Is there a standard technique for an ASP.NET application to check if a client's browser
enables/supports cookies?
I'd appreciate any solution - even a less common one, as long as it's elegant enough.
10x!
Well, the only way to check it is to try to set a cookie, then in the next request check if the browser sent it back.
Related
In my next.js project,I want to set cookies when user logs in. with document.cookies(something) it is setting cookies, but it is limiting to set only one cookie. If I give more than one cookie it is taking only the first element. In both cases I am not able to get cookie values in the pages.It is giving document is not defined error.I tried using
https://github.com/js-cookie/js-cookie,
with this I am able to set and get cookies,I am not able to secure my cookies. It will be great if you can solve this or suggest me some methods.
Thanks in advance.
I'd suggest using https://www.npmjs.com/package/nookies as it's kinda tricky to do manually.
You can't use the secure flag when your app is running on localhost unless you are running the application on https. To test if the secure flag is working, deploy the application on production or testing environment.
I am using Spring Boot and While I am able to set the cookie on the server, it is available in the response on the browser, however it is not submitted in the further request, and reason seems to be a sub-domain issue. I will detail it with exact issue and content
Requesting Page: http://stgapi.py.com
it makes a API call -> http://secure.stgapi.py.com
Cookies is set with
Domain-> .py.com Also tried with .stgapi.py.com
path-> /
This is visible in the browser, however in the subsequent call to
http://secure.stgapi.py.com the cookies are not submitted
and hence re-login is requested and enters an infinite loop of login and failure.
Any help is much appreciated, entire web says this is how it works, not able to make it work.
After much brainstorming, figured out that we need to set
("Access-Control-Allow-Credentials", "true")
And client(User-Agent) should also send withCredrentials:true
Further ("Access-Control-Allow-Origin") should not be set to "*" and only one value(origin) is supported.
Reason: Being the above example is considered to be CORS request and not the way it looks at the very first place.
I use Postman extension to check out my RESTful APIs
I am trying to make a request to my "localhost", but it seems to have cached one of the query parameters.
I tried clearing cache of my chrome browser but this does not seem to work. I went to the extent of even changing the API resource name.
Has anyone come across such an issue?
Cache-Control request header can be used but one thing to clarify
no-cache does not mean do not cache. In fact, it means on every HTTP request it "revalidate with server" before using any cached response. If the server says that the resource is still valid then the cache will still use the cached version.
while no-store is effectively asking to not cache at all and is intended not to to store anything in the cache.
I tried the solution above and it didn't work for me. What worked was restart the application. I'm using eclipse and running a spring boot application.
In case someone is using the same environment and facing the same problem it may help.
I suggest to use Postman App rather than the extension because with postman app you can do lot more cool things like you can use the console to debug your APIs, create/delete cookies and cache with excellent GUI.
I came across same situation where the request are cached in Postman. I deleted JSESSIONID cookie from Cookies section on PM rather closing the PM app, it solved my problem (means - the call reached to my localhost app) and got accurate response. Please try it if someone needs this solution.
I usually just request the data on a chrome incognito tab/firefox private tab and I guess that this just resets the cache and then it appears on my Postman app.
(I would recommend using the Postman app instead of the website as it has many more features!)
Is there a way to get a list of all the cookies set by a website using WatiN?
The IE Browser class in WatiN provides a GetCookie method that allows you to retrieve a specific cookie, but I would like to iterate over all the cookies that have been set.
There are two methods that should allow you to get the cookies:
CookieCollection cookies = _browser.GetCookiesForUrl(new Uri(url));
and
CookieContainer cookies = _browser.GetCookieContainerForUrl(new Uri(url));
But both of these are empty. Also calling the GetCookie method for a specific cookie returns null.
Any suggestions of how to get this to work?
Recently I had to deal with this situation. At first I thought the cookies I was looking for were HttpOnly, but I took a look using WireShark and there was no HttpOnly flag.
Not sure why GetCookieContainerForUrl fails in this case, but a client side script call revealed the cookies were still there:
ie.Eval("document.cookie");
You might want to try that statement before resorting to packet sniffing every time.
Well, I suppose those methods should work as expected, but maybe you are trying to get HttpOnly cookies? Many sites/web frameworks sets this flag for important cookies, especially when it comes to "session id" cookies. You can't read them in WatiN and it's really hard to read them at all. I was looking for solution once and only one I got was article: Retrieve HttpOnly Session Cookie in WebBrowser
If you want to know if the site you are trying to get cookies is setting HttpOnly flag on the cookie, use Fiddler2 and look in response headers.
I set up an A/B test which required a fairly large amount of data to be stored in a cookie temporarily. While testing my code, I managed to get the cookie over 4kB. Safari set the cookie. On the subsequent page load, Apache returned an error since the cookie was too large.
I tested this on Firefox as well and it simply ignores the cookie, which seems to be the correct behavior to me.
I've seen this happen before first-hand on GMail. I used to get Bad Request errors and would have to delete my cookies. It was a known issue that's been resolved.
I can find nothing online about Safari allowing cookies over 4kB. Isn't this potentially dangerous? The idea that our users could be blocked from accessing our site and have no idea what's going on is scary. I don't know off the top of my head how it'd be possible to delete those cookies from our side if they got too large.
Why does Safari do this? Do any other browsers?
http://www.nczonline.net/blog/2008/05/17/browser-cookie-restrictions/ says that firefox and safari allow cookies up to 4097 characters, IE 4095 and opera 4096
there is something here about fixing the issue when the error happens, basically the error document clears the offending cookie so subsequent request will work (hopefully) http://www.webmasterworld.com/forum92/1163.htm
The standard specifies a certain minimum size for cookies. However, it does not specify a maximum size. Any browser can store a cookie of any size, as long as it's at least 4kb.
As a web developer, you try to only create cookies that work in all browsers. It's not up to safari to hold your hand on this point- It is simply dealing with the condition of a large cookie by accepting it, where others reject it. This is neither correct, nor incorrect. It is simply allowed.
I don't follow your point about it being potentially dangerous. If a user is blocked from your site, because of a cookie that you are setting doesn't work in some browsers, that is your fault, isn't it? Safari is just dealing with it where other browsers don't.