I have vb.net 2010 and I need a way to transfer a cookie container from the program I made to web browsers like Internet Explorer, Google Chrome, Safari and Mozilla Firefox. All answers are much appreciated :)
Well, I really hope that modern browser have protection against this kind of attacks (yes, you should not be able to write/read cookies from 3 party domain such as stackoverflow.com).
If you want to implement user cookie to user browser then let it open some page where there cookie will be implemented to the browser...
Related
I have a system made on vueJs. When I do login it saves accessToken and refresh token in browser cookies. It works fine in all computer and network. But specific in one PC it saves only refresh token and avoiding to save accessToken. I have no idea what can I do.
I suspect that this is a browser-settings thing. If your user decides not to save cookies at all, the browser will not save cookies. You can check the settings in that browser, or try a different browser on that machine.
What you usually need to check is not different pc's, but different browsers on one pc.
If you want to be thorough, try safari on mac & firefox and chrome on windows.
Depending on your audience, you may also still need to check internet explorer, but this is getting less and less common.
While debugging why my extension doesn't work in Safari (but does for other browsers), noticed that I can send an arbitrary made up HTTP header with XmlHttpRequest in a Safari toolbar extension. But try to do same with header named "Cookie" with same content as before, it doesn't get sent.
So does Safari restrict sending back cookies with requests or you need to follow an alternate process to do so? Seems kind of lame since this blocks functionality of apps that require session state persistence for example. If there's an alternate process, Apple made it harder to maintain session state in extensions (extra work in adapting a web app or other browser extension).
I tested using Safari 5.1.7 on Mac OS X 10.7.5 with Charles proxy.
Just figured I should post the solution that worked for me, that I commented in my own question earlier, for easier viewing by others with similar problem:
Turns out for Safari extension, what works for me is to set the browser to not block any cookies and website data. So users would have to do that to use the extension. No code changes needed. But that's not cool though.
The particular step is Safari > Preferences > Privacy > Cookies and website data: Always allow (at least under Safari 10 on Mac OS Yosemite). Although one could try "Allow from websites I visit" to see if that more restrictive option will work or not.
I have two WCF WebHttpBinding-bound self-hosted services. One is set to WebHttpSecurityMode.TransportCredentialOnly and HttpClientCredentialType.Windows. The other is set to None and None.
This service is serving the exactly the intended authentication prompt behavior on Chrome and IE, with correct content types and content. Testing on localhost and remotely (not on a domain). In IE, the default settings for integrated authentication send my credentials immediately to the authenticated service. In Chrome, the default settings prompt me for my windows authentication credentials.
But in Firefox I get no such prompt - just an error in Firebug of 401 Unauthorized and a blank page otherwise. I assume iOS has the same 401 Unauthorized problem, although the debugger console doesn't show any errors - I just get a blank page.
I don't know how relevant the WCF WebHttpBinding is versus a standard IIS-hosted website, but all the other googles I find are about someone trying to STOP the Windows Auth prompt in favor of Integrated Security mode in non-IE browsers. I kind of have the opposite problem - it's not showing up for me.
Is there something nuanced about the webservice response that Firefox and Safari are sensitive to that Chrome and IE are not sensitive to?
I'm testing on Windows 8 with IE 10 and the latest releases of the other browsers at the time of writing.
Thanks!
If I set it to HttpClientCredentialType.NTLM then all browsers work. But as I understand it, NTLM disallows the more secure Kerberos domain credentials (if they're available). I don't want to force a less-secure option!
Kerberos works well with IE and since Chrome shares stuff with IE, it works for Chrome too. For Firefox, you have to enable it. See here. Safari on Mac OS should work but not sure about other OS'.
I'm programming a web site in asp.net using vb, and I need to upgrade it so all of the functions will be active for google chrome and firefox as well.
For instance I'm using System.Net.Mail for sending mails.
Sending mails when using the website with internet explorer works perfectly fine, but in chrome and firefox the mails are not sent (the to list remains empty).
I would love to get some help about this,
Thank you.
Sending emails serverside has nothing to do with browsers.
There might be some reason why the button (?) that should submit the form isnt working in other browsers than IE.
You might need to check if you have some invalid javascript, or such on the button.
/M
In my web application, I have used the asp Login control to facilitate the login process. I have noticed that if I open the site in a browser and log in, and then open another browser and go to the site, then the second browser shows that I am already logged in, even though I didn't log in using that browser. I have noticed that some other sites (such as my bank's web access) work this way, but it still seems odd to me. I'm not sure if it's bad or not, but it is strange.
Is this behavior bad?
I have also noticed that if I close all of my browsers and then open a new one up and go to the site, I am NOT logged in.
This is because those sites use session cookies. If you open different brwosers at the same time, such as FireFox, Opera, Chrome and IE, you'll have to log in in all of the browsers independently. However, when re-using the same browser application, this usually does not spawn a new process with its own session data but rather re-uses the already open browser.
If you are using a browser that supports multi-tabbed sessions e.g. IE7+, Firefox etc, you will find that, if you have the same ASP.NET website open in multiple tabs, each tab will share the same authentication credentials. This is because the session ID applies to the browser instance, not the tab instance, so if a user logs in on 1 tab, then opens up another tab to the website, they won't have to provide their credentials twice.
I don't think there's an easy way around this behaviour. You could choose employ cookie 'munging', storing the forms authentication ticket on the URL, but this seems like a bad idea from a security POV.
Lucero and pmarflee are both correct.
To provide a bit more information though:
Firefox will share session between tabs and all browser instances
IE 8 will also share session between tabs and all browser instances
IE 7 shares session between tabs, but not across instances
IE 6 does not share session across instances
I'm not sure how Opera, Chrome, or Safari handle sessions.