I need to clear the SSL state when the user clicks logout, I see some older method like
document.execCommand("ClearAuthenticationCache", false);
and
window.crypto.logout();
But when I use this in the modern browser it is not working.
So how to achieve this functionality in modern browser
Any suggestion is appreciated.
Related
As title, there would be a alert "verify your identity with webauthn.io" poped when I regisetered a user through FIDO. The alert might have some options. My target is to write a script that can automatically sign in a website by selenium, but I have no idea how to handle this alert in selenium.
Is there any way to handle this alert?
the alert be like
For testing purposes you could use a virtual authenticator. Chromium based browsers have the option to emulate WebAuthn/FIDO2 authenticators - https://developer.chrome.com/docs/devtools/webauthn/
I've found when the virtual authenticator is enabled, it'll "bypass" the menu in your image above. The WebAuthn ceremony is still completed, the menu just immediately utilizes the virtual authenticator when enabled. The same will be true for authentication
Some considerations
This is not an option in all browsers (notably Firefox and Safari)
For application testing I highly recommend that you still perform a round of manual testing utilizing a real authenticator (YubiKey, Face ID, Windows Hello, etc..)
Hope this helps
I have vb.net 2010 and I need a way to transfer a cookie container from the program I made to web browsers like Internet Explorer, Google Chrome, Safari and Mozilla Firefox. All answers are much appreciated :)
Well, I really hope that modern browser have protection against this kind of attacks (yes, you should not be able to write/read cookies from 3 party domain such as stackoverflow.com).
If you want to implement user cookie to user browser then let it open some page where there cookie will be implemented to the browser...
I am developing an application which on login page also supports facebook login with
<fb:login-button>.
I have set up two Apps on facebook:
one for localhost (Web site url http://localhost/, no App Domain)
one for testing server (Web site url http://dev.domain.com/, no App
Domain)
When I am developing on my own computer click on login button operates as expected and I am logged into my application.
When I put my application to the server (change appid and secret to use 2nd App) and click login button the facebook login dialog opens and when I enter email and password it closes but my applciation does not log me in.
Whats more if I check on server I see that process which is handling this web request is constantly increasing memory size (3MB per second) and its taking 50% or more CPU time. If this process is not stopped soon the server becomes unresponsive becouse memory used by it is maximum possible and CPU time is 100%.
This happens as soon as facebook login dialog closes.
In my application I am using library facebook C# SDK from codeplex.
If anyone has any information on what I might be doing wrong O would greatly appreciate the answer.
Found the problem...it was not about facebook but .Net Framework. It appears that some versions of framework support parameter passing from dynamic objects and others don't.
So when i changed code from
dynamic fbuser = GetUserData();
DoSomethingWithID(fbuser.id);
to
dynamic fbuser = GetUserData();
object fbid = fbuser.id;
DoSomethingWithID(fbid);
it started to work...dont really understand why sometimes even on the server it would work (after remote debugging it always worked until dll's were replaced but ...dont really care :) )
Thanks for all replies.
Sounds like an infinite redirect loop.
Check to see what your browser is doing using Firefox's Firebug or a built-in developer tool for Chrome, IE or Safari. I think there might be a setting wrong in your app settings, and by looking at the traffic it might help lead us to the culprit.
In my web application, I have used the asp Login control to facilitate the login process. I have noticed that if I open the site in a browser and log in, and then open another browser and go to the site, then the second browser shows that I am already logged in, even though I didn't log in using that browser. I have noticed that some other sites (such as my bank's web access) work this way, but it still seems odd to me. I'm not sure if it's bad or not, but it is strange.
Is this behavior bad?
I have also noticed that if I close all of my browsers and then open a new one up and go to the site, I am NOT logged in.
This is because those sites use session cookies. If you open different brwosers at the same time, such as FireFox, Opera, Chrome and IE, you'll have to log in in all of the browsers independently. However, when re-using the same browser application, this usually does not spawn a new process with its own session data but rather re-uses the already open browser.
If you are using a browser that supports multi-tabbed sessions e.g. IE7+, Firefox etc, you will find that, if you have the same ASP.NET website open in multiple tabs, each tab will share the same authentication credentials. This is because the session ID applies to the browser instance, not the tab instance, so if a user logs in on 1 tab, then opens up another tab to the website, they won't have to provide their credentials twice.
I don't think there's an easy way around this behaviour. You could choose employ cookie 'munging', storing the forms authentication ticket on the URL, but this seems like a bad idea from a security POV.
Lucero and pmarflee are both correct.
To provide a bit more information though:
Firefox will share session between tabs and all browser instances
IE 8 will also share session between tabs and all browser instances
IE 7 shares session between tabs, but not across instances
IE 6 does not share session across instances
I'm not sure how Opera, Chrome, or Safari handle sessions.
My implementation of Facebook Connect (just a simple login button, fb:login-button) works perfectly on Firefox and IE.
But the same button is not showing up in Safari/Chrome (Webkit).
Here's what's ironic. In my debugging effort, I saved the page (that contains fb:login-button) up as a static page and then load it in Safari. And the button shows up, everything works!
The exact same page (with the exact same HTML source) rendered by my PHP has no way for bringing up the button.
I'm trying hard to support Webkit here but I'm close to giving up. Can anybody help?
I found one more way this can occur (the blame-myself-for-being-stupid way); it's probably not common, but in the event is saves anyone else the hassle, here it is:
This symptom can also be caused by various security tools blocking facebook resources.
In my case, I'd installed Facebook Disconnect ages ago in Chrome as a plugin and forgotten all about it being installed. I also had a second installation of Chrome that was seemingly identical (but did not have Facebook Disconnect). The first would properly load the fb:login-button, and the other would not; took me ages before I looked at the plugins, because Facebook Disconnect didn't have an icon and so its presence was pretty easy for me to miss.
Here's what you'll see if some sort of security plugin is preventing facebook resources from loading. Just look at the html that renders in the browser using developer tools.
In a normal chrome session you'll end up with something like this:
<fb:login-button><a class="fb_button fb_button_medium"><span class="fb_button_text">Your text here</span></a></fb:login-button>
But in the version with facebook's resources disabled you'll end up with this:
<fb:login-button>Your text here</fb:login-button>
Like I said, pretty obvious in retrospect.
Had the same problem but it was not related to anything like a plugin or malformed content. It seems if you enable country filtering on your facebook page it has an issue with the like button, this should be fairly obvious. Facebook gets your location from your profile and not your IP address.
Make sure to disable country locking if you plan on using the social plugins.
This can be due to having ClickToFlash installed. Either disable it, or check "Automatically load invisible Flash views" in the ClickToFlash settings.
What we found out is that Safari (and maybe some older versions of Chrome or other WebKIT browsers) have a problem with Facebook's code using the innerHTML JS function if your page arrives with an XHTML response header (application/xhtml+xml).
Using text/html solves the issue.
In case of JSF2, which we use, the implementing the fix was as simple as wrapping the FB button like this:
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:fb="http://www.facebook.com/2008/fbml"
xmlns:f="http://java.sun.com/jsf/core">
...
<f:view contentType="text/html">
<fb:login-button>Login using Facebook</fb:login-button>
</f:view>
Facebook bug report here:
http://bugs.developers.facebook.net/show_bug.cgi?id=5545
I had this problem with the Facebook button not showing at all and it took me forever to figure out what it was. Luckily after days of hair pulling I will now share the answer with everyone. In my situation I simply didn't have xfbml enabled. In my FB.init I had it set to false:
FB.init({
appId : 'app_id', // App ID
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : false, // parse XFBML
oauth : true // enable OAuth 2.0
});
I changed this to "true" (xfbml) and the login buttons works great now! :P Good luck!
This happened when I had the wrong domain in callback_url in config/facebooker.yml. Apparently it uses that to load the js files.
I had the same problem but I resolved it by making sure the URL in my app settings was exactly the same as the one for my site (i.e. it didn't work when I accessed my site without the www.).
I have tried every suggested solution here and it didn't work for me. But now I finally found the solution.
Facebook requires now a secured (https) for Canvas (Secure Canvas URL). The unsecured one will be deprecated soon.
Here is the main difference, Chrome doesn't like https connections with invalid certifications. On a localhost, it is very likely you have stunnel installed to allow https connection for the localhost. Firefox is ok with the self created SSL certificate and allows you to add an exception when trying to access that site. Chrome doesn't allow it out of the box.
When I load my app in Chrome the page is blank and I dont see any login button.
Click F12 and click the Netwrok tab in Chrome:
You see that the post request to your localhost is cancelled. DOUBLE Click on it.
Now you would see that chrome is blocking the localhost because of the certificate:
click on proceed anyway.
Now to back to your other tab and reload the page:
Chrome works now like Firefox and shows the login button.