ExtJS 4.0 cannot read connect.sid from cookie - cookies

I try do develop a web application with ExtJs 4.0.
On startup the application sends a request to a server. This server sends a response. The responses' header contains Set-Cookie:"connect.sid=foobar"
When I look into the preferences of my browser, I can see that the cookie was created correctly.
My problem is that somehow I cannot access this cookie in my ExtJs application and I don't know why.
I tried to retrieve it with the following methods:
document.cookie.split(";")[0]
Ext.state.Manager.get("connect.sid"); => of course I initialized the state manager with a cookie provider
Ext.util.Cookies.get("connect.sid");
No matter which method I use, I get always undefined as return value
I hope somebody can help me, because I really don't understand why it does not work.
Thanks in advance.

Finally I found the problem.
The httpOnly flag was set in the response header. Therefore the cookie was not accessible for java script.

Related

Postman cookies not set for subdomain (Postman Inceptor, Postman Native App)

i am playing around with Postman to get some insight on how things work behind the curtain and ran into, what I believe, is an issue but wanted to ask before I create a new issue on GitHub.
I am intercepting the request from my browser to the same site using the Postman Interceptor to use the request values in the native app. I have cookies enabled and the site (the whole domain) whitelisted.
When I use the history to resend the same request that was captured I get an auth error that is caused by the fact that the cookies are not included in the request (found that out by checking the cURL code snippet). I believe the reason for that is, that the cookies are set under another sub domain than that the request is send to.
I will try to include some pictures to clarify. My question here is:
Am I missing something/did I set something up in the wrong way
or is this an issue and I should create an issue in the official Postman Github page
cURL request
Cookies in Postman Native App
you should see if cookie is being send not using code snippet but the console :
its indeed sending cookies ,

Firefox extension/addon does not store cookies

I'm working on an browser extension that authenticates with a remote server via XMLHttpRequests. In Firefox (59.0.2) I have the problem that the session cookie send by the server is not stored in the browser. When looking at the network traffic I get a Set-Cookie response from the server for every request:
Set-Cookie JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0;Path=/
but it seems that the cookie is never accepted or stored in the extension.
When looking at Chrome (where the extension is working) my extension includes this cookie in the request:
Cookie: io=jCX1X9rlaOhCqE0nAAAB JSESSIONID=node01abks2u96hf84wt0i1uqwsb9879.node0
However, this is not the case in Firefox. Why is Firefox is not including the cookie in the request? and why is it not storing the cookie?
UPDATE: as suggested I filed a bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=1454806
Furthermore, I created a very minimal example addon that fails:
https://gitlab.com/czeidler/firefox-cookie-problem
Could somebody please let me know if that addon really should work? or am I doing something wrong? To trigger the problem open the debug view of the addon and select the network view. Then click the addon popup icon. This will trigger two requests to my server. The first reply contains a Set-Cookie header that is not reused in the second request.
I found the reason why it is not working. Firefox handles a request from the popup as a cross domain request and does not set the cookie for this reason. Not sure if Chrome and Firefox should behave the same here or which approach is the better one. Here is how I fixed this issue to make it work in both browsers:
On the server:
response.addHeader("Access-Control-Allow-Origin", request.getHeader("Origin"))
response.addHeader("Access-Control-Allow-Credentials", "true")
In the popup:
connection.withCredentials = true;

Cookies in ASP.NET Core rc2

Can someone pls explain how to store and get cookies in an ASP.NET Core rc2 application? I can only find outdated information about the old HttpContext.Response.Cookies.Get and Add methods, neither of which still exist in Core. Also, the HttpCookie class doesn't seem to exist either.
What is the new cookie class and how can I get and add one?
(Note: I am not specifically taking about authentication cookies, just general data cookies)
For getting request cookie value:
HttpContext.Request.Cookies["<key>"]
Setting response cookie:
HttpContext.Response.Cookies.Append("<key>", <value>, <options?>)

Delete postman cache

I use Postman extension to check out my RESTful APIs
I am trying to make a request to my "localhost", but it seems to have cached one of the query parameters.
I tried clearing cache of my chrome browser but this does not seem to work. I went to the extent of even changing the API resource name.
Has anyone come across such an issue?
Cache-Control request header can be used but one thing to clarify
no-cache does not mean do not cache. In fact, it means on every HTTP request it "revalidate with server" before using any cached response. If the server says that the resource is still valid then the cache will still use the cached version.
while no-store is effectively asking to not cache at all and is intended not to to store anything in the cache.
I tried the solution above and it didn't work for me. What worked was restart the application. I'm using eclipse and running a spring boot application.
In case someone is using the same environment and facing the same problem it may help.
I suggest to use Postman App rather than the extension because with postman app you can do lot more cool things like you can use the console to debug your APIs, create/delete cookies and cache with excellent GUI.
I came across same situation where the request are cached in Postman. I deleted JSESSIONID cookie from Cookies section on PM rather closing the PM app, it solved my problem (means - the call reached to my localhost app) and got accurate response. Please try it if someone needs this solution.
I usually just request the data on a chrome incognito tab/firefox private tab and I guess that this just resets the cache and then it appears on my Postman app.
(I would recommend using the Postman app instead of the website as it has many more features!)

Facebook Connect not setting cookies

I'm trying to implement Facebook Connect on a website with .NET MVC using C#.
I've followed the instructions here: http://wiki.developers.facebook.com/index.php/Trying_Out_Facebook_Connect step by step. I can make the login work as in that when I log in through the site I'm also logged into Facebook.
In order to work with this in the server I think I need to access the cookies Facebook is supposed to leave like:
APIKEY_user
APIKEY_session_key
...
as mentioned here http://wiki.developers.facebook.com/index.php/Verifying_The_Signature.
The thing is I'm not getting any of these cookies. I've googled and it seems like I'm the only person with this problem. Any ideas as to what I could be doing wrong ? Has this happened to anyone else ?
The issue was that I was developing locally using localhost.
I resolved the problem by changing the settings for the application to point to a certain web address instead of localhost and changing my hosts file lo point that same web address to 127.0.0.1
from the UI/client-side perspective, always insure you have the correct path indicated for the xd_receiver file in your FB.init() method.
Firecookie is very useful for seeing what Cookies are/aren't being set.