webbugs like behavior to send specific and general info to server - javascript

I have been finding solutions for one technique that I need in my web app. All the big websites have that solution implemented.
Like Facebook, when user is logged in, and then that user open another tab, and go to xyz website. And that website say has facebook script on it. I have observed that without doing anything on xyz website (just visiting), Facebook ads are tuned related to the user being visited to xyz website.
I know webbugs can send data such as IP of user who is visiting xyz website but how come the specific information is also sent to facebook that facebook uses to tune ads experience for specific user. Specific action may be like, if I go to Qatar Airways website and search for flights from destination A to B then on Facebook I get ads related to deals on Qatar Airways from A to B.
How its technically possible? to me it seems like connecting two cookies. Or what else is possible? I need steps that I need to take to configure my server and client to achieve this functionality. And also what I need to do on other websites that user visits. Thanks

IP Addresses ,
HTTP Referrer ,
Cookies & Tracking Scripts ,
Super Cookies ,
User Agent .
steps : https://developers.google.com/analytics/devguides/collection/analyticsjs/

Related

Javascript - get click another site page link?

I want to know if my website user click in a link in another website so I can show him a thank you message.
I want to get this click in another website link. Is it possible? How can I do something like this?
Thank you
Your question doesn't state whether you control the link you are trying to monitor, or if you are trying to monitor a link controlled by a third-party website. I'm going to assume the later, but if you control the link, then see the first comment to your answer.
The short version is that there is no way to independently monitor a user's action on another website from within your own. To allow this would violate some of the fundamental tenants that networking and the Internet are based on. For example, if I host the website www.reallyCoolRocksToBuy.com and I want to know whether or not you just purchased a really cool rock on Amazon after viewing it on my site, there is no way to directly get this data even though both my website and Amazon's are open in your browser at the same time.
The highest level object you can access via Java or HTML normally (there are always some exceptions) is the Window object of your own page. There used to be a way to have some control over a third-party page that was launched in a window that you spawned, but this is no longer possible, and even it it was, you still wouldn't be able to monitor any links from that site.
The only way to achieve what you want is for the third-party site to be involved in the communication. Many sites have APIs for sending and receiving referral or link information. For example, Amazon has an API that you can use when someone clicks on an Amazon link from your site. There are a number of ways this is achieved, but basically your link sends a specially encoded string to Amazon identifying your site as the referrer. Amazon can this use this string to create and share session information from the visitor. Depending on what your relationship was with Amazon, you might be able to use this session information to find out if your user purchased a pretty rock from Amazon, but it would be entirely up to Amazon to share this information.
Cookies and other local data can also be used to achieve similar results, but again, you have to have the cooperation of the site.

Recognize users redirected from social networks shared content

I've been researching a lot and couldn't find anything close to my story. I'm stuck currently.
I need to figure out whether user comes to my website by clicking on shared content from social networks (Facebook, Twitter,Linkedin ) or user just accesses directly?
For instance, I shared my website on Facebook and some of my friends see it and click on the share content, so I want to recognize those users as user that are coming from social virality.
Any idea how it can be implemented ?
It can be implemented by checking the Referer of incoming HTTP requests.
As the referer is a HTTP header, it can be accessed this way in Django:
referer = request.META.get('HTTP_REFERER')
Beware that you cannot rely on the Referer header being correct as the user can change it or prevent it being sent.
Try using Google analytics, it gives you all statistics like where visitor came from, what device your visitor use and much more. You can signup by below link
www.google.com/analytics
Let me know if you need some more input

How to restrict a Web page to only open when a request for it comes from a specific referrer

I'm writing a new JavaScript based Web app, which I need to secure in the following specific manner:
I should only allow for my app's index.html to be served if the request for it comes from a specific site.
By doing that, I will be forcing my users to go to that specific corporate site first, which will require for them to authenticate. Once the user is logged onto that site, they are provided with a link to my app. If my app's index.html is requested in any other way, beside following that corporate link, I would like to redirect the user to that corporate site.
How can this be accomplished?
You can use document.referrer to get the referral page. Once you get that from your corporate site you can probably put in some logic to redirect to the corporate site if it doesn't match where you're expecting.
Something tells me this isn't the best way to handle user authentication, but I'm new to that aspect.
Note: I'm on my phone, so excuse lack of code tags for that tiny bit up there.
Set a variable to the document.referrer().Then check the condition properly to determine if the referrer is in the proper page and if its not do a redirect..

automatic login to a website

I have got a 3rd party website, which my customer wants to me to login into in order to download some data periodicaly.
The data is customer specific, and password protected.
I have the username/password, and I have searched for ways to do the login automatically so that I can pull data, but so far with no success.
This is a method that I have tried:
http://crunchify.com/automatic-html-login-using-post-method-autologin-a-website-on-double-click/
When I look into the login page of the website which I am trying to login to (view source), I don't see the login form, but if I click on "inspect element" in chrome on the fields of the page it does show that there is a login form hiding in there.
Any suggestions
Edit:
Here is the website which I need to autologin to: http://portal.dorad.co.il/#/Login unfortunatlly it's not in english. The first field is the username, the second field is the password and the button is the login
Edit2:
Taking pomeh's advice, I was able to find the jQuery code that is being triggerted when the text boxes are being modified. Now I want to run this script manually using element.DomContainer.Eval
(function(n,t){function vi(n){var t=n.length,r=i.type(n);return i.isWindow(n)?!1:1===n.nodeType&&t?!0:"array"===r||"function"!==r&&(0===t||"number"==typeof t&&t>0&&t-1 in n)}function ne(n){var t=li[n]={};return i.each(n.match(s)||[],function(n,i){t[i]=!0}),t}function uu(n,r,u,f){if(i.acceptData(n)){var s,h,c=i.expando,a="string"==typeof r,l=n.nodeType,o=l?i.cache:n,e=l?n[c]:n[c]&&c;if(e&&o[e]&&(f||o[e].data)||!a||u!==t)return e||(l?n[c]=e=tt.pop()||i.guid++:e=c),o[e]||(o[e]={},l||(o[e].toJSON=i.noop)),("object"==typeof r||"function"==typeof r)&&
...
(t=n(this);r=r.not(t),t.removeData(f),r.length||clearTimeout(c)},add:function(t){function s(t,u,e){var s=n(this),o=n.data(this,f);o.w=u!==i?u:s.width(),o.h=e!==i?e:s.height(),r.apply(this,arguments)}if(!u[o]&&this[e])return!1;var r;if(n.isFunction(t))return r=t,s;r=t.handler,t.handler=s}}}(jQuery,this)
I am not sure how to activate it and give it the relevant data.
If you have the right mix of technical requirements then you want Single-Site-Sign-On (SSSO).
Not all of my clients have SSL and I don't want my user name and password on all of their sites. They are however all on the same server. Since my site supports SSL I can log in to my own site securely.
What you need to do conceptually speaking is log the IP of the administrator account along with the data/time stamp. Then if you visit your client's website (again, on the same server) from that same IP you can have your scripting language check the file. I require a short time-span (anywhere between 30 seconds to two minutes tops) and the same IP address. You can add additional technical requirements to strengthen security of course though your options will be limited as the domain name will be different. If the IP matches the criteria emulate the user being authenticated (static obviously since you likely won't/shouldn't have your administrative account information on their site) and you can be automatically signed in.
Maybe you could do this using a web scraping framework like:
Goutte for PHP (https://github.com/fabpot/goutte)
Scrapy for Python (http://scrapy.org/)
node.io for Node.js (https://github.com/chriso/node.io)
request for Node.js (https://github.com/mikeal/request)
WatiN for .Net (http://watin.org/)
In any case, I think a client side solutions will bring a lot of problems to do this. Maybe you can login into it using a form tag which points to the page, but you won't be able to manipulate the page afterwards. Also, you may not be able to use AJAX due to CORS restriction. You could embed the target page as an iframe but you can't either manipulate the page because of differents domains used (you can do that under certains conditions but it's hard to achieve this imho). So a server side solutions sounds better to me.

Is there a cross browser way to turn off cookies using Javascript?

Everyone of us knows the new law which is a pain for developers who are using cookies on their websites.
We have to ask our users if they allow us to create cookies on their machines. If they won't allow us this thing, how do we turn off cookies with javascript?
Is there a way to turn off cookies just for one website? Is there a compatible script which will work for all browsers?
What about 3rd parties cookies (Youtube, or Google Analytics? They are also stored in our website folder..)
Thank you!
You can't turn off cookies from the client. Your client code can stop creating new cookies, but even then the server could still be putting cookies on the page. If you want to stop creating cookies for a particular site, then you need to stop doing so in both your client code and your server code.
FYI, is it really cookies-per-se that are the problem - or is it more what you do with those cookies (like tracking a given user). For example, if you set a cookie just to remember what tab the current user was last on (with no other identifying information in the cookie and no use of that cookie on the server), is that a problem? Or, a cookie that stores a temporary session ID so that the server can keep track of the items in your shopping cart. I doubt these are issues because these aren't tracking or privacy issues.
As every country has their own laws in regard to this, if you are aiming for compliance with a particular country's laws, you will have to consult their exact laws.
I have no idea what all the different laws are across different countries, but the Dutch cookielaws aren't all that strict and most sites won't have to change a thing. You might want to look into the exact laws that apply to your website before you try to purge all cookie creations from it.
In short Dutch cookielaws come down to:
A website must ask permission to place cookies that track the user (this includes 3rd party cookies, such as cookies added by Google).
A website doesn't need to ask users for permission to place cookies that are required to run the website. An example of such a cookie is a cookie that keeps track of what you placed in your shopping cart.
Most implementations of this law that I have seen so far are similar to the one found on fok.nl. The first time the user opens the site a large popup is thrown into their face that will only let the user open the real website if they permit the site to place cookies. I assume this setting is then stored in a new cookie so the user never gets bothered with it again. This solution shouldn't be too difficult to implement.
Edit:
Here are some more examples of implementations: http://www.stormmc.nl/nieuws/nederlandse-voorbeelden-implementatie-cookiewet/ (just click the links).

Categories