I have a Rails 3 app running on Heroku. For authentication I use devise. The session data are stored in a cookie.
Now when I use Firefox I can see the cookie - I use a Firefox plugin to see it; when I use IE I cannot see it: there is not cookie file getting set and when I use the developer console to view the cookies I get nothing. The web app is working fine in IE so somehow the cookie gets sent to the server.
What is going on? How can I see the session cookie in IE?
Thanks for any help.
-Matteo
Does your URL contain an underscore? Internet Explorer does not like underscores in the URL when handling cookies.
Related
The persistent session issue the application is facing after the recent browser updates (e.g., Google Chrome v84 onwards ).
When the application is browsed using an incompatible browser version, the application cannot have a persistent session across a transaction that happens through the payment gateway. Due to this, the user gets logged out automictically after the user is redirected back from the payment gateway. Thus the user is not recognized as the client who initiated the payment.
This problem mostly happens with Chrome 80+, all other browsers work fine (Firefox, Safari, Edge, mobile browsers like Samsung Internet, etc). Older versions of Chrome also works fine (<=79).
How can this be fixed?
To fix the above issue, the following cookie modification header should be configured in the app/proxy server in the application vhost (e.g., Apache vhost ).
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
After applying the above configuration the server should be restarted.
Note that if the app/proxy server is different to Apache ( eg: nginx) the above configuration should be changed accordingly.
If the above configuration is successful, the following change is noticed in the browser developer tools under Cookies ( eg: firebug )
The values of HttpOnly & Secure should be true, and the value of SameSite should be none.
Read more
Google Chrome doesn't delete the sessions cookie, it just does not set it on a post request from 3rd party domain. So you can create an interface page for returning from the payment site and save posted contents in the session, then redirect the user to the main payment confirmation page. Also, you can repost the data to the confirmation page without saving them using an HTML form. Please note that you shouldn't check the user is logged in or any cookie on the interface page.
Payment site ==post==> Interface page (cookie doesn't set)
Save the posted date to session
Interface page ==redirect==> confirmation page (cookie does set)
I'm manually setting the cookie during the test run as the userRole is not working for me in my local environment as the client sets the cookie and due to some reasons TestCafe clears it out.
When my first test is ran it kicks out and I set the cookie before the second test. I can see the cookie exists but as I'm already in the login page I need to use t.navigateTo(URL) to login to the homepage. When I use it t.navigateTo(URL) clears out the cookie and I keep in the login page instead of the homepage.
If I manually enter the URL of my homepage while the test is stopped at a breakpoint I'm successfully able to go to my home page and my test pass if the debug is resumed from this point onwards.
I was hopeful that the t.navigateTo(URL) would be just doing the redirect to URL but it seems with the redirect it is clearing out cookies as well. Any fix for this?
I actually figured out. By running the tests with flag --disable-page-caching it worked.
I am getting the login session through some API. I do the following -
Navigate to the www.example.com
Set cookies through Selenium WebDriver.
Navigate the browser to www.example.com\some-other-path
And voila, the cookies don't get apply as I get the login page again.
However, If I reload the page after doing #2, and then navigate away, the cookies seems to be applied correctly. Any idea guys what could be the issue?
Here is my code -
driver.get("http://www.example.com");
driver.manage().deleteAllCookies();
driver.manage().addCookie(c1); //I have the cookie object
//driver.navigate().refresh(); If I uncomment it, works good
driver.navigate().to("http://www.example.com/some-other-url");
You could go through the following post which talks about using the same cookies
https://sqa.stackexchange.com/questions/15594/selenium-how-to-access-the-same-session-in-a-new-window
Hope this helps
I don't see any error messages in the log file, and there is no message on the screen. Logging in to my Rails 3 app as it is served up in an iframe from another site results in being returned to the main site without the user being logged in.
It sounds like the Rails app is not recognizing the cookie through the iframe. Has anyone else run into this problem? Where could I go to see what the error is?
Please note this ONLY occurs in IE, version 8 (maybe it occurs in 7 and 6, haven't tested yet).
James is correct, IE has some security in place to prevent iFrames from generating cookies. There's an easy fix for this, simply include the following response header into your controller:
response.headers['P3P'] = 'CP="NON DSP COR CURa IVAa IVDa CONa OUR NOR STA"'
Source: http://adamyoung.net/IE-Blocking-iFrame-Cookies
I had similar problems with IE 6 and 7 and Devise with iframes. From my understanding it has something to do with sessions not being passed through iframes in IE. According to what I was able fo find, IE prevents this for security.
I'm not sure why this only seems to be a security issue in IE and not other browsers.
Sorry for posting basic question but please give me your advise.
I have to write iOS application which communicates with web application deployed on Tomcat server.
The web application requires client-app to call the "logon" servlet with username and password to get JSESSIONID. Once client get JSESSIONID, the web application allows to invoke other servlets.
But I couldn't figure out how to manage the session to invoke these servlets.
Would you please introduce me the examples/tutorials to learn how to invoke these kind of servlets?
Thank you in advance.
Here's a decent example of making an http request from iOS:
iOS: How to make a secure HTTPS connection to pass credentials?
There's nothing magic about making the call to a j2ee tomcat server - it's just an HTTP request, so any way you can make an HTTP request will work for you.
Maybe this one too:
Can I make POST or GET requests from an iphone application?
edit: ahh, looks like this is the one you want:
http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html
The JSESSIONID is nothing special. If your application is set up to handle cookies coming back from your HTTP request then the JSESSIONID will come back as a cookie in the header. Otherwise you will be issued a redirect to a URL with the JSESSIONID in it. From there, if you handle cookies, the JSESSIONID will be passed automatically with each request with all of the other cookies. Otherwise you'll have to put it into the URL of each request manually.
Download the liveheaders plugin for Firefox and try hitting your servlet with the webbrowser and you can see how the JSESSIONID gets passed around. Next, turn off cookies in Firefox and you can see how it's passed around in the URL and you can see the redirect that Tomcat issues if you watch the headers in liveheaders.