I have the following method that creates a cookie in the page's response. Immediately after I create the cookie, I checked to see what the value was and it was blank. Is this normal behavior? How can I check the response for a cookie after it has been added?
When I monitor the HTTP response, the cookie is there. When I use the Firefox Web Developer Toolbar to view the cookie, it is there. However, it doesnt appear to be present in the Response.Cookies collection. How do I access it?
Dim c As New HttpCookie("prpg")
c.Expires = DateTime.Now.AddYears(10)
c.Value = value
_page.Response.Cookies.Add(c)
_page.Response.Cookies("prpg").Value 'String.Empty
You can only write to Response not read from it. So I suppose it is not possible to read cookies too.
Related
I can't share my own app for nda issue but I found this one which shows exactly the same issue
https://github.com/SyncfusionExamples/blazor-localization/tree/master/.NET6%20Blazor%20Server%20App/Localization-with-dynamic-culture
Blazor-Localization
This app displays a page with a CultureSwitcher component to select between 5 languages.
When you select a language, I can see both the page+dropdown refreshed with the selected language value.
Now, you embed the Url of this app inside a new app's page inside an iFrame and nothing works anymore.
The cookie mechanism doesn't save or/and load the value anymore.
This was working perfectly in net+core+3.1 and 5.0 but no more in net+core+6.
Is something change in security or cors or ????
Thanks in advance for any tips
-Vince
This sounds like an issue with SameSite cookies. It's even documented here:
Applications that use <iframe> may experience issues with sameSite=Lax
or sameSite=Strict cookies because is treated as cross-site
scenarios.
Have you tried setting the cookie options?
HttpContext.Response.Cookies.Append(
CookieRequestCultureProvider.DefaultCookieName,
CookieRequestCultureProvider.MakeCookieValue(
new RequestCulture(culture)),
new CookieOptions() { SameSite = SameSiteMode.None, Secure = true} );
I have a PayPal button which upon checkout completion redirects the user back to the homepage but in the background opens another php page which does a couple of things including updating some databases etc. However in it it I'd also like to perform a rest API request.
http://your-server/rest/createUser?username=testuser&password=testpassword
Here is the URL I need to fire and I'm not too bothered about reading the contents of this to be honest, it respond an XML file saying status OK or error messages but I don't need this... All I want to do is access the URL. This works from a browser, but when I try to use
$apicall = file_get_contents("http://your-server/rest/createUser?username=testuser&password=testpassword");
It doesn't work... Any thought ?
For file_get_contents() to work correctly any special characters have to be encoded.
$url = 'http://your-server....';
$encodedUrl = urlencode($url);
$apicall = file_get_contents($encodedUrl);
The other thing to check is that allow_url_fopen php.ini setting is set to true. (It is by default).
I am using nsIHttpChannel in an observer to modify outgoing request headers, which works fine. According to the API, however, it appears I cannot simply remove a header (as I can in Chrome), I can only give it an empty value via setEmptyRequestHeader(). Is there some other way to completely remove the header from the request ?
The documentation for setRequestHeader() states
If aValue is empty and aMerge is false, the header will be cleared.
I have three page which are login.asp , check.asp and admin.asp . I want to block user to access page just typing url like www.xxxxxxx.xxx/admin.asp .How ı can do that ? is there a way to check redirected page.? ı want just check.asp page can redirect to admin.asp page
I know session solution but ı want to use another one
Essentially you need to set some kind of authentication token which identifies that the user has been authenticated. This is often done with either a cookie or a session value. Then, on any page which requires authentication, you check for the existence of this token.
If the token (which can be as simple as a boolean IsAuthenticated value or an integer UserID value, or as complex as a complete User object with everything you need to know about that person, their roles, etc.) is valid, render the page. If it is not valid, redirect or display a message of some kind.
IF Request.ServerVariables("HTTP_REFERER")="" THEN
Response.write("Not accessable")
response.end
END IF
' Put this code on top of page , Request.ServerVariables("HTTP_REFERER") which gives URL of previous page. so if any one directly paste URL in browser it will be blank , so we can track by this way.
I want my web application to contain only one session created at login. But my server is creating a separate session for every request to a jsp page. How can I configure to have only one session in my application?
If either a sessionId is supplied with every link the user clicks is submitted
or
cookies are used
the server can associate the request with a particular user. Otherwise a new session will be created.
EDIT:
for adding links to your URLs in case you dont have cookies ... there are some ways to do this. Either set the sessionId manually
link
or use the struts-taglibs to that for you https://struts.apache.org/1.2.x/userGuide/struts-html.html#link
Renders an HTML element as an anchor definition (if "linkName" is specified) or as a hyperlink to the specified URL. URL rewriting will be applied automatically, to maintain session state in the absence of cookies. The content displayed for this hyperlink will be taken from the body of this tag.
The taglib then rewrites the link for you. It should look like this (not tested):
<html:link page="/linkoutput.jsp">Link</html:link>