I'm new to Google Chrome plug in development. I have learnt how to develop a basic plug in. Now the problem is I'm trying to make a plug in that can read saved cookies of a particular website you visit.
For instance, a user visits www.facebook.com, after login he will click on our plug-in icon and a drop down window will appear and show all the cookies saved by Facebook.
Here I want to ask how to read the cookies of the site you are visiting? Is that possible to sort cookies with respect to site you visit?
If yes? Can you provide me a reference of how it could be done?
There is a Cookies API that allows Chrome extensions to access the browser's cookies, without having to send HTTP requests to obtain those cookies. More references
This thread might also be helpful.
Related
Issue: appears to be that banno framework is "remembering" the urls. This is happening in a mobile browser when the user does not close the tab or browser. When the user opens the page, banno is remembering the url from last time and trying to load the same url.
What needs to happen is that banno needs to fully reload the page so that we can go retrieve a new url and log the user in again.
Could it be how they treat plugins when a browser is left open. A url that is loaded is not good forever.
Odds are good that the situation you're encountering is described in https://stackoverflow.com/a/71267143/6680761
Essential info from that link is:
Part of keeping state of the page is keeping authentication data. The OAuth flow used to initially authenticate the user is not intended to be used on every page refresh. It's expected that the embedded web application will keep its own authentication state. How this is done is usually very specific to the language and platform used for the embedded web application. However all strategies almost exclusively use a cookie which is destroyed when the application closes.
The Oauth callback URL with an authentication code should be redirected away from once the code is exchanged for an access token. From that point forward your app should be using its own authentication mechanism.
I tried to lookup many answers from stackoverflow but couldnt find anything specific to this, I am implementing payment app and I want to display custom-tab in my app to record user visit by storing user-id, either by setting a cookie or using localstorage or by installing a service worker for the domain that custom tabs opens.
Can a https page loaded in custom-tab write cookies that are also
available when visiting the same page from Chrome?
Is localstorage API available for my domain in custom-tab? if yes,
is stored value available from Chrome?
Is installing service worker allowed from Custom-tab? So I have
access to S/W from Chrome browser?
If none of this possible, how could I record the visit from custom-tab and have it available in Chrome when user opens the domain from chrome browser?
Thanks in advance
Chrome Custom Tabs uses the same Cookie jar as Chrome. So, if a Cookie is created when a user accesses the page from a Custom Tab and Chrome is the Custom Tabs provider, it is also available when the user goes to the same domain from Chrome (outside Custom Tabs).
Same as above.
Yes, it is possible to install a service-worker from a Chrome Custom Tab.
You can check all the above by opening the URL that adds the cookie, install the service-worker or writes to the local store inside a Custom Tab, setup the device for debugging, connecting it to your computer and navigating to chrome://inspect/#devices in Chrome. Then choose the device and inspect the cookies, local storage, service-workers, etc.
Please I developed my mobile app and is primarily using localStorage for storing account info and some other info. The app has mobile and browser version.
For the browser version, I expect a user that is logged in to not be redirected to an auth page on browser restart. This works fine as my info are stored in localStorage. On the other hand, my mobile doesn't. User have to log in whenever he restart the app.
Please what option do I have? What option do developers use for the mobile storage? Do I have to use database? If so which one should use and where can I find a better documentation on this topic?
Note: I am using Cordova for my mobile app development framework.
For some reason, localStorage is tied to browser history. Some mobile browsers have an option to erase browser history on exit. If that box has a checkmark in it, then localStorage gets purged along with browser history everytime the browser is closed! So, you can ask the user to go into Settings and uncheck that box. Note: localStorage is not supported by older IE browsers, Opera Mini, and some Blackberry devices.
If cookies are enabled, you could use a one-time cookie code to log the user in automatically, but that cookie must expire after first use. Once the user is logged in, the server must issue a new cookie code to the client. And the client can use that new cookie to log in once again or keep alive the session. Using the same cookie twice should not work for security reasons. And the server must make sure never to issue the same code to two different users!
I remember, about 10 yrs ago, I went online to check my emails, and immediately the site had me logged into another user's account! I could have read that person's private emails and stuff, but I decided not to. I reported the incident to the admin. The problem was probably their server issued a random quick-login access code to me, and another user somehow got the same access code that I got. And when I opened the website, it thought that I was that other person. If your site deals with money and credit cards, you should avoid this technique! Any kind of auto login is a bad idea for a bank!
There is a plug-in to store data in an SQLite database using Cordova in this link
. You can find more details about storage with Cordova in the doc.
Save your data by using the following:
localStorage.setItem("variable", value);
Retrieve it from localstorage by using the following:
localStorage.getItem("variable");
It is as simple as it is.
Reference here.
Chrome is auto-filling the credentials, but not log me in until I click login. How to automate? (windows, non-google websites).
Using the Chrome Identity API you can have Chrome (on desktop and Android) automatically attempt to log in the user when they hit your page, even if their session has expired.
Following is a workflow diagram of how it works, but the details can be found in the Google Authentication API: Let the user automatically sign back in section:
It is not the browser's responsibility to auto-login to websites. This is the responsibility of the website you are accessing. The browser can remember form data and auto-fill for you, as can various extensions like LastPass.
However, in order to actually auto-login, you must first login to the website you are trying to access and enable the option they provide, often called 'Remember me?'. The website would typically use a cookie to store the credentials (securely with a hash + salt), and if the cookie still exists (not cleared from the browser or expired), and the hash of real password in database matches the one in the cookie, the website will auto-login.
You could force the browser to try and auto-login with extensions, which are essentially macros. You could try Auto Login or iMacros extensions for this. I would generally avoid this though.
Anyone else stumbling into this thread from a google search.... you can do this with autohotkey. If you browse to yourbankhere.com and chrome fills in the user/pass, you can have autohotkey perform a mousemove then a mouseclick to click the login button.
I want to make an extension for google chrome that watches for updating of information on a site. The problem is to do this I must to be logined on the site. Can I make an exsension so as it would ask a login and password from the site at start and then stores this information in the cookies? Does Chrome maintain abilities to make extension like this?
You don't have to do it. If you send a request from chrome extension to www.example.com - for example, the chrome extension adds the cookies from this site to your request. If the user isn't connected to example site, you can redirect him to login page in example.com and then continue. (Of course, you have to type "www.example.com" permission in manifest.json).
You can see sample from google- google mail checker.
(I'm sorry about my English).