Rails 3 and encrypted cookies with IE9 - ruby-on-rails-3

I am using encrypted cookies to pass data to my rails app. Once these cookies get set, they are being passed just fine to my app from Chrome, Firefox, Safari (iOS and OSX version), etc.
However, the cookie isn't being passed back when I do the same on Win7/IE9.
I'm using Ruby 1.9 and Rails 3, and using the cookies.permanent.encrypted method of setting the cookie. E.g:
cookies.permanent.encrypted[:some_data] = object.some_data
Any ideas about what's going on?

It turns out it has to do with my P3P policy not getting passed correctly prior to the cookies being set. IE prevents cookies if that's the case, other browsers apparently don't care about that.

Related

How to find session cookie when not found in the developer tools?

I want to automate requests on a website and when doing so, I need a session cookie in order to identify myself.
When checking the network tab, I can clearly see the session cookie, but when checking the Application tab, this cookie is not shown. After accessing this website with selenium and calling driver.get_cookies() with Python, I only get the cookies shown in the Application tab.
I need to do this with selenium because this way it's possible to login. Only using requests will not work.
I do not have many clues on how to get that cookie and have almost 0 experience in this field, hence my question.

Safari isn't sending XMLHTTPRequest cookies at random

I have an Express server using PassportJS authentication. I am using standard XMLHTTPRequests to retrieve files.
Chrome and Firefox work without problems. Safari (Mac and iOS) is failing to send a request cookie with some requests and doing this inconsistently.
Logged failed requests all have a different session id that isn't authenticated with PassportJS.
Chrome and Firefox have a single session id for all requests.
I'm not using cross-origin requests, these are all same-origin. I have tried using withCredentials true with the same result but this property shouldn't be needed anyway as it's same-origin and Chrome and Firefox work without it.
There doesn't seem to be a pattern to which files fail to send the request cookie. Sometimes at random (but rarely), all requests load ok.
It's not a sequential failure, most requests succeed to begin with then a sequence of fails with some successes in between.
The Express server isn't destroying the sessions, they keep accumulating. Failed requests have session ids that are not authenticated sessions.
What would cause Safari to randomly not send the request cookie for some XMLHTTPRequests?
It turned out to be the crossOrigin property, I must have been doing cross-origin requests:
https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes
Most of my loaded files had their crossOrigin property set as "anonymous". For some reason, Chrome and Firefox seemed to ignore this and sent the cookie credentials anyway but Safari didn't. Setting this property to "use-credentials" worked fine:
img.crossOrigin = "use-credentials";

How do I automate cookies synchronization between postman and the browser

When using the Postman Chrome App with the Interceptor extension it's easy to reuse the browser's cookies in order to log into an app and then call the services within.
Since moving to the Postman standalone app, this process has become somewhat manual. After logging in from the browser, I have to access the JSESSIONID cookie in the developer tools and copy its value over to postman.
When my session expires I need to repeat the process.
I would like to automate this synchronization or at least understand how I could obtain the new authenticated value in postman. It's important to note that none of the authentication mechanisms available in Postman work with my app which is why the manual login in the browser is necessary.
You can get JSESSIONID cookie in Postman Standalone in similar way your browser do it - by send proper requests (probably POST "login" request with user credentials) to server

selenium: use my local cookie to test website behind login?

On my computer, can I login to my web app, grab the cookie values, and have my selenium script use it to test the web app without having to login?
Is it also possible to modify the cookie expiration after logging in on my computer so that the cookie will won't expire when the selenium tests are running?
Is it possible to avoid having to write additional selenium logic to use the login form? If not, does it raise a cookie expired exception so that I know I need to re-login?
What about testing cookieless session webapps like Meteor.js?
Using .NET I know you can set the cookies, or at least retrieve them. Try placing your cookies there.
driver.Manage().Cookies = Your_Cookie_Object_Here;

ember-simple-auth and IE

I've recently upgrated to 0.1.1 from 0.13, and after a few hiccups it seems to be working. I can login to my app using most browsers (IE9-11, FF, Chrome) when running in development on my local machine.
When I deploy to a staging environment on heroku I'm seeing some strange behaviour on IE (9-11). Basically it looks like the bearer token is never being set. After looking through the code for ember-simple-auth I can see that it uses the ajax prefilter function to add the bearer token prior to a call back to the server. When I look in the Network tools on IE the token isn't there, so I always receive a 401 and am transitioned back to the index page.
I can see the login call to retrieve the token working, it just is never added to any subsequent calls.
I've looked for bugs with jQuery, IE and prefilter but haven't turned anything up. The code on staging is minified and concatenated, which makes debugging somewhat problematic.
Any suggestions on what to try next much appreciated.
I've tracked this down to an issue with HTTPS and ports in ember-simple-auth. Details can be found in this issue.