I was setting cookie using "ngx-cookie-service" set function. The user was able to login because all the 3 cookies were set correctly. But after 15 days when the same user tried to login one among the 3 cookies was not setting. Even though it is setting fine for me.
Can anyone please explain this weird scenario where only 1 cookie is not being set whereas other 2 are correctly set.
this.cookieService.set('userId', 'userId123');
this.cookieService.set('accessToken', 'accessToken123'); //This is missing in users cookie
this.cookieService.set('refreshToken', 'refreshToken123');
Related
I am writing a chrome extension that makes calls to an API and for that I am trying to get some existing session cookies in the service worker. My worker makes a call like this,
const cookies = await chrome.cookies.getAll({} )
const sessionToken = cookies.filter(
cookie =>
cookie.name === "__Secure-next-auth.session-token")[0].value
However the value I get back for the cookie is different than the value in chrome dev tools. Interestingly enough both values have the same prefix (the value is long, I only pasted enough to demonstrate my point):
Dev tools cookie: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..dCOoryziuSU3zkJl...
chrome.cookies.getAll: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..colJ2H6th0yLZ9Q8...
In case it's useful the cookies have the HttpOnly parameter set. Can anyone guess why the cookie values might be different?
My worker is running after the page has loaded (so there's no chance that I'm getting an old value), I know the value the chrome API is giving is completely invalid because when i try to use it with the API I'm calling, I get "invalid token". On the other hand, the cookie in dev tools works with my API.
I thought maybe the cookie value had been decoded/encoded in some way but then why would the prefix match? I thought maybe the chrome API is storing multiple cookies with the same name, but when I log cookies, there is only one cookie with this name.
Would appreciate any thoughts.
I have a Magento 2 store where the cookie notice keeps reappearing. The notice is hidden when below cookie is set:
Name: user_allowed_save_cookie
Value: %7B%222%22%3A1%7D
Domain: .www.domain.com
Expires: 2022-08-20T11:24:09.000Z
SameSite: Lax
The cookie notice however will reappear during browsing and checking browser cookies shows this cookie to no longer be set.
I have seen this happen on 3 client PC's running Chrome and can be up to 10 mins to a few hours before it clears itself however unsure the pattern or what is causing this.
Expires set for a year, the cookie has a value, domain looks ok (although has a full stop at the start however apparently that means it should work on subdomains as well). Can see mostly around 40 cookies showing for site so feel it is not hitting any limits.
Cloudflare is running in front of this site and did not notice this problem until pushing it through Cloudflare so wondering if that could cause this kind of issue?
I have a question about the lifetime/behavior of a session cookie
The user opens siteA.com. An authentification cookie sessionAuth=xyz is set. The cookie is HttpOnly, Secure and Expires=Session.
siteA.com redirect to siteB.org by submitting a HTTP-Form, so the HttpMethod is POST.
siteB.org does some stuff and redirects back to siteA.com, also with HTTP-Form and HttpMethod=POST.
Should the browser now send the cookie sessionAuth=xyz with this HTTP-Request?
I did some tries with Chrome 86.0.4240.111 (64-Bit), unfortunately sometimes the cookie was added sometimes not. But I couldn't figure out when/why it worked and when not.
My thoughts:
Yes, the cookie should be added because the browser was not yet closed, so the session is still valid.
No, because the cookie is from siteA.com, but the HttpPost is done by siteB.com
No, because the session is closed as soon the first redirect/form-submit happens.
What is the correct behavior?
I have the impression this worked in the past (Cookie available and added). Maybe the lastest cookie privacy changes have some impact? https://blog.heroku.com/chrome-changes-samesite-cookie
I have some questions.
Are SiteA.com and SiteB.com on the same domain ?
How you create your cookies ?
For me :
setcookie('admin_id', $result['admin_id'], time() + 28*24*3600, "/", null, false, true);
When we declare like that the cookies are valid in any part of the site.
When you return to certain websites, sometimes they have popups or messages which show to inform users of new updates to the site or important changes.
I'm having issues understanding how these are implemented because these messages only show up once. How would a backend know that a user has already seen a backup and would it not be strenuous checking every time a page is returned to if a user has seen a certain message?
There are multiple methods which I have thought of to implement this functionality:
Storing a cookie which is checked by the backend to see if the user has seen a recent message or popup.
Have a table in a database named 'viewed_message' or something that states all the users that have seen a certain message or not.
How would a website go about creating one-time only popup/messages? Thanks.
Typically cookies are used for that sort of thing. Just check the existence of some firstVisit cookie and pop up the message if it's not there. Keep in mind this means if you clear your cookies you'll see the popup again.
edit:
This is an example from the Document.cookie docs on Mozilla:
function doOnce() {
if (document.cookie.replace(/(?:(?:^|.*;\s*)doSomethingOnlyOnce\s*\=\s*([^;]*).*$)|^.*$/, "$1") !== "true") {
alert("Do something here!");
document.cookie = "doSomethingOnlyOnce=true; expires=Fri, 31 Dec 9999 23:59:59 GMT";
}
}
I think you are on the way.
Cookies are there for that, create a cookie wich never expires and be happy.
If you want to use in wich others browsers, check if the cookies exists if dont look in table and store a cookie.
I am working on a spring MVC app and found a strange issue that only happen on chrome. The logic is:
user request a list of items
user click on add new button and a bootstrap dialog popup allow user type in the name
on submit, a post request sent to the server
server create an new item and save it to db
server store the new item id to cookie and send a redirect response to browser
browser request item view page
server pick up the item id from cookie and render the page
The above logic runs good on nearly all browsers (I didn't test on IE) except chrome. I found the root cause is chrome will store previous cookie with a different item id and at step 6 chrome send duplicate item id cookies to the server.
Any idea how to resolve this issue?
Chrome[Version 32.0.1700.41 m Aura]
Opera[Version 20.0.1353.0]
Firefox[Version 29.0a1 (2013-12-10)]
Safari[Version 5.1.7 (7534.57.2)]
No screen capture. But it works
Restart Chrome!
At some point (even today this happened to me) Chrome is getting confused on what cookies a domain has in its memory vs cached on disk. This confusion leads to cookies being added but not removed from what I can tell. In my case, I'm Suspecting McAfee locking files for scanning. Restarting Chrome rebuilds the cache and then works.
https://bugs.chromium.org/p/chromium/issues/detail?id=17855
https://bugs.chromium.org/p/chromium/issues/detail?id=273873
I had something along this stored in my Chrome cookies :
1st cookie : (it was set to expire)
Site : dashboard.app.localhost
Value : access-token=123456; Domain=.app.localhost; Path=/; HttpOnly; SameSite=Strict
2nd cookie : (session cookie that shouldn't be there, I had to dig in the Chrome settings to find it)
Site : dashboard.app.localhost
Value : access-token=invalid; Domain=api.app.localhost; Path=/
Apparently the second cookie appeared due to an error on my side. However, Chrome sent it alongside the first one, creating this header :
Cookie: access-token=invalid; access-token=123456
The solution I found :
Manually delete the second cookie in the Chrome settings.