We Keep Coding

cloud front signed cookies not being set by django set_cookie?

first Here is my code setting up cookies in my response:
cookies = dist.create_signed_cookies(resource,expire_minutes=expire_minutes)
taco = HttpResponse(json.dumps(payload))
taco.set_cookie('CloudFront-Policy', cookies[1]['CloudFront-Policy'], domain=cookies[0], httponly=False)
taco.set_cookie('CloudFront-Signature', cookies[1]['CloudFront-Signature'], domain=cookies[0],
httponly=False)
taco.set_cookie('CloudFront-Key-Pair-Id', cookies[1]['CloudFront-Key-Pair-Id'], domain=cookies[0],
httponly=False)
print('here comes the tacos')
print(taco)
return taco
now when we go to the chrome inspector I do not see CloudFront-Policy, CloudFront-Signature
am I correct that these cookies are not being sent?
See no cloudfront url

How can I embed in my site a CAPTCHA from another site, resolve it MANUALLY, send back to the original site and get the TOKEN?

The intention is not to resolve CAPTCHA automatically. Every user of my site will have to resolve the CAPTCHA.
The intention is to use free data from another site. These data are public and free, but to avoid massive requests, they are protected with CAPTCHA.
This is what I've done but doesn't work:
Create a proxy.php that manage and forward the requests to the original site.
Copy all headers from the original request (request of the CAPTCHA) and add them to the proxy. So, this is the form to resolve the CAPTCHA:
xxx is my site, example.com is the site that I want to resolve captcha and get data:
<img id="imgCaptcha" src="https://xxx/proxy.php?curl=https://example.com/Captcha&type=image&lang=it" style="width:200px;">
<input type="text" id="captcha">
<button type="button" id="btn_resolve">Resolve</button>
On button click, send the input text and check if it is resolved:
xxx is my site, example.com is the site that I want to resolve captcha and get data:
$('#btn_resolve').on('click',function(e) {
e.preventDefault();
var captcha = $('#captcha').val();
$.get('https://xxx/proxy.php?https://example.com/Captcha&type=check&captcha='+captcha, function(data, status) {
alert(JSON.stringify(data));
});
});
The result is always {"result":false,"token":"","message":null}
I think that the problem is with JSESSIONID cookie that I set in the proxy.php, but seems filtered out from Chrome with this motivation: "This cookie was blocked because its path was not an exact match for or a superdirectory of the request url's path".
Honestly I've got not clear if I can do this and how to do this: it seems that last versions of Chrome blocked some coockies. How can I do this with PHP CURL bypassing Chrome filters?

I resolved it adding all needed cookies in proxy.php file.
Proxy.php forward the request using curl.
This is a good starting point for a cross domain proxy in PHP that uses CURL commands
PHP CORS Proxy by softius
Then you can read JSESSIONID from after requesting the CAPTCHA image, and forward it to the proxy and add it and the others to the request:
header('Set-Cookie: cross-site-cookie=name; SameSite=None; Secure');
header('Set-Cookie: XSRF-TOKEN=XXXXX');
if (isset($_REQUEST['jsessionid'])) {
setcookie("JSESSIONID", NULL, 0, "/");
header('Set-Cookie: JSESSIONID='.$_REQUEST['jsessionid']);
}

How to access the value of a cookie injected in the request header on a POST call using Lua?

I'm attempting to retrieve an authentication cookie from a POST sign-in request. When I send this request using Postman, I see the cookie's value in the Cookies tab of the response in Postman.
Postman Response Cookies
My current Lua script is as follows:
local signInUrl = webBaseUrl.."/signin"
local signInResponse = http.request({"POST", signInUrl, headers={
["Content-Type"]="application/x-www-form-urlencoded",
["Referer"] = baseUrl}, data="UrlHash=&UserName="..username.."&Password=123&RememberMe=false", auto_decompress=true})
for i,v in pairs(signInResponse.cookies) do print(i,v) end
Printing out the value of the cookies returns a sessionId cookie and a return email cookie, but not the authentication cookie that I'm looking for.
I can see that the authentication cookie that I'm looking for is actually located in the Request Headers, in the Postman Console.
Postman Console
How would I go about getting the value of this cookie?

HTTPOnly Cookie not being stored before redirect

Currently, I have an HTML page that sends a POST request to a Python server with login details. The Python server verifies the login and then sends back a cookie via headers (I'm using the Cookie class built into the Python library). I want to redirect as soon as I get a 200 OK status. The issue is that the cookies are not being set quickly enough, so the redirect happens before the cookies are set and thus the check_login page will display that I have not logged in.
I want the browser to store an HTTPOnly cookie. Is there something in the XMLHttpRequest API that will let me redirect after the cookie has been stored, or an alternative method?
Thanks!
The HTTPRequest code:
var httpRequest = new XMLHttpRequest();
var url = 'http://localhost/login/';
httpRequest.onreadystatechange = function(){
if (httpRequest.readyState == 4) {
if(httpRequest.status == 200) {
window.location = "http://localhost/check_login/";
}
};
httpRequest.open("POST", url,false);
httpRequest.setRequestHeader("Content-type","application/x-www-form-urlencoded");
httpRequest.send(/*login details*/);
This request is called by clicking a button. If I go back to the page that this button is on and then click it again, I will always be logged in because the cookie was already set from the first click.

Set Domain on ASP Session Cookie

How do I set the domain on the session cookie generated by classic ASP?
I'm using 2 urls for my site, www.example.com and shop.example.com and I need the session cookie sent to both.

You should set it to:
Response.Cookies("YourCookieName").domain = ".example.com"
Note the leading "."