In my application I have filter that sets cookie:
HttpContext.Response.Cookies.Append("myCookie", "value")
When I print cookie value in my view:
HttpContext.Request.Cookies["myCookie"];
it is not there. If I refresh page cookie is set. This happens because using Response.Cookies.Append does not update Request.Cookies collection. Is there way to view current cookies with changes made during request?
In my web application I have IAsyncActionFilter, that updates cookie, however corrected value is visible only after page is refreshed, and I would like to finish current request with new value. I know that it will be set by browser when response finishes, but I already know that I have new value for that cookie, and I would like to propagate this value to views reading cookies.
No. This is how cookies work. They are sourced from the client. In other words, the cookie is set by the client after it receives the response from the server with the Set-Cookie header. It's then only after the client makes another request, sending the cookie back, that it exists server-side. It's not clear what you're trying to achieve ultimately here, but you need to force a new request after setting a cookie, to access that cookie, even if that's simply returning a redirect to the same page.
Related
I am attempting a performance test using JMeter.
The first controller performs a POST request to create a token en assign it to a variable.
The folloowing requests use this cookie to authenticate.
What I noticed is that after the first request with the cookies, the response contain a Set-Cookie header for each of the cookies.
Following requests use the old cookies (from the cookie manager) and the new cookies for the response.
I would like to overwrite the original cookie with the value of the new cookie.
I moved around the Cookie manager and edited the settings, but to no avail.
I try to get cookie information with CookieManager in Android WebView. However, all it does is providing a key value pair of cookies, no additional information.
I also tried this post and use connection.getHeaderFields.get("Set-Cookie"); to get all cookies received from server. But from what I can tell, I don't see all cookies that I am supposed to receive from server. This can also be found by some cookies in CookieManger receive a new value but not show in Set-Cookie field.
Ideally, I would like to intercept every response and inspect their cookies with all information from server such as name, value, max-age, secure, etc. Any suggestion how to do this with Android WebView (WebViewClient)?
I see you can set the expiration using CookieOptions when appending a new cookie to the response. However, HttpContext.Request.Cookies returns an IRequestCookieCollection, which only seems to give you key/value pairs.
Is there a way to read the CookieOptions (specifically the Expiration) for request cookies?
I'm using .Net Core (1.0.0-preview2-003131)
NOTE: I need to read the expiration of an arbitrary cookie in request processing, not the expiration of the framework generated auth cookie.
I'm getting that by reacting to the event "OnValidatePrincipal"
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
...
Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = CookieAuthenticationEventHandler.ValidatePrincipalAsync
}
});
And then I can access, once the principal is validated, when the cookie will expire in my ValidatePrincipalAsync with the property context.Properties.ExpiresUtc
To be able to get that expires property later in my controller, I'm adding it in my HttpContext this way:
context.Request.HttpContext.Items.Add("ExpiresUTC", context.Properties.ExpiresUtc);
But I'm not really happy with that part, maybe someone can give you a better way to access it directly in the controller without having to get it from the OnValidatePrincipal.
No, HTTP does not include any details about cookies sent on requests, only their name and value. The auth cookie workaround only works because the expiration is also embedded in the value.
I'm setting a cookie in a response from my web service. The set-cookie header is coming through, and I can see the cookie in the network tab in Chrome, but the cookie isn't being stored. It doesn't show up in the resources->cookies tab, and the cookie isn't sent with subsequent requests. Nothing shows up in the JS console. I've also tried leaving the domain field off the cookie, but it still isn't stored.
Is there a way to debug the browser to understand why the cookie was rejected from being stored?
Turns out it had to do with the way I was making the request. I expected fetch() to work the same way as XHR requests. Setting credentials: 'include' on my fetch call resolved the problem. See 5.6.14 of the fetch spec
I have the django view to set the value in cookies 'no_show_dialog' when a user clicks 'Don't remind me anymore' in the modal dialog.
Now i changed that dialog completely and want to reset that cookie for all users, so they will have to see it again at least once.
I know there is a way to delete the cookie in a view for a particular user:
response.delete_cookie('no_show_dialog')
But how to loop over all users and remove that cookie once?
You can't do that. Cookies are stored on the client; the only time you have access to them is when the particular browser makes a request and receives the response.
The best thing to do here is to simply use a different name for the cookie from now on. This will ensure that no users will have it set initially. Alternatively you might consider using the session for future settings.
As Daniel said you cannot delete all cookies in response as they are stored on client side.
In Django you create a response object for a particular request object in your views. Which means that you can only delete a cookie for that particular request and not for all the requests that was served by your Django server.
What you can do here is set expiry time for a cookie by using max_age as keyword argument in set_cookie method For Example :
response = HttpResponse('your response')
response.set_cookie('user_id', user_id, max_age=30)
return response
This will expire the cookie after the specified time for every client.