How to Inspect Cookies in Safari 11 Developer Requests & Responses? - cookies

This must have been answered somewhere but I just cannot find the answer - how can I inspect the cookies set in http RESPONSE and REQUEST in Safari 11?
I am looking for something similar to Chrome DevTools Network tab inspector where you can see any cookies sent, per http request/response, and what they contained.
I've tried inspecting the cookies via Storage but even here some cookies are present, others not. What is weird is that I can see cookies set by third parties like Stripe or Intercom, but not the cookies associated with the actual domain I am on. All these cookies are present and being set in Chrome & Firefox.
Thank you!

Related

JMeter 5.4.1 Cookie Manager - User-Defined Cookie not added to request's cookies

Firstly, I did add the line CookieManager.check.cookies=false to jmeter.properties.
What I'm Trying to Do
I want to add a cookie to a request's existing cookies.
For example, I see the request has [edited]:
Cookie Data:
c1=sfasfsfsfsfs; c2=erqwerqwrr; c3=poiuopiupoi
Expected Results
I would like it to have:
Cookie Data:
c1=sfasfsfsfsfs; c2=erqwerqwrr; c3=poiuopiupoi; partner=favicon.ico
Here is what I tried:
BASE_URL_2 is a variable defined in the form qa.company.com.
Actual Results
Whatever I have tried so far has not made any change in the cookies.
What else shall I try?
Underlying Motivation
Recorded a Web session and played it back.
Added a RegEx Extractor to pull out a token and then added it to subsequent requests. That helped.
However, certain requests failed with an custom application exception Security violation, please refresh.
Probably session login state is not being passed, so the website thinks the call is "stale".
I've seen this on the GUI when the session expires and you try to click a button on the site.
On comparing the cookies seem in JMeter with what I saw in the Chrome Debugger, it was clear that there were more cookies in the running application than what I had in JMeter.
Are you sure you're using HTTPS protocol because if you have secure flag and using HTTP protocol - the cookie will not be sent.
Also remove = from partner= otherwise you will end up with partner==favicon.ico
Demo:
More information:
Using HTTP cookies
HTTP Cookie Manager Advanced Usage - A Guide

Firefox extension/addon does not store cookies

I'm working on an browser extension that authenticates with a remote server via XMLHttpRequests. In Firefox (59.0.2) I have the problem that the session cookie send by the server is not stored in the browser. When looking at the network traffic I get a Set-Cookie response from the server for every request:
Set-Cookie JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0;Path=/
but it seems that the cookie is never accepted or stored in the extension.
When looking at Chrome (where the extension is working) my extension includes this cookie in the request:
Cookie: io=jCX1X9rlaOhCqE0nAAAB JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0
However, this is not the case in Firefox. Why is Firefox is not including the cookie in the request? and why is it not storing the cookie?
UPDATE: as suggested I filed a bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=1454806
Furthermore, I created a very minimal example addon that fails:
https://gitlab.com/czeidler/firefox-cookie-problem
Could somebody please let me know if that addon really should work? or am I doing something wrong? To trigger the problem open the debug view of the addon and select the network view. Then click the addon popup icon. This will trigger two requests to my server. The first reply contains a Set-Cookie header that is not reused in the second request.
I found the reason why it is not working. Firefox handles a request from the popup as a cross domain request and does not set the cookie for this reason. Not sure if Chrome and Firefox should behave the same here or which approach is the better one. Here is how I fixed this issue to make it work in both browsers:
On the server:
response.addHeader("Access-Control-Allow-Origin", request.getHeader("Origin"))
response.addHeader("Access-Control-Allow-Credentials", "true")
In the popup:
connection.withCredentials = true;

Display cookies in request headers in Safari 7

When examining request headers in Chrome or Opera using their default console, I can see in the request headers what cookies have been sent to the server and if server is trying to set a cookie, I can also see Set-Cookie header.
However, in Safari 7.1.2 I don't see these information, but I see other information such as Accept,, User-Agent, Referer etc.
Do I need to enable something to see the cookies in the Safari's console? How can I view cookies that are being sent together with the request?
Thanks
P.S. I know that I can see cookies in the resources, but I need to know specifically in which requests the cookies are present.
As far as I know, modern versions of Safari will omit the "Set-Cookie" and "Cookie" headers in the responses, and requests, respectively. I guess the reason is "oh, you can see what cookies are set in the "Resources / Cookies" tab. However, that's of poor consolation when you're trying to determine if any Cookie headers are being sent, which is my situation.

Safari 6 Web Inspector: Can't see my domain-level cookie

I am having a problem viewing a cookie value in Safari 6 developer tools. Just to be clear - the cookie works fine. I can see/fetch/echo the value of the cookie on the page. However, I can't see it in the Storage section of Web Inspector.
I'm wondering if the problem is multi-level subdomains. We have these:
www.domain.com
sub.domain.com
www.dev.int.domain.com (accessible only while on VPN)
We want this cookie accessible to all the domains, so we set a domain-level cookie like so (example):
Set-Cookie: UserLoginCookie=someencryptedvalue; Domain=.domain.com; Expires=Sun, 23-Mar-2014 00:02:56; Max-Age=31104000; Path=/; Version=1; HttpOnly
I'm looking in Web Inspector, in the Storage section, under Cookies.
When I load www.domain.com, I see the UserLoginCookie in the list.
When I load sub.domain.com, I see the UserLoginCookie in the list.
When I load www.dev.int.domain.com, I do NOT see the cookie, even though I can read/set it.
I've tried to google for this and search stackoverflow, but I've gotten nowhere. Does anyone know if this is a Safari bug or if there's just a step/option that I'm missing somewhere?
Thanks in advance for any help.
I am guessing this is a Webkit based bug that Safari has yet to fix - Webkit Developer Tools does not show parent domain cookies?
There is no easy way to do it as Safari removed the ability to see individual cookies from the Security tab: "Show Cookies" button missing as per this HOWTO. I have also tried the "Safari Cookies" plugin but it does not work as the cookie list did not refresh for me.
I've resolved to inspecting cookies with the 'document.cookie' in the developer console.

Coldfusion cookie issue

I'm having issues deleting client cookies with the cfcookie tag, I'm setting the value to "" AND changing the expiration date to now.
But I think it's resetting the cookie in the same page that it deletes it.
Is there a application (or addon for chrome,firefox) that can tell me where it's giving me cookies?
There's Fiddler, an application that logs all HTTP(S) traffic between your computer and the Internet.
1) Run Fiddler.
2) Open your site on the browser you use.
3) Look at the request and response headers on Fiddler. Any cookie set or delete will be there.
Other references:
Fiddler Can Make Debugging Easy. [September 12, 2006]
Fiddler Proxy and HTTP Debugging Tool [December 17, 2010]
As tiangoinu said, use Fiddler for Windows, or if you're on a mac, check out Charles Proxy.
As to your specific question, verify that you're not doing a redirect after you delete the cookie. In order for the cookie to be deleted on the client, the necessary HTTP headers need to be passed to the browser, and sometimes a cflocation will prevent those headers from being sent.
Yes, look at HTTPLive Headers for FireFox. Or some other type of intercept proxy to put between the browser and the server. You can then see the HTTP headers and try to determine where the cookies are being set (or at least how often).