If you don't store cookies on your website do you still need a cookie wall?
Related
I am attempting a performance test using JMeter.
The first controller performs a POST request to create a token en assign it to a variable.
The folloowing requests use this cookie to authenticate.
What I noticed is that after the first request with the cookies, the response contain a Set-Cookie header for each of the cookies.
Following requests use the old cookies (from the cookie manager) and the new cookies for the response.
I would like to overwrite the original cookie with the value of the new cookie.
I moved around the Cookie manager and edited the settings, but to no avail.
When cookies keep expired, how to scrape web?
I want to scrape my timetable data in the university web. However, the cookie, which I got after login, would immediately expire if the session were ended OR another new session were made. This makes scraping data with cookies impossible. I wonder if username&passwords could directly replace cookie during scraping or just keep session.
I have a website a.com that has third party app point to apps.b.com. When I login to a.com, I'm also authenticated to apps.b.com in the background using the same credentials. This is so the users do not have to login to access apps.b.com. I understand that browser sends all the cookies to apps.b.com when making the request to it. This is how it works now. Reading the article https://web.dev/samesite-cookies-explained/ in regards to SameSite attribute, it appears apps.b.com is third party site.
Now do I have to configure web server on a.com to set the cookie to SameSite=none;Secure OR do I have to set the SameSite=none;Secure on web server on apps.b.com?
Any time you are making a cross-site request that needs cookies, then those cookies need to be marked SameSite=None; Secure.
So, for example if the user is on a.com and you have an <iframe> or fetch() to apps.b.com that expects cookies, then the apps.b.com cookies need SameSite=None; Secure.
Vice versa, if the user is on apps.b.com and you are making requests to a.com to check their auth status by relying on the a.com cookies, then those cookies need SameSite=None; Secure.
Essentially the pattern you're looking for is when the site in the browser location bar is different to the site that needs the cookies, then those are the cookies that need marking. So, depending on your set up, it may be one or both.
When I'm logged in to a google account, site responses contain this cookie:
set-cookie:SIDCC=xxx; expires=Mon, 27-Nov-2017 06:12:16 GMT; path=/; domain=.google.com; priority=high
However when I restart Chrome and visit same site, no cookie is sent. Why is that? I thought that expires makes it persistent.
There and multiple cookies are generated by the server and cookies are stored on the browser.
There are few cookies are having the short expiry and some have the long expiry. If cookie gets expired (deleted from the browser) then the browser will not append that cookie in the request. So sever again set the cookie on the browser.
Since cookie are generated by the server and cookies are used by the server so whenever the server wants to set cookie it can change. Usually, some cookies are persistent and some are not persistent always.
So there will be a case some cookie is stored for a long time duration but server used to the keep on changing. So, In that case, it will set the cookie again.
As per your example, this SIDCC cookie is used by the google apps. So this cookie is kept on changing the other cookie like SID and HSID are not changing on browser reopen. There few cookies like NID, SAPISID, and Compass is also changing. The SAPISID is changing after the few transaction or after a particular transaction.
I want to reset all previous cookie for particular domain.
Is there any way so I can get all the cookie for particular domain? Right now cookie I have cookies for google and my site. I want cookies only for my site.
Expiring ( removing ) a cookie uses the same command as creating a cookie. The cookie value is left blank and the expiration time needs to be in the past.
To expire the cookie ‘mycookie’ use:
setcookie('mycookie','',1);
To retrieve cookie information, use:
// Print a cookie
echo $_COOKIE["mycookie"];
// View all cookies
print_r($_COOKIE);
You cannot get any more information than the information you store in the cookie. The cookie is not stored on the server, but on the client computer, that is the immediate reason why you can't get more information about the cookie.
I hope this is sufficient information to be an answer to you.