I'm trying to make integration of etherpad-lite in the CMS Plone, following Example 1 of the official documentation http://etherpad.org/doc/v1.2.7/
Portal places the cookie "sessionID" with the given value on the client and creates an iframe including the pad.
Everythings goes well except for the cookie. Reading documentation the best pratice seems to make etherpad-lite in the same domain under a specific path. This is what I have done using /pad/ path.
Plone side if no session has been created, I created on, I add a cookie and then I'm doing a redirect to the same page to be sure the cookie is in the browser.
As a results my cookie is added to the request of the main page but not ob the iframe request.
Here is the google chrome console network tab for the main page and the iframe:
http://toutpt.makina-corpus.org/en/images/cookie-in-iframe/
The code corresponding to the setCookie is at https://github.com/toutpt/collective.etherpad/blob/master/collective/etherpad/archetypes.py#L100
For posterity, here's the answer from #AskoSoukka identified and "accepted" in the comments above:
How does the actual cookie stored in you browser look like? Probably, you need to explicitly specify path="/" in setCookie kwargs to make it work for the whole domain.
Related
Firstly, I did add the line CookieManager.check.cookies=false to jmeter.properties.
What I'm Trying to Do
I want to add a cookie to a request's existing cookies.
For example, I see the request has [edited]:
Cookie Data:
c1=sfasfsfsfsfs; c2=erqwerqwrr; c3=poiuopiupoi
Expected Results
I would like it to have:
Cookie Data:
c1=sfasfsfsfsfs; c2=erqwerqwrr; c3=poiuopiupoi; partner=favicon.ico
Here is what I tried:
BASE_URL_2 is a variable defined in the form qa.company.com.
Actual Results
Whatever I have tried so far has not made any change in the cookies.
What else shall I try?
Underlying Motivation
Recorded a Web session and played it back.
Added a RegEx Extractor to pull out a token and then added it to subsequent requests. That helped.
However, certain requests failed with an custom application exception Security violation, please refresh.
Probably session login state is not being passed, so the website thinks the call is "stale".
I've seen this on the GUI when the session expires and you try to click a button on the site.
On comparing the cookies seem in JMeter with what I saw in the Chrome Debugger, it was clear that there were more cookies in the running application than what I had in JMeter.
Are you sure you're using HTTPS protocol because if you have secure flag and using HTTP protocol - the cookie will not be sent.
Also remove = from partner= otherwise you will end up with partner==favicon.ico
Demo:
More information:
Using HTTP cookies
HTTP Cookie Manager Advanced Usage - A Guide
I'm trying to implement an answer from another question on this site:
Detect when browser receives file download
I've followed all of the steps and everything is working up to the point where I try to retrieve the cookie. When I use Firebug I can see the cookie that I created in the header response, along with a cookie that was created earlier in the app by javascript.
The info in firebug for the two cookies is:
name:earlierCookie,value:1234,Domain:localhost,Path:/,Expires:Session,HttpOnly:false
name:cookiefromServer,value:5678,Domain:localhost,Path:/resource/upload/file,Expires:Session,HttpOnly:false
So, you can see that the cookies are in the same domain (they have different paths). When looking at document.cookie, only earlierCookie is present.
Why can I see cookieFromServer in Firebug and not in document.cookie?
Also, please tell me if I need to post more info.
I figured this out on my own. The problem is the path. Setting path to / from the server allows the cookie to show up in document.cookie I have no idea why this is and can't find good resources explaining it.
I build up very simple test plan.
Login: POST, a session cookie is returned.
Get the state: GET, a user state is returned.
Create a resource: POST, JSON body is supplied for the resource.
So my 'Test Plan' looks like:
Test Plan
Thread Group
HTTP Request Defaults
HTTP Cookie Manager
Login (HTTP Request Sampler: POST)
Get State (HTTP Request Sampler: GET)
Create Resource (HTTP Request Sampler: POST)
The cookie generated by 'Login' is added to 'Get State' correctly.
But 'Create Resource' has NO cookie. I changed their order but it doesn't help.
I used the default options firstly and changed some options but it also doesn't help.
Is it a bug of JMeter? or just POST http request is not able to have cookie?
Please give me any advice.
[SOLVED]
I noticed that it is related to the path, not the method.
You'd like to look at the domain of the cookie as well as the path.
I mean, the path and the domain of a cookie could be defined in the server side through Set-Cookie header.
Another solution is to set CookieManager.check.cookies=false in jmeter.properties usually sitting besides the jmeter startup script in bin.
JMeter for some reasons thinks that you can't set the path=/something in a cookie if you are on http:/somesite/somethingelse. That is the path has to match the path your currently on.
I've never seen a browser enforce this limitation if it actually exists. I've seen and written several sites that use this technique to set a secure cookie and then forward someone say to /admin.
I wish this option was at least in the GUI so I didn't have to change the properties file. I think BlazeMeter is smart enough to turn off checking where flood.io is not. If it were up to me I'd just remove the code that checks this entirely. Why make the load tester any harder then it needs to be.
I had this turned on in my Spring Boot server which was causing the issue with CookieManager in jMeter:
server.servlet.session.cookie.secure=true
Removing this made the cookies flow ! Of course this is for localhost. For Production you may need this turned on.
I'd like to set an HTTP cookie for my users, in order to not bother them with having to log in every time.
What I want to know is this: if I set the cookie at a page other than the homepage for my website, then will that cookie be available when the user comes to my homepage the next time?
More generally, is it the case that I can set the cookie at any page of my website, and the cookie will be available to me whenever I want?
Thanks!
Cookies can be configured to be available on specific subdomains, specific paths and specific protocols (HTTPS only, for instance). Without you telling which language you're using, it's hard to tell the default behavior of your local Set-Cookie function, but I believe that most often, the default behavior is to make the cookie available to all subdomains and all paths.
So yes, if you set a cookie on a random page, it should be available to the home page, too.
Yes - once you set a cookie it will be accessible from the server as long as it is stored in the user's browser (hasn't expired or been deleted).
I found that if the cookie is being set via Javascript, then this can be determined via a simple parameter.
The example JS code (from here) sets a cookie, that is available across the site
$.cookie('the_cookie', 'the_value', {path: '/'});
I have two pages on two different domains example1.blogspot.com (a Blogspot blog) and example2.com (my own domain, static page). Both pages contain an iframe which loads the same document from a third domain, example.org. The iframe's document contains a small JS web app which calls example.org via AJAX, one of the calls is a POST request and the server sets a cookie with the response.
Upon reloading the pages, the cookie on example1.com seems gone, i.e. jQuery's $.cookie() returns null. On example2.com, everything is fine. This happens only in IE7 - IE6, Safari and Firefox all behave as expected. What's wrong with IE7?
Thanks, Simon
edit:
Oh well, stupid me ;-) It looks like I have a race condition between some event handlers and a window.setTimeout call when deciding whether to check for cookies...sorry!
So if $.cookie() returns null, What does document.cookie show? Also have you taken a look in IE7's list of cookies to see if the cookie is actually there? Also check that PATH and DOMAIN settings on the cookie are correct.