I'm using appollo client and nextjs, when i use next/link to go back to home page (client side), all data of my homepage still old and doesn't update to new data (I think it used cache data). Only if i refresh page use F5 (server side), it's updated. So how to update data in client side, thank you
In Apollo client you can specify fetchPolicy: network-only to always get updated data without refreshing the page
There is one more option provided by Apollo is refechQueries you can use this also.
Related
I got a backend, NestJS GraphQL, and I got authentiaction on it's side. On signIn query it returns 3 Set-Cookie headers: is_authenticated, access_token and refresh_token. I use useLazyQuery hook from apollo to make a signIn request. Everything works until I want to use these cookies server-side e.g. getServerSideProps. How to sync client and server cookies in NextJS? Do I have to set them manually?
When I console.log getCookies(ctx), ctx.req.cookies it returns empty object. On client-side getCookies() also returns empty object, but these cookies are set, because I also have a cart-id which sets the cart user can use, and it works properly, after refresh, restart browser and even restart my PC. Where is the problem then?
I have a server side application that uses cookies for session management. The browser has some script that sends an ajax request to add information to the session. This is working well and in production.
The business wants to be able to insert this application in other companies' websites via iframes. ie myapp.com is in an iframe in otherbusiness.com and when the user clicks a button in the application in the iframe launched from myapp.com, it sends a request with a cookie that contains the session id to update the user's session on the myapp.com server.
For the browser to be able to send a cookie, 3rd party cookies needs to be enabled by setting the cookie options of SameSite=None and Secure. This works for all browsers except Safari.
Safari no longer accepts 3rd party cookies.
The only solution I can come up with is to use session ids in the URL but this is a little cumbersome.
Can anyone suggest a better option or perhaps a good implementation of session ids in the url?
I used hidden html fields to pass the session id and expiration.
My server side code checks for a cookie if it cannot find it, looks for the session id and expiration in the hidden fields.
This avoids security issues with passing the id in the url. It is a little clumsy to implement but it works.
I am using Hybris 6.5. I have published yform on storefront.
Now problem is, When I click on submit(save) button for saving form data I want to fetch customer data which is currentlly logged in System but for getting data I need to fetch cookies first.
To fetch cookies I need http request which comes from submitting save button on published form.
The question is related to securely transferring data to a webpage. I need to transfer some data to a webpage/website. Assume that for all the mentioned scenarios, I am using HTTPS as the protocol.
Do I need to append data/Parameter to URL. Do I need to encrypt it so that it does not transmit as plain text?
Do I make a POST request to website and it will return me the rendered HTML page?
Security is the major concern for me and I have to use HTTP or restful web services for the purpose.
Query string data will be encrypted, but it will also be visible in the browser address bar and could be logged in browser history. Even if it is a server side request, query string data could be logged in server logs.
Sending the data via POST is preferred - it is not guaranteed to not be logged, but by POSTing the data you are implying that it is used to create a change in state and that it should not be replayed or cached.
I don't really understand when session is created and per what entity it is created (per ip, per browser, per logged in user). I see in documentation that sessions by default is created per visitor - but what is visitor (browser or ip)?
What are HTTP sessions?
To display a webpage your browser sends an HTTP request to the server, the server sends back an HTTP response. Each time you click a link on website a new HTTP transacation takes place, i.e. it is not a connection that is persistant over time (like a phone call). Your communication with a website consists of many monolitic HTTP transactions (tens or hundres of phonecalls, each phonecall being a few words).
So how can the server remember information about a user, for instance that a user is logged in (ip addresses are not reliable)? The first time you visit a website, the server creates a random string, and in the HTTP response it asks the browser to create a so called HTTP cookie with that value. A cookie is really just a name (of the cookie) and a value. If you go to a simple session-enabled Django site, the server will ask your browser to set a cookie named 'sessionid' with such a random generated value.
The subsequent times your browser will make HTTP requests to that domain, it will include the cookie in the HTTP request.
The server saves these session ids (for django the default is to save in the database) and it saves them together with so called session variables. So based on the session id sent along with an HTTP request it can dig out previously set session variables as well as modify or add session variables. If you delete your cookies (ctrl+shift+delete in Firefox), you will realize that no website remembers you anymore (Gmail, Facebook, Django sites, etc.) and you have to log in again. Most browsers will allow you to disable cookies in general or for specific sites (for privacy reasons) but this means that you can not log into those websites.
Per browser, per window, per tab, per ip?
It is not possible to log into different GMail accounts within the same browser, not even from different windows. But it is possible to log in to one account with Firefox and another with Chrome. So the answer is: per browser. However, it is not always that simple. You can use different profiles in Firefox, and each can keep different cookies and thus you can log into different accounts simultaneously. There are also Firefox plugins for keeping multiple sessions, e.g. MultiFox.
The session all depends on which session cookie your browser sends in it's HTTP request.
Play around
To get the full understanding of what is going on, I recommend installing the FireBug and FireCookie plugins for Firefox. The above screenshots are taken from FireBug's net panel. FireCookie will give you an overview of when and which cookies are set when you visit a site, and will let you regulate which cookies are allowed.
If there is a server side error, and you have DEBUG=True, then the Django error message will show you information about the HTTP request, including the cookies sent
It's browser (not IP). A session is basically data stored on your server that is identified by a session id sent as a cookie to the browser. The browser will send the cookie back containing the session id on all subsequent requests either until the browser is closed or the cookie expires (depending on the expires value that is sent with the cookie header, which you can control from Django with set_expiry).
The server can also expire sessions by basically ignoring the (unexpired) cookie that the browser sends and requiring a new session to be started.
There is a great description on how sessions work here.