student's most recent Form I-20A since it was initially issued.

Programming practices: how to better handle valid but impossible entries?

Assuming you are writing in a language that is OO first instead of functional first.

Runtime Checks

Hard to read code? Why? You can start the method by expressing that certain values ​​are invalid. That should facilitate reading / comprehension.

Validation is a different concern anyway, you should know where it begins and where it ends, refactor your code so that it is easy to see, thus improving readability. If the code to validate the entry is really complicated enough to make reading difficult, that is a clue that you should extract the validation to another method.

I understand that there are some situations in which it is not obvious how to do it without compromising efficiency. For example, validating a list could mean iterating over it. And then repeat again to use it … Well, if you have a solution like Linq or similar, you should be able to write the validation code separately from the use of the list, while repeating it only once, thanks to Linq being lazily evaluated.

You can also avoid duplicate validation in the internal parts of the code … you could use conditional compilations, debug statements, code contracts or similar solutions to do additional validation only in development and testing environments.

Compile time checks

If you have a good code contract solution, it will be validated in the compilation.

Speaking of tools that validate the code … can you get or write one? I am thinking of a fluff or similar, which could verify the preconditions in the code and be added to build the integration. I know that such a tool is not always profitable, however, if your situation is specific and important enough, then that tool would be valuable.

However, it is better to express validations as part of the type system, so they are verified at compile time without the need for additional tools.

I could, for example, have a type Tand a guy ValidatedT, which can only be initialized with valid values ​​of T. Then your internal code will only accept ValidatedT (of course, with a better name), making sure that the validation has already happened, and regardless of how many methods ValidatedT the value is passed, the validation only happened once. This should also improve readability, as you could clearly see where you have T and where do you have ValidatedT. Not only that, but you could have ValidatedT for different situations …

I mean, if I say the guy string, What is it? A username? a product description? What? However, if I say the type Username, then you know what is in the system and you know that it is a valid value.

Oh, by the way, you can still get the benefits of an easier-to-read code, although without compilation time verification, if you use type aliases.

Why is the same exit address not valid in a transaction in Bitcoin Core?

It is not invalid.

The code you are looking for is not related to the validation and retransmission of real transactions. You are seeing the code for RPC that are just things for users. The RPC does not allow sending to an address several times because this is not efficient and is generally a user error.

But this is only to create an unprocessed transaction using the Bitcoin Core RPC. A transaction received through the network or in a block that has duplicate addresses at the exits would not be rejected or would not be valid in any way.

Strategy: Is it a valid or acceptable practice to develop a separate page to meet the accessibility requirements?

Recently I visited some websites that seem to be using outdated technology (for example, Flash) or that contain a large amount of complex front-end JavaScript code to create user interface interaction.

Some of these websites provide a link or button that takes you to an accessibility mode page that eliminates all unnecessary functions and provides only content that is optimized for screen readers and provides other accessible functions (for example, keyboard navigation ).

Since accessibility is so important today and that inclusive design is slowly incorporated into many of the standard design systems, is it acceptable to provide a separate page to meet accessibility guidelines (i.e. WCAG 2.0 )? Are there other reasons why this could be a better strategy / option in today's culture of design and development?

Allow the exchange server to send emails from any sender with valid SMTP authentication without delegation?

I am using Exchange Server 2019 and I really enjoy the product and security. One feature that I find great is that just because you have SMTP AUTH you cannot send as a sender unless that sender allows the SMTP authentication username to send on behalf of that sender. However, there are situations in which I send emails programmatically for my websites and applications through the REST API services and use an SMTP AUTH account to allow sending through my mail server, but it is possible that the name I'm not even on my exchange server, since it can be a person who refers a friend to a product, for example.

Is it possible to allow Exchange Server 2019 to send on behalf of the source address whenever SMTP AUTH is achieved?

the add-in does not have a valid header

Why did I receive this error after loading and activating my custom plug-in? "The add-in does not have a valid header"

enter the description of the image here

here is my header

 * Plugin Name: 
 * Description: 
 * Author: 
 * Version: 
 * Author URI: 

customs and immigration: B2 visa valid for one year, but did the passport receive the WT / WB stamp at the airport?

You must take one of the following actions before the December date that I assume is stamped or written in your passport:

  • Get your entry record corrected. You were admitted under the visa waiver program, but you should not have done so because you have a B-2 visa.
  • exit and re-enter the US UU.

When you enter the United States in the future with a visa, open your passport on the page that contains your visa before giving it to the immigration officer. This will reduce the possibility of an incorrect admission registration.

To correct your check-in, you can present yourself at a deferred inspection site. These sites are for those who "believe that the documentation and corresponding endorsements issued at the port of entry require review and possible correction" (among others):

Deferred inspection site personnel are also available to review and issue the necessary documents to remedy errors recorded in arrival documents issued at the time of entry into the United States regarding the incorrect classification of nonimmigrants, biographical information inaccurate or incorrect admission period, if appropriate. Any designated deferred inspection location or CBP office located within an international airport should be able to help you, regardless of where the actual document was issued.

Travelers are advised to contact sites not located within an international airport to set up an appointment, if necessary. In many cases, the location of your final destination where the discrepancy will be resolved may not be the port of your first arrival in the United States. Mail procedures are generally not available.

Deferred inspection sites will only correct errors made at the time of entry. You should contact the U.S. Citizenship and Immigration Service. UU. (USCIS) if you wish to: replace a lost, stolen or mutilated crew landing permit, Form CBP I-95; request to extend your stay in the United States; or, change your immigration status. Specific information can be found on the USCIS website.

If, on the other hand, you decide a quick trip to Canada, Mexico or the Caribbean, you must explicitly mention the officer who was admitted under the VWP even though you had a valid visa. Otherwise, the officer could readmit him for the balance of his initial admission period, since that is the usual procedure for VWP travelers who make quick trips to Canada, Mexico or the Caribbean.

You should also keep in mind that a 1 year visa It does not entitle you to remain in the United States for one year. The duration of admission for B-2 visitors is normally six months. If you plan to spend more than six months in the United States in total, you may have some explanations to make.

Also keep in mind that your last visit to the USA. UU. You do not need to finish before the expiration date of your visa: the admission period is independent of that. For example, if your visa were valid from September 1, 2019 until August 31, 2020, you could theoretically start a six month stay on August 31, 2020. The likelihood of this being allowed depends in part on the time spent in the United States in the recent past.

As an example of someone who did Understand that the period of validity of the visa does not dictate the duration of each stay, but that, however, got into serious problems, you may be interested in the history of Baxter Reid. Even the journalist who reports the linked story repeats his misunderstanding of the visa rules:

The Sydney man, Baxter Reid, 26, was in the United States on a five-year visa and had traveled to Canada as part of a requirement for him to leave and re-enter the United States every six months to keep his visa. valid.

A visitor's visa does not authorize someone to remain in the United States for the duration of the visa on the condition that they leave and return every six months; rather, it authorizes them to request entry for the duration of the visa. On each entry request, the immigration officer determines if the applicant is in fact a temporary visitor. It is likely that someone who spends more time in the United States than outside him is seen as a non-temporary visitor.

If a visitor is admitted in state B-1 or B-2, the immigration officer grants an admission period of six months to one year (8 CFR 214.2 (b) (1) and 8 CFR 214.2 (b) (2) ). This can be extended without leaving the country by submitting an application to the USCIS, but that option is not available to VWP visitors.

Differential equations: error when trying to solve elastic PDEs with FEM: "Compile :: argcompten: the comparison, LessEqual, is not valid for tensor arguments".

I am trying to solve the following linear elastic problem:

The number pairs next to each node are the coordinates in meters. The charges are in Newtons.

The part of the codes that probably don't have errors:


(* Load the FEM package *)
<< NDSolve`FEM`

(* Define the mesh *)
node = {
    {0., 0.}, {10., 2.}, {20., 0.},
    {2., 6.}, {5., 8.}, {17., 6.}
element = {
    {1, 2, 5, 4},
    {2, 3, 6, 5}
mesh = ToElementMesh(
    "Coordinates" -> node,
    "MeshElements" -> {QuadElement(element)}

(* Constants *)
e = 2.*^11 (* Pa, Young's modulus *);
ν = 0.3    (* dimensionless, Poisson's ratio *);
ρ = 7.8*^3 (* kg m^-3, density *);
h = 0.1    (* m, thickness *);
g = 9.8    (* m s^-2, gravitational acceleration *);

(* Loads *)
f = {
    {0.,     0.   },
    {0.,     0.   },
    {1.*^4,  0.   },
    {0.,    -1.*^4},
    {0.,    -1.*^4},
    {0.,     0.   }
  } (* N, nodal load *);
b = -ρ g (* N m^-3, body force *);

(* Strain (2x2) from displacement (1x2) *)
ε(u_) := Grad(u(x, y), {x, y});

(* Strain from stress (2x2) *)
σ2ε(σ_) := 1/e ((1 + ν) σ - ν Total@Diagonal(σ) IdentityMatrix(2));

(* Stress from displacement *)
σ(u_) := e/(1 - ν^2) ((1 - ν) ε(u) + ν Total@Diagonal(ε(u)) IdentityMatrix(2));

The last three definitions are:

$ boldsymbol { varepsilon} = nabla boldsymbol {u} $

$ boldsymbol { varepsilon} = displaystyle frac {1} {E} big ((1+ nu) boldsymbol { sigma} – nu ( sigma_ {xx} + sigma_ {aa}) mathbf {I} big) $

$ boldsymbol { sigma} = displaystyle frac {E} {1- nu ^ 2} big ((1- nu) boldsymbol { varepsilon} + nu ( varepsilon_ {xx} + varepsilon_ {aa}) mathbf {I} big) $

The mesh, for future reference:

The part where I'm not so sure:

The PDE operator, which is basically $ nabla cdot boldsymbol { sigma} $ :

(* PDE operator *)
op = Div(σ({ux(x, y), uy(x, y)}), {x, y});
opx = Flatten(op)((1)) (* x component *);
opy = Flatten(op)((2)) (* y component *);

Neumann boundary condition, which converts nodal charges into distributed charges:

nbc := Module(
        line = Line(node(({#1, #2}))),
        l, sum1, sum2, n, σ

    l = ArcLength(line);
    sum1 = Total(node((#1)));
    sum2 = Total(node((#2)));
    n = RotationMatrix(90 Degree).((node((#2)) - node((#1)))/l);
    σ = Total(
        f(({#1, #2})) {x + y - sum1, -x - y + sum2} / (l h (sum2 - sum1))

        NeumannValue((n.σ2ε(σ))((1)), {x, y} ∈ line) (* x component *),
        NeumannValue((n.σ2ε(σ))((2)), {x, y} ∈ line) (* y component *)
  ) &;
ΓN = Total@{
    nbc @@ {4, 5} (* Edge 4-5 *),
    nbc @@ {6, 3} (* Edge 6-3 *)

This converts the nodal load into pressure multiplied by the shape function of that node, and then finds the normal component.

Dirichlet boundary condition:

ΓD =
    DirichletCondition({ux(x, y) == 0, uy(x, y) == 0}, {x, y} == node((1))),
    DirichletCondition(uy(x, y) == 0, {x, y} == node((2))),
    DirichletCondition(uy(x, y) == 0, {x, y} == node((3)))

Solving the PDEs

uHat = NDSolveValue(
    {opx == ΓN((1)), opy + b == ΓN((2)), ΓD},
    {ux(x, y), uy(x, y)},
    {x, y} ∈ mesh

which is where the error occurs:

Compile :: argcompten: the comparison, LessEqual, is not valid for the tensor
Compile arguments :: argcompten: the comparison, LessEqual, is not valid
for tensor arguments. Compile :: argcompten: The comparison, LessEqual,
It is not valid for tensor arguments. General :: stop: additional departure from
Compile :: argcompten will be deleted during this calculation.