Double JWT submit method

I’m implementing my JWT method by using the double submit method: where we separate the payload & header portion of the JWT from the signature.

The header & payload is stored in a separate cookie, not HttpOnly so its accessible by the client, and the signature is HttpOnly.

The implementation seems pretty straight forward, but I’m having an issue understanding how refresh works.

For example, since I’m using firebase, the users jwt token has an expiration of 1 hour. When that expires, we need to automatically refresh the token, but this means we are refreshing the whole token. The whole point of the signature token is to be session long.

How can we refresh just the payload & header part of the token, without it affecting the signature?

The strategy I am using is based on this article: https://medium.com/lightrail/getting-token-authentication-right-in-a-stateless-single-page-application-57d0c6474e3

Cannot submit valid form in FormFunction

I have a simple FormFunction like this:

FormFunction[{"expr" -> ToExpression}, HTTPRequestData[] &] 

When I use CloudDeploy, it works as normal. But when I use SocketListen and GenerateHTTPResponse to establish a server, my Chrome seems have submitted no data as I can’t Find it in the results of HTTPRequestData.

I’ve tried remote server(instead of local), #expr(instead of HTTPRequestData), none of them works. If I use APIFunction as the backend and URLRead as the client, everything is OK.

What’s missing for the submission compared to the WolframCloud one?

Unintended window opening when pressing Unity’s “Submit” button

I’ve been working on a top down 2D game for a while now, and yesterday I found a strange bug that I just can’t explain to myself whatsoever. I have a loot window for looting enemies, as well as a character panel to equip gear/see stats. I realized that after I open and close a loot window, if I spam the space button (used for attacking, not for opening any windows) it sometimes (seems to depend on screen positioning) opens the character panel. Once I “found” it, I can spam space to open/close the character panel.

Went to the character panels OpenClose() function (all it does is set the canvas group alpha to 0 and block raycast to false and vice versa) which is being called unintendedly, put a debug.log inside to verify if it really was being called, and yes, it is. I look up all references to see where I used it, but I only use it in a single place in the project that is behind an if-statement looking for they keycode C (NOT space). I added a debug.log for the Input.inputstring to see if somehow a magic C button press is ending up in that function, but no. If I press C to open the window, the debug log pops up, if I press space, the inputstring appears to be empty, so the if statement to get to the only place in the code referencing that function cannot be met. Removed the space button from my Player entirely, the behaviour still persists.

Added another debug.log with stackTrace.GetFrame(1).GetMethod().Name to show who is actually running this function, but it turns out that if I run it and press C, it says it’s being opened by the update function in the UIManager (as expected). If I run it the strange, unintended way, it says it is being run by the EventSystems Invoke function. Coupled with the fact that the behaviour persists despite the space button being removed from the player, I realized that it’s Unity’s built in “Submit” button being pressed.

Strange behaviour:

  • If I rename the OpenClose() function that is being called to anything else, the behaviour stops. Looked for all references of the OpenClose string through the entire project, it only shows up in the other 7-8 OpenClose functions for other windows I have, that seem to work normally.
  • It appears to call the submit function on the OpenClose button for the character panel, but only under the circumstance that I closed a loot window and haven’t clicked the mouse anywhere yet afterwards. If I deactivate the button that holds the character panels OpenClose function, the behaviour stops. The button shouldn’t be pressed though, because it is on a canvas group with alpha 0/block raycast=false, just like all the other buttons with the identical function that work fine. The loot window has no idea about the character panel either, and all the windows are properly wired to their own OpenClose function.

So basically my issue is; how do I figure out why this function is being called? It feels as if closing the loot window somehow “caches” the OpenClose button for the character panel onto the submit button, but only until I click elsewhere on the screen. Did you guys have any experience with a similar situation? Could you share some pointers on how to debug this? I’ve spent about 4 hours on this now and don’t know how to get any further.

Thanks for the long read! Any help appreciated.

OWASP ZAP submit forms

I’m trying to find SQL injection vulnerability in DVWA with OWASP ZAP. After some clicking through the page I have a small site map:

enter image description here

I ran Active scan, Spider and AJAX spider on the GET:sqli node. As you can see in the screenshot above, SQL injection vulnerability was not found. Neither was the form action from the https://localhost:8081/vulnerabilities/sqli/ page:

enter image description here

Only if I manually submit the form, the form action shows up in the Sites tab:

enter image description here

And only if I run Active scan again, the SQL Injection vulnerability is detected.

enter image description here

Is there any way to force spider / active scan to submit forms and detect their vulnerabilities automatically?

Where to put submit button in a long screen with multiple inputs

I’m redoing a web configuration UI for a piece of hardware. Think of a configuration UI of a standard router. You install this hardware into your network and access configuration through your browser. The UI will normally be accessed from PC and should also be available for mobile devices, but PC is definitely in a focus here.

I need to implement a configuration form with a submit button. The old design was done in material design and had this layout: enter image description here

Form1, Form2 are a bit different configuration forms, that have a similar topic (Currently active SubMenu1). Think of “IP Address”, “Router Name”, “DHCP Configuration” etc. if it was a router. All of these have the same Submit button in the right top corner that applies only the changed inputs. For example if there is an input for a password, it will be applied only if it was changed, otherwise, the old password stays even though the input was empty. The submit button, although located on a menu bar is floating (when the menu bar is not) and always stays on the screen in exactly the same location when you scroll.

I’m redoing a UI similarly, preserving looks more or less, but changing the forms to be grouped in cards instead:

enter image description here

But I’m hesitant to use the same location for Submit button, as I believe there are serious issues with it from UI/UX perspective.

  1. The location is extremely weird and unintuitive. The button is located on the menu that is common for all views and simply appears/disappears depending on the view. Users do not expect it to be there
  2. The button although located on the menu is not attached to it and floats when menu is not.
  3. It is not obvious that if you do not change the password input and leave it empty, the password is not changed. My first thought is that this submits an empty password to the system. However, I’m not 100% sure this is a problem, just find it weird.

The problem is I do not know where to put submit button here. My first guess it to make it floating and to put it in the lower right corner. I do not know how to fix the password problem though.

Is this a good suggestion? If not what should I do? And is this a good idea to leave the password box as is, or it needs to be changed?