Session ID in SQLCMD running multi-batch script

My script contains multiple GO keywords. I know that SQLCMD interprets GO as a batch delimiter, so the code is not run as a single block but instead each part between the delimiters (a batch) is run separately. My question is, are all batches executed in the same session?

I tried testing this using a simple script like this:

SELECT @@SPID GO  SELECT @@SPID GO  SELECT @@SPID GO 

I then ran the script from the command line using this command

SQLCMD -S MyServer\Instance -E -i MyScript.sql 

and got this output:

 ------     62  (1 rows affected)  ------     62  (1 rows affected)  ------     62  (1 rows affected) 

It seemed to answer my question in the affirmative, but then I ran the script again and got exactly the same output, i.e. all values were 62 again. Apparently the two separate executions of SQLCMD could not possibly run in the same session, they just happened to receive the same session ID. But that in turn makes me think that the same @@SPID value return by a single run might not necessarily mean it was the same session either. Each batch could be executed in a different session that just happened to receive the same ID, similar to how different executions of SQLCMD were running in different sessions with the same ID.

Therefore, my question still stands: are multiple batches of the same script executed in SQLCMD in the same session or not? Is there a way to determine this?

The form cannot be displayed in browser because use of session cookies has been disabled in the browser

I am new in SharePoint. I’m receiving the following error while accessing SharePoint online form using c-sharp

“The form cannot be displayed in the browser because the use of session cookies has been disabled in the current browser settings. In order to load the form, session cookies must be allowed.”

I also tried with following attempts, but did not found solution.

  1. Enabled the session cookie in the browser.

  2. Added the httpOnlyCookies tag and set to false in web.config

Thanks in Advance

ssh session hijacking

I’ve created a simple scenario with ssh session hijacking. There is single session open from host A to host B and I can create another connection inside of established connection. I’m wondering how to detect in a SIEM such an activity?I can’t use ports because there is only one normal ssh connection.

Any ideas?

Is an index, nonce and HMAC good enough for session management?

I’m researching session management for web applications. I’ve been looking at a couple places, and from my understanding is we shouldn’t use a secret as a session identifier(index). Because it can lead to timing attacks.

Let’s say for the sake of performance sessions on the server-side are stored in cache/memory. And the index is reset(e.g: starts back at 1) every time the server restarts or they are all purged.

session_payload = index || HMAC(server_key, index) 

But doing it like that would leave room for replay attacks, right? An attacker could generate a bunch of session payloads and store them for later to hijack sessions. Something is needed to make each session payload unique to prevent that, right?

So what about:

payload = index || nonce session_payload = payload || HMAC(server_key, payload) 

If my understanding is correct, the nonce just needs to be unique to make the session payload unique. Should it be just the output of a CSPRNG, RNG or the current time(milliseconds?, nanoseconds?)? What are the caveats of each?

So if the above is done right, it should be able to avoid:

  • Timing attacks.
  • Volume attacks.
  • Replay attacks.*
  • Tampering.

Right? And is there any other attacks I should be aware of? Please exclude session fixation, that can be mitigated via session payload regeneration on privilege escalation.

  • What I define by a replay attack, is adversaries could store pre-computed session payloads and hijack sessions later, hence the use of the nonce.

what is crashing/exiting my gnome window session?

From time to time (but really too often) my desktop environment (for now xfce4) exits/crash itself and the system goes back to the login screen (gdm) silently.

In syslog I can see in correlation with the time of the exit a bunch of :

Oct  1 16:30:25 ultraviolet update-notifier[23392]: update-notifier: Fatal IO error 11 (Resource temporarily unavailable) on X server :2. Oct  1 16:30:25 ultraviolet gsd-keyboard[22021]: gsd-keyboard: Fatal IO error 11 (Resource temporarily unavailable) on X server :2. Oct  1 16:30:25 ultraviolet google-chrome.desktop[22244]: [22517:22523:1001/163025.520037:ERROR:x11_util.cc(110)] X IO error received (X server probably went away) Oct  1 16:30:25 ultraviolet google-chrome.desktop[22244]: [22244:22244:1001/163025.520208:ERROR:chrome_browser_main_extra_parts_x11.cc(62)] X IO error received (X server probably went away) Oct  1 16:30:25 ultraviolet gnome-session-binary[21647]: WARNING: App 'org.gnome.SettingsDaemon.Wacom.desktop' exited with code 1 Oct  1 16:30:25 ultraviolet gnome-session[21647]: gnome-session-binary[21647]: WARNING: App 'org.gnome.SettingsDaemon.Wacom.desktop' exited with code 1 Oct  1 16:30:25 ultraviolet gnome-session[21647]: gnome-session-binary[21647]: WARNING: App 'org.gnome.SettingsDaemon.Clipboard.desktop' exited with code 1 Oct  1 16:30:25 ultraviolet at-spi-bus-launcher[21769]: XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":2" Oct  1 16:30:25 ultraviolet at-spi-bus-launcher[21769]:       after 1175 requests (1175 known processed) with 0 events remaining. Oct  1 16:30:25 ultraviolet gsd-xsettings[21987]: gsd-xsettings: Fatal IO error 11 (Resource temporarily unavailable) on X server :2. 

but my Xorg.log doesnt say anything during that time.

Where can I start to investigate ? What can I try ?

Thank you for any pointer 🙂

nb: not sure if this is relevant but this is a multiseats system.

what is an EFI Session?

i have no idea what im doing so dont be surprised if i sound like an idiot asking these questions. I have 2 drives, one an SSD holds all the windows 10 stuff and the other just holds games and big files as my SSD is running out of space. i have my second drive in 2 partitions. i think i installed ubuntu on the second partition. but it said something about going on a EFI session and to do a boot repair. i did the boot repair and it didn’t work. the grub didn’t install during the ubuntu installation. on my main ssd there isnt a grub installed. I have been using the windows bootloader.

How to have persistent session settings in SDDM for each user?

I use SDDM as session manager in Lubuntu 19.04. By default I got two desktops: Lubuntu and LXQt. I have two users. Each one uses a different desktop session.

However, every time I switch users, the last used desktop session is shown in drop-down list (when in SDDM).

How can I configure SDDM so it remembers that user1 always starts with Lubuntu session and user2 with LXQt?

Right now the user must manually choose the session every time he enters. I believe it should be a matter of selecting the user, writing the password and voilá!

What do I do when problem player does not attend Session 0?

Apologies if this is not the correct place for this question but I’m at a bit of a loss for what to do and would appreciate the advice of an experienced GM.

My party have been playing DnD 5e since July 2017, I DMed us through Lost Mine of Phandelver with a lot of success. At the start of the campaign the players all rolled their own characters and I asked them to write back stories as I was writing homebrew story hooks based on these for the future. We started out with 3 players but by the end of the campaign we had 6. The character who was added around session 3 was met with distrust from one of the original characters (we’ll call him P1) and this escalated quite a lot due to drunkenness on the P1 player’s part. In a later session this was revealed by the player to be a racist dislike for all dragonborns justified by an event in P1’s backstory. I was unsure of this but the new player was happy enough to roleplay it out but over the course of the rest of the campaign, this was never resolved – an explanation has never been given in character though all players know why the character behaves this way. P1’s character still says horrible things to the dragonborn and makes a point of stating how much he dislikes him at any given opportunity.

We finished LMoP and started onto my homebrew stuff. P1 and another player were often not able to attend DnD due to other commitments and we decided to pause that campaign until we were more available. One of the other players has DMed through some homebrew and the start of Tomb of Annihilation for about 3 months – P1 behaved a little better during this, no racism, just a bunch of spotlight stealing.

We’ve recently resumed our original campaign and P1 player claimed that he had lost his character sheet. Fine, I say, choose to roll a new character or remake him as best you can based on memory. He elects to remake this P1 character – the only thing is, he doesn’t remake the character at all the same. Half way through the session, the character is revealed to be multiclassed now sharing the same class as the character he is racist against. Another cause of tension. In fairness, I should not have allowed this – I should have put my foot down then and there. But we were mid-game and I didn’t want to disrupt it for the other players. I should have fixed this after the session but I was hoping it wouldn’t be a problem. He had also forgotten his whole back story which is very frustrating for me as I put a lot of work into the plots surrounding it.

In our most recent session the P1 player was more disruptive than usual – changing things about his character [including giving him an obnoxious accent], interrupting me, talking to me the person not me the DM or NPC about things irrelevant to DnD in the middle of the session during other characters conversations with an NPC and trying to talk to other NPCs while I’m speaking with another character. Claiming to have magical abilities beyond what was previously agreed – a cantrip being used like it’s some all powerful spell and then long arguments that I said he could do it last week, etc. The other players were frustrated and a few of them mentioned it to me after the session. Our dragonborn’s player has also stated that he now dreads sessions when he knows P1 player’s character will be present.

It had come to a head for me. We’d jumped into all this without a session 0 so I decided that I needed to make my expectations clear. In an effort to iron out the misunderstandings between us all I scheduled a Session 0 for this evening. I sent a list of questions with the options of sending answers to me to be discussed at the table or just answering on the night. P1 player obviously elected the latter. But lo and behold, we get a message this morning that he is ‘sick’ and not going to attend tonight. I have suggested that we Skype him in and he is ignoring us. Most of the other players think he is avoiding the session because he doesn’t want to have his behaviour brought into question.

How do I proceed? What is the best thing to do here? Do I just send him the answers to the questions decided by the rest of the group? Do I demand he sends his answers?