JS: Chrome extension setting cookies - javascript

I'm using a Chrome extension to help me work on a webpage but it's setting cookies from doubleclick.net even though I've disabled third party cookies in the Chrome settings. It's annoying because they're filling up my console with messages.
They're not appearing in document.cookie so is there any way to delete them in JavaScript? Or some other way to stop them being set?

I personally the use EditThisCookie extension for chrome when developing web apps using cookies. It allows creation, editing, deleting and most importantly for you blocking of cookies.
You can block a domain from setting a cookie by:
1. Select the cookie from the menu and click block.
2. This opens a menu where you can set a rule blocking the domain from creating new cookies.

Related

window.clipboardData permissions

I'm creating web application on ASP.NET WebForms, and one of my tasks is copy/paste data to excel from web page. I/m using window.clipboardData, and it works for my user (local admin). But for other users it doesn't work. How can I fix it? Thank you.
This is a browser level permission, that need to be set depending of the browser.
In the documentation of your application you need to specify where and how to enable it on the browser.
I recommend you to explore each browser options, for your documentation.
For Internet Explorer you can go to Internet Options>Security>Add the Website/link to the trusted sites (Make sure https checkbox is checked, if your website is not using https). After adding it, go to Custom Level in the same window. It will pop another window, you can explore all the options for any other think you may need. The option to allow access to clipboard show be "Allow Programmatic clipboard access" and set it to enabled.
It may be a ActiveX Control that can make it automatically, but will work only for Internet Explorer.

Cross domain cookies in iOS 7

I'm trying to use the XAuth cross domain cookie trick with iOS 7. It does not seem to work.
When I mention cookies below it's really both cookies and localStorage values being set.
I have a page on www.client1.com opening a static webpage in an iframe on www.server.com that sets a cookie with a unique id. Next I open a new window/tab that loads www.client2.com that opens an iframe to www.server.com and attempt to access that same unique id from the cookie previously set.
This works on all platforms, including previous versions of iOS, that I have tried. But not on iOS 7.
I'm using the postMessage method to send information between the iframe and main frame.
What have they changed in iOS 7? Is there any way around this?
I was having a similar problem with a child iframe on b.com with an app cache manifest, hosted in a page served from a.com. The cache manifest would never be fetched by Safari so the child app would never be cached. Happened in WebViews also.
It turns out that iOS7 has a new Privacy/Security setting for blocking cookies (in previous versions of iOS the setting was for accepting cookies), and I found it must be set to 'Never'. The default is to block cookies 'From third parties and advertisers', and that is why my cache manifest was being blocked, and why your cookies aren't being retained.
I have a specialized audience so I can direct users to change their settings. I suppose without this luxury you would have to resort to redirection-fu to flip between the domains and back to ensure that the proper cookies get dropped. However, that approach still may not let child iframes see their own cookies -- Safari may block (i.e., not send) those cookies when the iframe is hosted in a page from a different domain. I haven't tested to confirm this, however.
FYI...
I am a Product Manager who's app had an issue with the cookie updates made in iOS7.0
- We use cookies to support user authentication....and the new cookie policy applied to both Safari AND apps.
This issue appears to have been addressed in iOS 7.0.3

Using Javascript to modify user in about:config Firefox

In our site, we are using Windows authenticated to identify users (via intranet). IE works perfectly. However, we have to set the network.automatic-ntlm-auth value to our INTRANET website via about:config in Firefox.
My question would be: Is it possible to change that value of "network.automatic-ntlm-auth.trusted-uris" using Javascript?
Thanks
For security reasons, it will never be possible to change browser configuration from a webpage.

Chrome doesn't delete session cookies

I'm trying to set session cookie in javascript like this:
document.cookie = 'name=alex; path=/'
But Chrome doesn't delete it even if I quit browser and launch it again.
I checked in Firefox and Opera and both work as intended - they delete session cookie on browser exit.
Is Chrome just ignoring expiration rules?
I checked in multiple OSes and found out that session cookie gets removed on Chrome in Windows XP and Ubuntu, but NOT in Mac OSX Lion.
This can be caused by having Chrome set to Continue where you left off.
Further reading
Bug report: Chrome is not deleting temporary cookies – i.e. not logging me out automatically when I close all browser Windows
Issue 128513 in Chromium: Session Cookies not cleared when Chrome processes closed
Issue 128567: Session only cookies don't delete
I just had the same problem with a cookie which was set to expire on "Browsing session end".
Unfortunately it did not so I played a bit with the settings of the browser.
Turned out that the feature that remembers the opened tabs when the browser is closed was the root of the problem. (The feature is named "On startup" - "Continue where I left off". At least on the current version of Chrome).
This also happens with Opera and Firefox.
I just had this issue.
I noticed that even after I closed my browser I had many Chrome processes running. Turns out these were each from my Chrome extension.
Under advanced settings I unchecked 'Continue running background apps when Google Chrome is closed' and my session cookies started working as they should.
Still a pain in the rear for all of us developers that have been coding expecting that session cookies would get cleared when the user is done browsing.
I had to both, unchecked, under advanced settings of Chrome :
'Continue running background apps when Google Chrome is closed'
"Continue where I left off", "On startup"
This maybe because Chrome is still running in background after you close the browser. Try to disable this feature by doing following:
Open chrome://settings/
Click "Show advanced settings ..."
Navigate down to System section and disable "Continue running background apps when Google Chrome is closed".
This will force Chrome to close completely and then it will delete session cookies.
However, I think Chrome should check and delete previous session cookies at it starting instead of closing.
A simple alternative is to use the new sessionStorage object. Per the comments, if you have 'continue where I left off' checked, sessionStorage will persist between restarts.
This issue is caused because you are using Continue where I left off and Continue running background apps when Google Chrome is closed feature of chrome (currently my version is 96).
Please consider setting those off (to test functionality).
I had the same problem with "document.cookie" in Windows 8.1, the only way that Chrome deletes the cookie was shutting it from task manager (not a really fancy way), so I decided to manage the cookies from the backend or use something like "js-cookie".
Have you tried to Remove hangouts extension in Google Chrome? because it forces chrome to keep running even you close all the windows.
I was also facing the problem but it resolved now.
Go to chrome://settings/content/cookies?search=cookies
Enable Clear cookies and site data when you quit Chrome.
Worked for me
If you set the domain for the php session cookie, browsers seem to hold on to it for 30 seconds or so. It doesn't seem to matter if you close the tab or browser window.
So if you are managing sessions using something like the following it may be causing the cookie to hang in the browser for longer than expected.
ini_set("session.cookie_domain", 'www.domain.com');
The only way I've found to get rid of the hanging cookie is to remove the line of code that sets the session cookie's domain. Also watch out for session_set_cookie_params() function. Dot prefixing the domain seems to have no bearing on the issue either.
This might be a php bug as php sends a session cookie (i.e. PHPSESSID=b855ed53d007a42a1d0d798d958e42c9) in the header after the session has been destroyed. Or it might be a server propagation issue but I don't thinks so since my test were on a private servers.
I just had this problem of Chrome storing a Session ID but I do not like the idea of disabling the option to continue where I left off. I looked at the cookies for the website and found a Session ID cookie for the login page. Deleting that did not correct my problem. I search for the domain and found there was another Session ID cookie on the domain. Deleting both Session ID cookies manually fixed the problem and I did not close and reopen the browser which could have restored the cookies.
The solution would be to use sessionStorage, FYI: https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
Google chrome has a problem if you set and unset cookie improper way. This is php code. Thought this will give you idea.
Set cookie
setcookie('userLoggedIn', 1, 0, PATH);
Wrong way and will not work (notice PATH is missing)
setcookie('userLoggedIn', 0, time()-3600);
Correct way fixes issue on google chrome
setcookie('userLoggedIn', 0, time()-3600, PATH);

Enable and Popup blocker in IE

I wrote a scripting logic in using ActiveX. When the application runs it is blocked by popup blocker. When I enabled it works fine, but I want to enable the popupblocker using JavaScript (especially in IE).
Obviously a website cannot modify the popup blocker settings. And that's a good thing.
You should avoid using ActiveX Controls because it is only supported by IE. Trying running your page on Firefox and it won't work.
Now the actual problem -
Firstly you need to understand what ActiveX Objects are used for? They basically allow a web application to interact with the client machine. For example it can use resources on my local hard drive. This is a security risk. So IE gives a warning for the same. You may disable it in your browser by going to Tools-> Internet Options -> Security Tab. Click "Custom Level" and change all the boxes with ActiveX text in it to "Enable".
But it will still show up in your client browsers.
So the point is try finding an alternative for it.
Hope this helps!
You cant. What you could do is have a message on screen which requests the user to turn off the popup blocker .

Categories