Path Specific Cookie in Django - django

i want to create cookie based authentication depends on path ,
so simply for testing i have create two views and set cookies respectively
View 1 Cookie With globalLy available
View 2 Cookie With Specific
But the problem in both view only global cookie is available
View 1
View 2
You can see both cookie have same name but different path, but when we get cookies only global cookie is available
if i display request.META.get('HTTP_COOKIE')) then all cookie are display but not in request.COOKIES.get('last_visit')
please help, i have tested in php , it works fine but not in python django

The problem that you face relates partly to Django, but firstly to the properties of HTTP cookies mechanism itself.
A cookie valid for a path is also valid for all its subpaths (a query string doesn't matter). So last_visit cookie intended for / is also valid for /view2/. For specifics of the matching mechanism, defining whether a cookie is suitable for a path, see subsection "5.1.4. Paths and Path-Match" in RFC6265.
So both cookies are sent, and the order in which they are listed in Cookie: HTTP header is from more specific paths to less specifics ones. See over here in RFC6265.
Now, Django processes cookies from the header one by one and populates a plain python dictionary request.COOKIES, rewriting values when keys are already present. That is how your value for last_visit is rewriten when both cookies for both paths are sent in http request.
While Django processes cookies like that, though it would be more reasonable to only keep the first (not the last) value for the key as it relates to more specific path, you can fix the issue by only using the same cookie names for paths of the same level -- for /root/view1/ and /root/view2/, but not for /root/. Or You can divert cookie names with respect to http path like that:
import hashlib
cookie_name = 'last_visit%s' % hashlib.md5(request.path).hexdigest()
# ...
cookie = request.COOKIES.get(cookie_name)
# ...
response.set_cookie(cookie_name, cookie, path=request.path)

Related

Scrapy modify cookie

I'm able to create a cookie with scrapy but unable to modify one existing cookie.
In the ecommerce website i'm working, this cookie handles the postal code and the postal is used by each page to modify product attributes. I can modify the postal code using selenium, scrape every page, but the scrape process is too slow. I wanted to use scrapy only, modifying this request/response postcode cookie.
I can create a cookie on my requests using this code
in SETTINGS.PY
COOKIES_ENABLED = True
in spider.py
yield scrapy.Request(response.urljoin(url), self.parsePage, cookies={'cp': codpost})
I get the list of cookies using:
cookies = response.headers.getlist("Set-Cookie")
The relevant result I get on every page is:
[..., b'cp=28029; Expires=Sun, 29-Feb-2032 07:58:44 GMT; Path=/', ...]
It doesn't look like to be a pair key/value. How can I modify this cookie? Any suggestions?
I don't think you need to manually modify the cookies, you probably can get through using cookiejar.
You can yield several requests for different postal codes, and include a different cookiejar in each request, that way Scrapy will manage different sessions for each request.
for code in postal_code:
yield Request(url, meta={'cookiejar': code}, callback=self.callback_func)
This is a minimal example, just to show how to pass the cookiejar in the request. Keep in mind that the values represented by code must be different for each different session you need.

Storing the value of cookie in variable but doesn't appear in cookie data in request body in Jmeter

There are lots of cookies present and I need to extract those cookie and pass them as a post parameter in further request. So i have changed the setting for them in jmeter.property file as
save.cookies=true
check.cookies=false
Then after running the test, I got those cookie value in debug sampler as ${COOKIE_}
EXPECTED:
GET data:
Cookie Data:
private_content_version=e17f5f6a5ed9557378a6f85fa2202c0e;form_key=mCPI56sUAl6bqAJdqq;
Actual Result
GET data:
[no cookies]
I have passed in the value in HTTP header manager as
name=private_content_version
Value=${COOKIE_private_content_version}
name=form_key
Value=${COOKIE_Form_key}
But instead of value, same variable is passed as ${COOKIE_private_content_version}
Also there are multiple cookies and I need to fetch them too and pass them in further http request payload,but unable to do that.What I AM MISSING?Please help
DO I NEED TO ADD THEM COOKIE MANAGER UNDER EACH OF THE HTTP REQUEST?OR DEFINED IN GLOBALLY?
Also how to define them ?
You don't need to manually add cookies in the HTTP Header Manager, the Cookie Manager should normally handle them.
If for some reason you need to build Cookie header manually make sure to use strict Cookie name and in the value one or more name/value pairs of cookies separated by semicolons
You might find HTTP Cookie Manager Advanced Usage - A Guide article useful, it contains comprehensive information on HTTP Cookie Manager configuration and troubleshooting.

Akamai Cache Key by Cookie

We are using Akamai to do A/B test, is there a way that Akamai can get different cache with some cookie value.
For example: suppose I have 2 applications App-A and App-B under www.example.com, is there a way that when request has cookie "to-A=true" then go to the cache of App-A, and if cookie has "to-A=false"? then go to App-B?
Thanks!
You could achieve this using Cache ID Modification behavior. You can enable the Include the following cookies action & mention your cookie name on the Elements to include field. Akamai will basically create 2 cacheID (ID's would be different though) for the resource & the cacheID will be constructed with the cookie name (&values if you say yes in Include values property). When the incoming request has these cookies set, then Akamai could serve the specific resource from the cacheID (that has the cookie value in its ID).
In your example, the Cache ID would be constructed like the below for the resource abc.js. The abc.js that came from Origin App A would be saved under to-A cacheID & the one from App B would be saved on the other.
X-Cache-Key:S/L/**/abc.js cid=_to-A=true_
X-Cache-Key:S/L/**/abc.js cid=_to-B=true_

Basic issue with setting HTTP cookies

I'd like to set an HTTP cookie for my users, in order to not bother them with having to log in every time.
What I want to know is this: if I set the cookie at a page other than the homepage for my website, then will that cookie be available when the user comes to my homepage the next time?
More generally, is it the case that I can set the cookie at any page of my website, and the cookie will be available to me whenever I want?
Thanks!
Cookies can be configured to be available on specific subdomains, specific paths and specific protocols (HTTPS only, for instance). Without you telling which language you're using, it's hard to tell the default behavior of your local Set-Cookie function, but I believe that most often, the default behavior is to make the cookie available to all subdomains and all paths.
So yes, if you set a cookie on a random page, it should be available to the home page, too.
Yes - once you set a cookie it will be accessible from the server as long as it is stored in the user's browser (hasn't expired or been deleted).
I found that if the cookie is being set via Javascript, then this can be determined via a simple parameter.
The example JS code (from here) sets a cookie, that is available across the site
$.cookie('the_cookie', 'the_value', {path: '/'});

Kohana Framework - prevent subdomains from inhereiting parent doamin cookies

We are developing a Kohana Framework-based website with multiple subdomains, using the subdomain prefix value as the key for content and configuration filters...
This works great until a user with an active session to one of the subdomains visits a parent domain... Then they get a combination of BOTH cookies from each domain, which can lead to undesireable effects (parent domain settings inherited by subdomains).
For instance, I go to https://test.ourdomain.com and get a cookie with a session ID in it. All further requests to this URL or folders/files under this host have that cookie sent with the request in the headers. When I then go to https://sub.test.ourdomain.com, BOTH the cookie generated for that URL, PLUS the cookie generated for the parent url (test.ourdomain.com) is propogated. These cookies contain identically keyed information with varying values, and sometimes the values for the parent override the one for the child, producing undesireable effects on the child.
Preferably using Kohana's cookie settings, what can I do to limit the cookie propogation from parent domains to children?
You can set cookie settings in your bootstrap.php file.
By the looks of the documentation, you should be able to append Cookie::$domain = "test.ourdomain.com"; or Cookie::$domain = "sub.test.ourdomain.com"; to the end of your bootstrap.php file.
This should apply globally where ever cookies are used (including native and cookie-based sessions). You might have to clear your current cookies when making this change before noticing its effects.
Edit: Just realized how old the question is, hopefully this can solve any future questions.