I create a cookie and set the Expires property to 24 hours, but in IE the expiration is set to two years. In Firefox it is set correctly. Why?
My code:
//Set a cookie to expire in 24 hours.
HttpCookie clickCookie = new HttpCookie(adId, adId);
clickCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(clickCookie);
Thanks
This does not seem to be possible. Can you try again after erasing current cookies of IE?
What happens if you do:
clientCookie.Expires = DateTime.Now.AddHours(24);
triskelion, use Fiddler to sniff HTTP reqeuest and response pair for both IE nad Firefox and see if there's any difference.
Related
I would like to know how to send correctly cookies value of timezone in HTTP request.
Code from response using HTTLiveHeaders in firefox:
Cookie: YSC=FcoGhPJts60; CONSENT=YES+cb.20220329-15-p1.en+FX+439; PREF=tz=Europe.London; GPS=1; VISITOR_INFO1_LIVE=v-FuzDqhJuF
My code:
Dim timeZone As String = "tz=Europe.London"
req.Cookies.Container.Add(New Uri("https://www.website.com"), New Cookie("PREF", timeZone))
because normally after PREF there is also "=" sign, but in HTTP request we don't need to add it, but it have another "=" so I'm not sure if it includes or not.
thanks for help.
I am trying to log in to a site using requests as follows:
s = requests.Session()
login_data = {"userName":"username", "password":"pass", "loginPath":"/d2l/login"}
resp = requests.post("https://d2l.pima.edu/d2l/login?login=1", login_data)
although I am getting a 200 response, when I say
print(resp.content)
b"<!DOCTYPE html><html><head><meta charset='utf-8' /><script>var hash = window.location.hash;if( hash ) hash = '%23' + hash.substring( 1 );window.location.replace('/d2l/login?sessionExpired=0&target=%2fd2l%2ferror%2f404%2flog%3ftargetUrl%3dhttp%253A%252F%252Fd2l.pima.edu%253A80%252Fd2l%252Flogin%253Flogin%253D1' + hash );</script><title></title></head><body></body></html>"
notice it says session expired.
What I've tried:
logging back out and in in the actual browser, no success.
http basic auth, no success.
I'm thinking maybe I need to authenticate myself to this site using cookies?
If so how do I determine which cookies to send it?
I tried figuring this out by saying
resp.cookies
Out[4]: <RequestsCookieJar[]>
shouldn't this be giving me names of cookies? I'm not sure what to do with such output.
Main Point: HOW DO I FIGURE OUT HOW TO AUTHENTICATE MYSLEF TO THIS WEBSITE?
Help is appreciated.
I would rather not use selenium.
From loading this page https://d2l.pima.edu/d2l/login and viewing its source, you'll notice the POST target path is /d2l/lp/auth/login/login.d2l. Try using that as your POST path. Your other fields look consistent with the form's expectations.
Note: with python requests if you create a session object use it to make your requests:
resp = s.post(<blah blah>, login_data)
The session will hold any cookies set by the login server, and you can continue to use the s object to make requests in the authenticated session.
I am having issues with changing return authentication cookie values in postman. I have an environment variable called token and my initial login POST request contains these Tests:
if (postman.getResponseCookie("ccsrftoken")) {
tests["Login successfull"] = responseCode.code === 200;
var token = postman.getResponseCookie("ccsrftoken").value;
var clean_token = token.replace('"','').replace('"','');
postman.setEnvironmentVariable("token", clean_token);
After the request I can see that there is a cookie ccsrftoken available with following value:
ccsrftoken="34FDB4830CE5C33A54566B9BEDEE3B2"; path=/; domain=29.203.248.13; Expires=Tue Jan 19 2038 02:14:07 GMT-0600 (Central Standard Time);
But the environment variable is set to
%2234FDB4830CE5C33A54566B9BEDEE3B2%22
Seems my replacement code does not work as expected and the " are still present in the string. I have also tried the replace("\"","") variant with same results.
I think that you don't need to do any replacement actually.
I've been pulling JSESSIONID this way and when you use .value, it already pulls just the "34FDB4830CE5C33A54566B9BEDEE3B2" and skips the rest.
I tried this using jwt-auth, but the thing is token gets expired. I want to remember the user with token that never gets expired. Is their any possible way to do it in Laravel 5.2.
Should I send email and password for each request to api instead of saving session and token.
I will implement this way:
If the user selects Remember me, set the ttl to a longer time ,say 1 year OR month. To do this we need to publish
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\JWTAuthServiceProvider"
Then we can override the default ttl value which is 60 mins to our desired value.
$jwt = \Illuminate\Support\Facades\Config::get('jwt');
$jwt['ttl'] = 60*24*30; // 30 days
\Illuminate\Support\Facades\Config::set('jwt',$jwt);
Hope this helps!
I was surprised I couldn't find a good answer to this out on the interwebz, so here we are.
I'm setting a FormsAuthenticationTicket to expire after a week. This is used in tandem with a "Remember Me" setting we feature on our login form. This is being accomplished by :
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName);
// set the auth token expiration to a week
var authTicket = new FormsAuthenticationTicket(1, user.Email, DateTime.Now, DateTime.Now.AddHours(168), true, userData);
var encryptedTicket = FormsAuthentication.Encrypt(authTicket);
cookie.Value = encryptedTicket;
cookie.Expires = authTicket.Expiration;
With this, I've also extended our session timeout, as many of our users keep the application open for equally long periods of time :
<forms loginUrl="~/account/sign-in" timeout="10080" name="t5S4U4Y152" domain=".xxxxxxx.xxx.xxxxx"/>
My question :
I've been asked to make this a non-expiring cookie, such that as long as the user retains it, they'll always be logged in - more or less an infinite login. Is there a default value I can set the ticket and timeout to in order to achieve this?
Yes, I could set both expiration's to something like 50 years from the present, but I'm wondering if there is a cleaner or more suitable approach?
No there isn't any value you can set the expiration so it is infinite. You'll just need to set it to something really long.
As you know, if you do not set an expiration the cookie then only lives for the length of the session (when the browser is closed), which is definitely not what you want.
You can also use slidingexpiration=true so that whenever a user comes back to the site, the expiration date on the cookie is refreshed to be Today + Timeout instead of DateInitiallyIssued + Timeout