I've a requirement to verify for the website that I need to test.
Website shall not use cookies
My question, How do I find out the Smartway if any whether the entire Website is really using the cookies or not?
I know a way by which I'll disable the cookies in the browser and then while accessing the website from that browser it should shout out that cookies are not enabled in the browser. But I believe for this I'll have to check each-and-every webpage to confirm whole website is not using cookies.
You can run document.cookie in your console to read all the cookies accessible from that location.
You could also open up your dev tools and view them there. In Chrome, the cookies can be found in the application tab of the dev tools.
More info
if (document.cookie != null) {
alert("Cookies!")
} else {
alert("No cookies!")
}
<!-- YOUR CODE -->
<h1>Note: Stack Overflow dosent let me check document.cookie ):</h1>
I think this will work...
Related
I am developing wallet to pay for e-commerce websites.
I need to add a check on the JS page if the user has installed chrome extension ( iwallet ) or not.
As said in a previous answer you can't do that. That's because if such a thing was actually present it will be a privacy issue for the chrome users.
Actually the chrome web store is the only website that has access to such a chrome api.
BUT - looking at the source code of the extension you can check what the extension is altering in you browser or even which messages its listening to.
In the Iwallet source code I found in content-script.js and inpage.js that it sets a special window object property window.IWalletJS and you can simply check if it exist to determine if the extension is installed or not.
As simple as:
if('IWalletJS' in window){
console.log("IWallet is installed", window.IWalletJS);
} else {
console.log("IWallet is not installed");
}
Take a look at the object attached to this property you can check if the user is logged, account name and more.
so I set some cookies manually via Javascript by writing to document.cookie and they are getting written fine.
I checked using
console.log(document.cookie)
My issue is that even if I manually cleared my history via
Internet options => Browsing History => Delete (making sure "Cookies
and other website data" is ticked)
Making sure "Delete browsing
history on exit" is ticked and "Cookies and other website data" is
also ticked
document.cookie still shows the cookie values I manually created.
Things I've tried:
Close the tab. Manually clear my history. And then reopen my page on a new tab
Close IE11 completely. Reopen the app. And then open my page on a new tab
Any ideas what I could be doing wrong?
Thanks
ps. While I can expire my cookie via Javascript. I cannot expect end users to do same. :)
I've seen this happen if the website is "a favorite" in IE11. Can you try the following?
Go to Internet options => Browsing History => Delete (untick "Preserve Favorites website data"). Click delete, and close IE11.
If your website is not a favorite, let me know.
If you've already cleared your cookies the normal way, have you tried unchecking (if set) the Preserver Favorites Website Data option under Delete Browsing History? Tools > Safety > Delete Browsing History OR Ctrl + Shift + Delete.
If the above doesn't work, try pressing F12 and then Ctrl + R to clear browser cache, confirm you want to delete the browser cache. There is also an option to clear cookies for that specific domain under the Cache tab in Developer Tools Window.
I had the same problem with IE11 working under Windows 8.1: somehow the delete Browser Cookie didn't take effect. I could verify it using Burp: the cookies were still sent to the website.
I tried the various options:
Internet options => Browsing History => Delete (untick "Preserve Favorites website data"). Click delete, and close IE11.
Manually typing 'Document.cookie = ""' into the Developer Console
Resetting IE to default configuration
The only thing that actually worked for me was clearing the Browser Cookies through the Developer Console, as mentioned by lloan. For IE11, it looks a bit different so if you are looking for it, here it is:
Open the Developer Tools using F12
Go to Network
Click on "Clear cookies for domain"
For screenshot, see here
I need to delete gmail cookies set in my chrome browser, using chrome extension , but it can delete all cookies other then Gmail cookies, then I noticed that Gmail cookies are httponly, Is there a way to remove them using javascript chrome extension..
Thanks :)
Chrome extensions can use chrome.cookies API, that has access to all cookies in the cookie store, including httpOnly.
The documentation for the API is here.
Note that this API requires declaring a permission and will not work from content scripts.
This one works absolutely fine for deleting every cookie, even if it is httponly
chrome.cookies.getAll({'domain':'accounts.google.com'},function(cookie){
for(i=0;i<cookie.length;i++){
var prefix = "https://";
var url = prefix + cookie[i].domain + cookie[i].path;
chrome.cookies.remove({'url':url , 'name':cookie[i].name},function(cookie){ });
}
});
The point of HTTPOnly cookies is not let javascript to access them.
So basically you can not read them.
If you want to delete them you can do it from the options that offers browser
I'am working an a Grails app and create different cookies.
Some appears in the chrome console Resources TAB and some are not showing.
I need to get the value of these Cookies using Angularjs and can access only the one that are showing on console Resources TAB.
The other cookies are visible in the Chrome Content settings button.
In the Cookies section, but not in the Chrome console Resources TAB.
All cookies are created the same way:
Cookie cookie = new Cookie("username", username)
cookie.maxAge = 1209600 //14 days
cookie.httpOnly = true
response.addCookie(cookie)
Thanks for your help.
Ok the problem was the path. To be visible in all the page the path must be "/"
cookie.setPath("/")
I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject.
my function is:
//~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~
function openWin(url)
{
if (!document.all) {
alert ("Available only with Internet Explorer.");
return;
}
var ws = new ActiveXObject("WScript.Shell");
ws.Exec(url);
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded.
Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.
You can't. Your users can, by giving your page trusted access to their computer (e.g., by adding the URL to the "Trusted Sites" zone).
You should enable activeX in Internet explorer security settings.
http://www.nrc.gov/reading-rm/adams/install/enabling-active-x.html
If you want your users to not seeing this message, then they should enable it. But you can't force them to do it because of security issues.