Restore a session with cookies from another browser with Javascript - javascript

Let's say I am logged in (with login/password) on a website/service https://example.com in a browser. If I open Developer tools, I can run document.cookie in the console and copy the string containing all the cookies associated with the current website.
Then I open a new incognito window, I go to https://example.com. Of course, I'm not logged in. I can remove the current cookies with the method described in Clearing all cookies with JavaScript in the Developer tools console, and then restore the cookies copied before:
document.cookie = "<the string that I copied before>"
Then after a page reload (F5), I expected to be logged-in again, but it did not work. The cookies set with document.cookie = "<the string that I copied before>" are not kept. (For example, in the case of Reddit, it did not work.)
What's wrong with this JS approach to set cookies in the "Developer tools" from a previous session from another browser? Shouldn't it work?

Normally, the session id is set to server only, you can not get session id in JS/console.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Restrict_access_to_cookies

Related

How to catch cookie change/disappear in browser debug tools?

I have cookie disappearing in my webapp when it shouldn't (expring date is a year ahead).
Can I set breakpoint on cookie change or something?
In Firebug you had the chance to stop the JavaScript execution on cookie changes. The current DevTools don't provide such a feature yet.
For Firefox it is requested in https://bugzil.la/895893, and I've just requested to add it to Chrome's DevTools in https://bugs.chromium.org/p/chromium/issues/detail?id=1171347.
What you can do right now is to search through the code within the Debugger to find the places where the cookies are changed.
To do that, you have to
Switch to the Debugger panel
Press Ctrl+Shift+F to search within all files
Enter document.cookie and hit Enter
Set a breakpoint for each found statement setting this variable
As there's currently only this way to add, remove or change cookies in JavaScript, this should allow you to find the place where the cookie you're searching is removed.

cookies not getting cleared in IE11 (cookie was set by writing to document.cookie via Javascript)

so I set some cookies manually via Javascript by writing to document.cookie and they are getting written fine.
I checked using
console.log(document.cookie)
My issue is that even if I manually cleared my history via
Internet options => Browsing History => Delete (making sure "Cookies
and other website data" is ticked)
Making sure "Delete browsing
history on exit" is ticked and "Cookies and other website data" is
also ticked
document.cookie still shows the cookie values I manually created.
Things I've tried:
Close the tab. Manually clear my history. And then reopen my page on a new tab
Close IE11 completely. Reopen the app. And then open my page on a new tab
Any ideas what I could be doing wrong?
Thanks
ps. While I can expire my cookie via Javascript. I cannot expect end users to do same. :)
I've seen this happen if the website is "a favorite" in IE11. Can you try the following?
Go to Internet options => Browsing History => Delete (untick "Preserve Favorites website data"). Click delete, and close IE11.
If your website is not a favorite, let me know.
If you've already cleared your cookies the normal way, have you tried unchecking (if set) the Preserver Favorites Website Data option under Delete Browsing History? Tools > Safety > Delete Browsing History OR Ctrl + Shift + Delete.
If the above doesn't work, try pressing F12 and then Ctrl + R to clear browser cache, confirm you want to delete the browser cache. There is also an option to clear cookies for that specific domain under the Cache tab in Developer Tools Window.
I had the same problem with IE11 working under Windows 8.1: somehow the delete Browser Cookie didn't take effect. I could verify it using Burp: the cookies were still sent to the website.
I tried the various options:
Internet options => Browsing History => Delete (untick "Preserve Favorites website data"). Click delete, and close IE11.
Manually typing 'Document.cookie = ""' into the Developer Console
Resetting IE to default configuration
The only thing that actually worked for me was clearing the Browser Cookies through the Developer Console, as mentioned by lloan. For IE11, it looks a bit different so if you are looking for it, here it is:
Open the Developer Tools using F12
Go to Network
Click on "Clear cookies for domain"
For screenshot, see here

How to set cookie based on browser tab

In my application i have set a cookie like
if(!isset($_COOKIE["uk_redirect_flag"])) {
setcookie("uk_redirect_flag", 1, time() + (86400 * 30), "/");
}
so if uk_redirect_flag = 0 I'm showing some flash message. If uk_redirect_flag =1 the flash message wont display. It is working in one tab on firefox. So my problem is when i open another tab on firefox uk_redirect_flag value is still 1.
I need to delete the cookie when i open new tab or close tab. How to set cookie value based on browser tab?
That's not possible since a cookie are defined by a path, that means that all browser tabs and windows by one user share the same cookie.
You could try this proposed solution: How to differ sessions in browser-tabs?
ir propose to use local storage.

Cookies doesn't appears in Chrome Console Resources tab

I'am working an a Grails app and create different cookies.
Some appears in the chrome console Resources TAB and some are not showing.
I need to get the value of these Cookies using Angularjs and can access only the one that are showing on console Resources TAB.
The other cookies are visible in the Chrome Content settings button.
In the Cookies section, but not in the Chrome console Resources TAB.
All cookies are created the same way:
Cookie cookie = new Cookie("username", username)
cookie.maxAge = 1209600 //14 days
cookie.httpOnly = true
response.addCookie(cookie)
Thanks for your help.
Ok the problem was the path. To be visible in all the page the path must be "/"
cookie.setPath("/")

Google chrome session expire=null not working

According to connects documentation the session should expire when the browser is closed:
By default cookie.maxAge is null, meaning no "expires" parameter is set
so the cookie becomes a browser-session cookie. When the user closes the
browser the cookie (and session) will be removed.
I am using express 3 with connect-mysql for session store (Tried with connect-mongo too and its the same), and this is how i set the session data.
req.session.userid = results[0].id;
req.session.ip = req.connection.remoteAddress;
req.session.useragent = req.headers['user-agent'];
req.session.is_logged_in = true;
This all works fine except in google chrome browser for some reason (This is in OS X Lion.I have no possibility to test under win or linux right now).
Anyone had this problem in google chrome and know a way to fix it?
This is a fairly wild guess, but I wouldn't be too surprised if it's this. Google chrome will keep running in the background if you have any extensions that make use of this installed. If that's the case after a log off-log in the session should be reset.
If that isn't it, could you please open the developer tools (cmd+alt+i) and copy all the information about the cookie from there (resources->cookies->yourdomain.com). (Especially what's written in the Expires column, because it should say Session)

Categories