We are experiencing some strange behaviur on a landing page - tracking cookies that were set when user gave consent, are later being rejected when user refreshes the page (!?).
Steps:
(in Firefox / Firefox Dev Edition - because the warning is not visible in e.g. Chrome)
=> [url-removed]
=> "Accept all". At this stage you can see a "_mkto_trk" (Marketo Tracking) cookie via dev tools.
=> Go to the console tab in web dev tools and refresh the page.
Now you should be able to see a warning in the console log saying:
Cookie “_mkto_trk” has been rejected for invalid domain.
You can also see that the previous set _mkto_trk cookie is no longer set.
Expected Results
The expected result is for the cookie to persist after the page refreshes.
Regarding the warning
In the MDN Web Docs it says that:
The invalid cookie domain error is a WebDriver error that occurs when
an illegal attempt was made to set a cookie under a different domain
than that of the current document.
https://developer.mozilla.org/en-US/docs/Web/WebDriver/Errors/InvalidCookieDomain
The current document, the landing page in other words is on a subdomain: blog.example.com
But the cookie is set at ".example.com" which should make it valid for subdomains as well.
What have I tried?
Well I have been looking for answers in order to better understand where the issue is coming from, without any success.
Any help would be much appreciated, and thanks in advance!
P.S. This is my first post, so any hints/tips as to how to make this post better, would also be welcome.
Update
The problem was because of our cookie-script vendor and their trigger for google tag manager - the 'CookieScriptAcceptAll' trigger was not firing.
The solution was to:
scan the page for cookies (via cookie-script.com dashboard) which will populate the cookies categories array with cookie categories
and use the 'CookieScriptCategory-targeting' trigger instead (changes made via google tag manager dashboard).
Note the solution from above is for cases where you use google tag manager to add tags to your site.
Link to cookie-script documentation for info on triggers:
https://support.cookie-script.com/article/20-custom-events
Related
I am having trouble logging out of my identityServer under Google login. I can login through Google (external) with no issues but the logout never worked. After clicking on "Logout" I always get a message says "you are now logged out". But when I try to log back in again, I always get right in after clicking on the Googol button. My Chrome's Dev Tool shows that a cookie associated with my Google login left in there regardless if I click on logout.
And if I clear the cookie via Chrome, I will be able to get to the Google login page.
In trying to delete the cookie in my program when logging out, I tried the following code from the AccountController's Logout function. I watched the code got executed in debug mode, but it doesn't make any difference - the cookie is still there after the code gets executed and I am still get right in.
Could anyone tell me what I am missing here? Or is it just impossible to delete cookie from code?
To do an upstream signout the IDP (Google) would have to support the RP-initiated logout spec:
https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
However Google's discovery endpoint (https://accounts.google.com/.well-known/openid-configuration) does not advertise an end_session_endpoint so from that we'd have to conclude that it is not supported by Google.
However you may be able to use prompt=login or max_age={number of seconds} in your authorization_endpoint endpoint request to force interactive authentication again. When you receive the id_token in the callback you can validate that the auth_time claim falls within whatever condition you decide. The end result is that you can insist that users interactively authenticate each time you do a round trip to Google. If auth_time is too far in the past you'd prevent the local session from being established.
I have a forum-like component which I use in an iframe on other websites. This component uses django-allauth for authentication with Facebook and Twitter. Everything worked fine but now the authentication stopped working some time ago. When I look at the cookies in my browser, the cookies from Facebook/Twitter which are set by the iframe, are not loaded. Although, the cookies from the component itself are set.
The authentication still works when I load the iframe on a website which is on another subdomain of the component itself.
Tool on another subdomain (working):
https://shop-sandbox.adbuddy.be/discussie/
Tool on a totally different domain (not working):
https://mama-calinka.webbuddy.be/discussie/
I guess this problem had something to do with CORS-headers but nothing I've tried helped. Can someone help me with this problem please?
If this stopped working only very recently, it could be related to the Chrome's recent breaking change , that in case cookie's attribute SameSite is not explicitely set it defaults to SameSite = Lax, which prevents your browser in cross site requests to sent the cookie over.
I checked your https://shop-sandbox.adbuddy.be/discussie/ - there are many cookies with SameSite empty.
There could be a couple of more reasons, why a browser ignores a cookie in the request and I tried to sum all of them in my blog here
I created a Google site page with 5 links on it. Is it possible to create on my site a script or something that stores in a cookie the link on which the user has clicked, and then the next time he will connect to the page, he will be automatically redirected to the link he clicked on ? For information, the user connect to the site with his Google email account.
How can I do that please?
Thank you very much in advance for your help
While it is possible to read cookies and redirect using JavaScript inside a Google Page (using widgets), browsers will not allow you to set cookies for a completely different domain for obvious security reasons.
Related:
How to set a cookie for another domain
Cross-Domain Cookies
What's your favorite cross domain cookie sharing approach?
You could theoretically try and send an AJAX request from the Google Page with a "where should I direct this user to?" and expect a URL or a null.
See:
CORS $.ajax session cookies (access-control-allow-credentials & withCredentials=true)
Cross domain POST request is not sending cookie Ajax Jquery
But overall, your task is not as straightforward as it may seem. The browser will, fortunately, not play along.
I'm new with Jmeter and by default sorry for dump question.
I want to start with the most basic testing for web site. I want to login to application and navigate to specific page. Basically, that is it for now.
I was fighting with this issue but unfortunately I cannot save cookies properly. I use the following test scenario:
However, after I start to run scenario I can see that login was executed successfully, but navigation on page redirect to Login page.
It seems that cookies were not actually saved.
Please any advice. If you require any additional information I'll provide everything what is needed.
What makes you say login did not work or work ?
Why don't you first look in View Results Tree at first "Http Request login" sampler response to check that login was successful ?
To see if Cookies are transmitted check Request Tab in View Results Tree to see if Cookies are transmitted.
From what you show it seems you are playing login twice, check your Thread Group for number of iterations ? if you set more than 1, maybe your application does not allow double login.
Please VOTE TO CLOSE instead of downvoting. I can't delete the question now that there are answers for it.
I've been playing with JMeter a few days now and I'm starting to get into the steeper part of the learning curve it seems. I've added a login request (i had to put it in a Loop Controller in the Thread Group). I then have a cookie Manager followed by two requests that are made by the browser (according to fiddler) after logging in. These next two requests require a cookie though and they don't seem to be working right now. I've set the Cookie Manager to "compatibility" for Cookie Policy. Then I look at the view results tree and I see that the two requests after login are failing and in the Request tab I see "[no cookies]".
Rather perplexing. Here's a screenshot.
i've modified my login request a bit:
however the next request still fails with a "not logged in" and "forbidden" message:
Not sure as i don't have full test plan but your login request seems to have failed because you get a redirect from http to https in tree result.
As you can see in tree you have 2 samples inside
Login one with http then one i http.
I suggest if you are a beginer to read this :
http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf
It will help you build easily yoyr test plan.
I you don't succeed with proxy then I suggest you remove loop controller and test with only one iteration to see what's happening.
You can click on sampler in tree result and select request tab.
Check that your login request is using https, it's in scheme of http sampler.
If it's a redirect that you cannot anticipate, then disable follow redirect and with a regexp post processor:
http://jmeter.apache.org/usermanual/component_reference.html#Regular_Expression_Extractor
extract the url from the redirect and submit it with login and password in next http sampler.
Regards
I had to learn a little bit more about the requests being made to the system in order for this to work. Instead of a call to www.server.com/login, i made a request to www.server.com/sessions.json and provided a json file with username and password. doint this set the cookie and the cookie manager took over. Then without modifying the other two requests, everything was honky dory.
Based on the images that you have posted, I found the error.
Cookie manager should be under the scope "Test plan". You have created a Cookie manager with the scope HTTP request.
Please leave the HTTP Cookie Manager with the standard settings. It should work.
enter image description here
For more details refer to the below JMeter Documentation
http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager