Double JWT submit method

I’m implementing my JWT method by using the double submit method: where we separate the payload & header portion of the JWT from the signature.

The header & payload is stored in a separate cookie, not HttpOnly so its accessible by the client, and the signature is HttpOnly.

The implementation seems pretty straight forward, but I’m having an issue understanding how refresh works.

For example, since I’m using firebase, the users jwt token has an expiration of 1 hour. When that expires, we need to automatically refresh the token, but this means we are refreshing the whole token. The whole point of the signature token is to be session long.

How can we refresh just the payload & header part of the token, without it affecting the signature?

The strategy I am using is based on this article: https://medium.com/lightrail/getting-token-authentication-right-in-a-stateless-single-page-application-57d0c6474e3

Cannot submit valid form in FormFunction

I have a simple FormFunction like this:

FormFunction[{"expr" -> ToExpression}, HTTPRequestData[] &] 

When I use CloudDeploy, it works as normal. But when I use SocketListen and GenerateHTTPResponse to establish a server, my Chrome seems have submitted no data as I can’t Find it in the results of HTTPRequestData.

I’ve tried remote server(instead of local), #expr(instead of HTTPRequestData), none of them works. If I use APIFunction as the backend and URLRead as the client, everything is OK.

What’s missing for the submission compared to the WolframCloud one?

Unintended window opening when pressing Unity’s “Submit” button

I’ve been working on a top down 2D game for a while now, and yesterday I found a strange bug that I just can’t explain to myself whatsoever. I have a loot window for looting enemies, as well as a character panel to equip gear/see stats. I realized that after I open and close a loot window, if I spam the space button (used for attacking, not for opening any windows) it sometimes (seems to depend on screen positioning) opens the character panel. Once I “found” it, I can spam space to open/close the character panel.

Went to the character panels OpenClose() function (all it does is set the canvas group alpha to 0 and block raycast to false and vice versa) which is being called unintendedly, put a debug.log inside to verify if it really was being called, and yes, it is. I look up all references to see where I used it, but I only use it in a single place in the project that is behind an if-statement looking for they keycode C (NOT space). I added a debug.log for the Input.inputstring to see if somehow a magic C button press is ending up in that function, but no. If I press C to open the window, the debug log pops up, if I press space, the inputstring appears to be empty, so the if statement to get to the only place in the code referencing that function cannot be met. Removed the space button from my Player entirely, the behaviour still persists.

Added another debug.log with stackTrace.GetFrame(1).GetMethod().Name to show who is actually running this function, but it turns out that if I run it and press C, it says it’s being opened by the update function in the UIManager (as expected). If I run it the strange, unintended way, it says it is being run by the EventSystems Invoke function. Coupled with the fact that the behaviour persists despite the space button being removed from the player, I realized that it’s Unity’s built in “Submit” button being pressed.

Strange behaviour:

  • If I rename the OpenClose() function that is being called to anything else, the behaviour stops. Looked for all references of the OpenClose string through the entire project, it only shows up in the other 7-8 OpenClose functions for other windows I have, that seem to work normally.
  • It appears to call the submit function on the OpenClose button for the character panel, but only under the circumstance that I closed a loot window and haven’t clicked the mouse anywhere yet afterwards. If I deactivate the button that holds the character panels OpenClose function, the behaviour stops. The button shouldn’t be pressed though, because it is on a canvas group with alpha 0/block raycast=false, just like all the other buttons with the identical function that work fine. The loot window has no idea about the character panel either, and all the windows are properly wired to their own OpenClose function.

So basically my issue is; how do I figure out why this function is being called? It feels as if closing the loot window somehow “caches” the OpenClose button for the character panel onto the submit button, but only until I click elsewhere on the screen. Did you guys have any experience with a similar situation? Could you share some pointers on how to debug this? I’ve spent about 4 hours on this now and don’t know how to get any further.

Thanks for the long read! Any help appreciated.

OWASP ZAP submit forms

I’m trying to find SQL injection vulnerability in DVWA with OWASP ZAP. After some clicking through the page I have a small site map:

enter image description here

I ran Active scan, Spider and AJAX spider on the GET:sqli node. As you can see in the screenshot above, SQL injection vulnerability was not found. Neither was the form action from the https://localhost:8081/vulnerabilities/sqli/ page:

enter image description here

Only if I manually submit the form, the form action shows up in the Sites tab:

enter image description here

And only if I run Active scan again, the SQL Injection vulnerability is detected.

enter image description here

Is there any way to force spider / active scan to submit forms and detect their vulnerabilities automatically?