How to not delete cookie on closing the browser vuejs + nuxt? - vuejs2

Currently the browser automatically deleting cookies on closing. But I want to keep the cookies until logout. How can I do that in nuxt ?

There are 2 cases:
The cookie is set by the remote server - Vue or Nuxt have no control over this cookie (assuming it is marked as HttpOnly). If the cookie is a "session cookie" - it will expire when you close the browser's tab (which obviously also happens when you close the whole browser). If it is not a "session cookie" - it will have an expiration timestamp and the browser will not destroy it until (a) you close the whole browser or (b) the cookie expires (whichever happens first). Such a non-session cookie will survive the closing of the browser's tab.
The cookie is created locally by JavaScript in the browser - you have full control over the cookie so you can set whatever expiration timestamp you want (either in the future or in the past) and the same rule applies (the cookie will expire either on its own or when you close the browser - but it will not expire if you close the tab)

Related

The browser clears session cookies when a user returns from the payment gateway (Chrome)

The persistent session issue the application is facing after the recent browser updates (e.g., Google Chrome v84 onwards ).
When the application is browsed using an incompatible browser version, the application cannot have a persistent session across a transaction that happens through the payment gateway. Due to this, the user gets logged out automictically after the user is redirected back from the payment gateway. Thus the user is not recognized as the client who initiated the payment.
This problem mostly happens with Chrome 80+, all other browsers work fine (Firefox, Safari, Edge, mobile browsers like Samsung Internet, etc). Older versions of Chrome also works fine (<=79).
How can this be fixed?
To fix the above issue, the following cookie modification header should be configured in the app/proxy server in the application vhost (e.g., Apache vhost ).
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
After applying the above configuration the server should be restarted.
Note that if the app/proxy server is different to Apache ( eg: nginx) the above configuration should be changed accordingly.
If the above configuration is successful, the following change is noticed in the browser developer tools under Cookies ( eg: firebug )
The values of HttpOnly & Secure should be true, and the value of SameSite should be none.
Read more
Google Chrome doesn't delete the sessions cookie, it just does not set it on a post request from 3rd party domain. So you can create an interface page for returning from the payment site and save posted contents in the session, then redirect the user to the main payment confirmation page. Also, you can repost the data to the confirmation page without saving them using an HTML form. Please note that you shouldn't check the user is logged in or any cookie on the interface page.
Payment site ==post==> Interface page (cookie doesn't set)
Save the posted date to session
Interface page ==redirect==> confirmation page (cookie does set)

TestCafe: why t.navigateTo(URL) clears out the cookie

I'm manually setting the cookie during the test run as the userRole is not working for me in my local environment as the client sets the cookie and due to some reasons TestCafe clears it out.
When my first test is ran it kicks out and I set the cookie before the second test. I can see the cookie exists but as I'm already in the login page I need to use t.navigateTo(URL) to login to the homepage. When I use it t.navigateTo(URL) clears out the cookie and I keep in the login page instead of the homepage.
If I manually enter the URL of my homepage while the test is stopped at a breakpoint I'm successfully able to go to my home page and my test pass if the debug is resumed from this point onwards.
I was hopeful that the t.navigateTo(URL) would be just doing the redirect to URL but it seems with the redirect it is clearing out cookies as well. Any fix for this?
I actually figured out. By running the tests with flag --disable-page-caching it worked.

How to debug why cookie is not being set with setcookie on one server but works on other?

I have included a form which takes user's input and sets a cookie with setcookie php function while processing the form.
This works in one server, but doesn't work on other.
The server in which the cookies isn't working shows some blank httponly cookies in client's browser.
I don't know how to troubleshoot this..I can see form values are successfully being submitted in POST, but I don't know what's happening when it runs setcookie.
And yes, I am setting the cookie in before html and in headers.
My php is custom installation and is of 5.4.45 and httpd version is 2.2.
This was set in my httpd.conf file causing cookie to not work:
Header set Set-Cookie HttpOnly;Secure
I don't know the consequences of disabling it. But I have disabled it anyway temporarily, until I know what they are for.

Rails 3 with Devise and IE cookie

I have a Rails 3 app running on Heroku. For authentication I use devise. The session data are stored in a cookie.
Now when I use Firefox I can see the cookie - I use a Firefox plugin to see it; when I use IE I cannot see it: there is not cookie file getting set and when I use the developer console to view the cookies I get nothing. The web app is working fine in IE so somehow the cookie gets sent to the server.
What is going on? How can I see the session cookie in IE?
Thanks for any help.
-Matteo
Does your URL contain an underscore? Internet Explorer does not like underscores in the URL when handling cookies.

Resetting password-protection on Apache web directory

I have a password-protected Apache web directory I'm testing. When I first access the directory, it requires that I login in. However, on subsequent tries it let's me right in, even after I clear my browser cache- how do I get it to force a login again?
The browser stores the credentials and sends them along with every request - usually, for the duration of the current session.
Closing the browser and re-opening it makes it usually forget the credentials.
Forcing the browser to forget credentials (i.e. logging out) is tricky. See HTTP authentication logout via PHP for some approaches.
Easiest way I've found:
Using Firefox 4 on Mac,
Go to 'Tools' > 'Clear Recent History...' > 'Active Logins'
Refresh the page (You don't have to close the window)