I need some help working with Caddy2 Server and the Caddyfile.
Some background info:
Let's say I would like to reverse proxy on 2 sites named page1.com and page2.com
So for example currently page1.com is visible in localhost:8080/page1 and page2.com is visible in localhost:8080/page2
Now assume that /page1 gives me a specific cookie named "myCookie" which has some random value in it.
I would like to pass this cookie also to /page2, so I'd have the cookie "myCookie" on both pages.
I know that I can use header_down +Set-Cookie "..." on /page2, but since the value is random, I would need to somehow safe the cookie value from /page1 in order to reuse it or pass it to /page2
And that's where my knowledge reaches its limits, because in every research I did I couldn't find a way to store that value since Caddy2 doesn't seem to support variables.
Does anyone have a clue & is able to help me out with this one?
Thanks in advance!
Best Regards
Furkan
Meanwhile I've found a solution on how to accomplish this and decided to post it up here for someone who also may research for this in the future.
The idea behind that is to change the path of "myCookie" from /page1 to /, so the page2 is also able to access that cookie. I've also renamed that cookie in between just to make it clear that it now isn't only the cookie of /page1
header_down Set-Cookie "/page1" "/" # this will change the path of the cookie to /
header_down Set-Cookie "myCookie" "ourCookie"
header_up Set-Cookie "ourCookie" "myCookie"
Related
I am using redirectTo() function with params to redirect to another pages with a query string in the url. For security purpose this does not look appealing because the user can change the parameters in the url, thus altering what is inserted into the database.
My code is:
redirectTo(action="checklist", params="r=#r#&i=#insp#&d=#d#");
Is there anyway around this? I am not using a forms, I just wish to redirect and I want the destination action/Controller to know what I am passing but not display it in the url.
You can obfuscate the variables in the URL. CfWheels makes this really easy.
All you have to do is call set(obfuscateURLs=true) in the config/settings.cfm file to turn on URL obfuscation.
I am sure this works with linkTo() function. I hope it works with RedirectTo() funcation as well. I do not have a set up to check it now. But if doesn't work for RedirectTo(), you can obfuscateParam() and deObfuscateParam() functions to do job for you.
Caution: This will only make harder for user to guess the value. It doesn't encrypt value.
To know more about this, Please read the document configuration and defaults and obfuscating url
A much better approach to this particular situation is to write params to the [flash].1 The flash is exactly the same thing as it is in Ruby on Rails or the ViewBag in ASP.Net. It stores the data in a session or cookie variable and is deleted at the end of the next page's load. This prevents you from posting back long query strings like someone that has been coding for less than a year. ObfuscateParam only works with numbers and is incredibly insecure. Any power user can easily deobfuscate, even more so with someone that actually makes a living stealing data.
Where can I make changes if I want to make permanent changes in cookie-path value for my website. will that be in context.xml or web.xml or will that be using newCookie.setPath() method only? The server is Tomcat 6.0. I did look online but have not found anything, to the point.
Its just that there is some problem with the session tracking and admin thinks that this requires changing path of my session cookies from /site-folder to /. Is he wrong?
It might not be something considered good programming trick, but to change the sessioncookiepath value, web-app>METAINF>context.xml file is the place. For perticulary my problem, putting following code helped: Context sessionCookiePath="" This might be due to my website structure.
I'm working on a program dealing with cookies under the kohana's HMVC structure, and I find that Kohana has 3 ways to get/set the cookie. They are
Request::current()->cookie(), Response->cookie(), and the cookie class (Cookie::set(), get())
And PHP has a native setcookie() function and $_COOKIE to deal with cookies too.
Could anyone explain their differences and, what are the situations that they should be used respectively.
Request::cookie() prior to calling Request::execute() on the same object is used to set the cookies that will be send (or have been sent in case of the initial request) along with the rest of the request.
Request::cookie() during a Request::execute() will replace $_COOKIE.
Response::cookie() during a Request::execute() will replace setcookie().
Response::cookie() after a Request::execute() is used to get the cookies set back by the server.
The Cookie helper will sign your cookies and is used by HTTP_Header to set cookies set to the Response object in your initial Request object (see Response::send_headers() in index.php).
You probably do not want to use it yourself directly if you are trying to code HMVC safe.
Hello and good evening to all.
I have my app that uses InternetSetCookie to create (session) cookies needed for its job. However I want to remove the cookie named for ex. 'badcookie' after each request via
InternetSetCookie("http://www.domain.com", "badcookie", "");
and
InternetSetCookie("http://www.domain.com", NULL, "badcookie=")
but...in best case it will send cookie w/o any value and thats that.
My question is how to completly remove this cookie?
(No, I dont want to make them permanent and call cleanup() 10 times, maybe I would create thread for each request but its akward if I do it)
InternetSetCookie("http://domain.com", NULL, "badcookie=bye; expires = Sat,01-Jan-1970 00:00:00 GMT");
This removed the complete txt file with some other cookies inside. Before I was using www.domain.com and I saw that it was problem... now I face same issue as the link you posted (lossing more cookies) but my question is answered now.
PS This works with session cookies too.
My answer isn't 100% complete, but maybe it's a start. I'd suggest setting the expiration of the cookie to be in the past, as this will force the client to clear the cookie. I'm not familiar with WinINET syntax, so maybe someone has a better answer. I'm more of an ASP.NET person - but this article seems to suggest how to expire the cookie.
Based on gaor's response to my initial comment, sounds like there's still a little more work to do to completely fix this. But hopefully this helps and gets someone pointed in the right direction.
Hope this helps!
in a website where cookies are used for top-level pages (such as example.com/test.php, example.com/whatever.php), is it possible to ban cookies from certain directories such as "/images/", or am I just going to have to use a second domain (static.example.com/images/photo.jpg) ?
does anyone know of a workaround? it's for a CMS where I may not always be able to create a second domain.
Change your top-level pages to be one level down: example.com/test.php -> example.com/app/test.php
You can then set your cookies on example.com/app and they will not be sent to example.com/images
(Also your workaround won't quite work either, as static.example.com/images/photo.jpg will still get cookies set for example.com. It needs to be a different parent, e.g. example2.com/images).
No, sorry. Cookies are domain based, not directory based.