Cookies are constantly updating lifetime in Yii2. How can I fix the problem?
When the method is called Yii::$app->user->isGuest cookies updates the time of his life.
I use base example and testing in browser Google Chrome.
Maybe this is what You need, set this in configuration: http://www.yiiframework.com/doc-2.0/yii-web-user.html#$autoRenewCookie-detail
Related
So I read some old threads here about Google deactivating the Google Yolo/One tap option (that was at the end of 2019). I'm not sure what's the status now since the documentation seems to work again.
Anybody has any idea about the current status of the feature?
Thanks
The project seems to be active again and here are some recent release notes.
I have tried it and it seems to work pretty well.
PS: Please check the browser support and know your user base if you plan to use that as your only authentication mechanism though. Always have a fallback auth mechanism if onetap isnt supported or not displayed.
This might sound like a question that gets asked frequently but I am not looking for solutions to handle duplicate requests. I just want to know what could cause Apache to receive duplicate requests in the first place.
I have been running into a rather sporadic problem. I have a form that does a POST request on submit but the request can somehow get duplicated just a second later (according to access logs). This used to be a more frequent problem because we were not handling it as gracefully so I put in some client side code to disable the submit button during the form submit event. This prevents double submission (obviously as long as javascript is enabled), but the problem still persists in a very randomly manner. One thing I noticed from logs is clients that cause the issue are android phones running Chrome. Does mobile Chrome do funky things like retry POST requests on it's own? When testing it on my own, I could never get duplicate POST requests to occur, unless I remove the javascript code that disables the submit button.
Web server setup is super simple. No load balancing or anything, just a single server running Apache 2.2.15. We use PHP 5.6 but that probably has nothing to do with this.
I guess it is users doubleclicking rather than clicking, and the application they use transforms every click into a new POST request. Here I'd look into the application design.
Usually I use frameworks that totally cover this and thus can only guess. Clicking the button should not only trigger the POST request but also disable the button while the action is in progress. So JavaScript code could look like
disable button
post the data
enable button
If, due to the POST, the browser navigates to another page this would not be harmful at all.
EDIT: Seeing you did exactly what I suggested, maybe there is another cause.
Suppose users POST their data, and then the screen goes dark, or they switch applications. When they reactivate the browser, is it possible the browser reloads the page by repeating the last request?
I think frameworks cover such situations by responding with a redirect as response to POST, and the redirect would retrieve the data via GET. Since GET is idempotent, it can be run repeatedly without further damage.
I'm building this Vue 2 app, and I keep reading that one should use Vuex State management, in the beginning I didn't quite understand it's concept, but now after playing around with Vue, I can see it's a most for a larger app.
But my question is can someone from Dev console or in any form access data which are stored in store.js, I mean those data which I do not render to browser?
Can I keep sensitive data on store, by sensitive, I mean, user clicked this link, sent message to this user, spent so much time on this page etc... and in mean time upload all this data to my db..
Is Vuex Store for this kind of work/job ?
Cheers
Yes they can.
The invocation I use is
document.getElementsByTagName('a')[0].__vue__.$store.state
This assumes the first link has vue properties, which is almost always the case. If not, try other tags. The UI is unpleasant, but adequately self-documenting. It's a useful debugging tool and something a user could do.
Of course, a determined and skilled user could write a browser plugin to put a good UI on this. Or maybe that's what the Vue.js devtools extension for Chrome does? I haven't actually used that.
2022 Answer
Vue 2:
Array.from(document.querySelectorAll('*')).find(e => e.__vue__).__vue__.$store.state
Vue 3:
Array.from(document.querySelectorAll('*')).find(e => e.__vue_app__).__vue_app__.config.globalProperties.$store.state
This code works on all production sites, including remote mobile debugging, and does not require dev mode.
dspeyer's answer was the basis for my answer, but based on an <a> tag does not work on all applications. All other answers assumed that Vue was in dev mode, not applicable for a production site on mobile web browser. Thank you Joe Maffei for the Vue 3 update.
you can use
__VUE_DEVTOOLS_GLOBAL_HOOK__.store
You can use Vue devtools in Chrome to see the store:
This just worked for me:
_this.$store
can someone from Dev console or in any form access data which are stored in store.js
short answer: no
longer answer: depends on sneaky they are. but I would not be too worried about this... because since (I assume) you plan to send the collected data to some type of API, even if they can't access the Vuex store... they could still see the AJAX request going out.
Can I keep sensitive data on store
It's generally not a good idea keep any type of private or sensitive data on the client. But in your particular case I think it's fine because what you define as "sensitive" is just some metadata about the users actions (aka: their history).
Is Vuex Store for this kind of work/job ?
You can store just about anything in Vuex. There is no real limitation on the type of data... only on how much (I would not recommend turning a 500mb images to a string and putting it in the store...)
I am stuck with one issue here. There are some adshowing malwares which are loading on top of my website at the client's system. These are ajax calls happening in between my requests.
I suspect these malwares are resulting in increased page load time for my site.
If it's a browser related one, best is to try use AdwCleaner.
When I had some "weird" issues with the browser this one solved the issue.
If you haven't already, give it a try!
I have an app that creates a couple of WebView instances and I'd like to have them operate as independently as possible.
At the very least, I don't want them sharing cookies. A quick google search gave me results liking "you can't." I'm hoping someone has a better answer.
The basic answer is "you can't".
After looking at this for a bit, I think it's possible, but extremely complicated. It would involve implementing a resourceLoadDelegate on your WebView that implements -webView:resource:willSendRequest:redirectResponse:fromDataSource: and modifies the request to turn off HTTPShouldHandleCookies and adds any relevant cookies to the request manually. It also has to implement -webView:resource:didReceiveResponse:fromDataSource: to find out about any cookies returned from the server. You can alloc/init your own copy of NSHTTPCookieStorage per-webview and use that to store/retrieve the cookies.
This post sums up what you could do. I'm not sure if it is feasible for you and I feel it wouldn't be a straightforward task, maybe even risky, but it seems to be possible: the author claims iCab does it this way.
I was hoping for a simpler solution too, really. Of course, since Webkit is open source you could just roll out your own version of the framework with changed behavior I guess?
I would assume that cookies would be configured on a service / application level and not for particular instances or processes. Perhaps you could revise your question to find a way to resolve the problem you are having which requires that the instances do not share cookies.
What is the motivation for not sharing cookies between the instances?
If you just need 3 views into the same web resource you could setup some virtual hosts that point to the same data source.
What you can do is take a look at libcurl which can handle cookie stores that don't mix with the URL Loading system wide cookie storage for those requests you want to separate. For me that seems to be a valid and simple solution. If you really need to depend on webview/webkit it might not be.