I've created a cookie in Scala, which I would like Javascript to be able to delete and/or modify.
Here is how I created the cookie in Scala ensuring the httpOnly param is set to false: (
Sticky Cookies in Scala
)
I used the following method to delete the cookie in JavaScript, but the cookie does not delete.
( javascript - delete cookie )
Aside from attempting to delete the cookie, it doesn't seem like I can modify the contents of the cookie either.
How can I ensure the JavaScript can modify and delete the cookie created in Scala?
I fixed the issue.
I had to ensure that both the cookie created in Scala and the one deleted/modified in JavaScript both had the same path.
For example, in Scala:
new Cookie(sCookieID, sValue, Option(nSecondsExpire), "/", scala.None, false, false)
In JavaScript:
document.cookie = sCookieID + "=" + sValue+ "; " + sExpire + "; path=/";
Notice the path in both examples used "/". Once I used the same path, I was able to delete/modify the cookies in JavaScript. Before this I hadn't explicitly set the path in the JavaScript code.
Related
I'm setting a "SESSION" cookie via JS:
var d = new Date();
d.setTime(d.getTime() + (2*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cookie.name + "=" + cookie.value +";"+ expires + ";
path="+cookie.path+";domain="+data.shared_domain+";";
Then I'm deleting the cookie by making it expire, via JS:
document.cookie = "SESSION=; expires=Thu, 01 Jan 1971 00:00:01 UTC; path=/;domain="+domain;
After doing this, console.log(document.cookie) will return all other cookies except this one, which is what I would expect.
On the other hand, I am doing session checks via PHP, trying to read the cookie by doing $_COOKIE["SESSION"].
isset($_COOKIE["SESSION"]) will return true, and I can read the old value of the cookie. No matter how many times I refresh the page, it still reads it.
Am I misunderstanding how cookies work? Is there another way to check if a cookie has expired in PHP?
Update:
Yes, the problem is that the cookie has an HttpOnly flag.
So now I'm trying to delete it via PHP. Based on this other question, I do:
setcookie("SESSION", "", time()-3600);
if (isset($_COOKIE['SESSION'])) unset($_COOKIE['SESSION']);
When I'm done, I check that it's gone with a quick var_dump($_COOKIE), and yes, it is nowhere to be seen.
Except that Chrome still sees it (expired in 1969), and when I navigate to another part of the site, checking for that cookie will return a value.
I will add one extra piece of information, in case it makes a difference: This cookie is shared by sub.domain.com and app.sub.domain.com. When I set it, I set it for .domain.com. And I unset it for .domain.com as well.
How can I get rid of that cookie for good?
It's not clear how you're creating the cookie in the first place; I assume using PHP's session handler, but you haven't specified.
Either way, it is likely being generated with cookie security settings that limit access to it from the JavaScript. This setting is called httpOnly and is typically used on session cookies and other similar cookie data that is intended for use only by the server-side code.
If this cookie setting has been set (and any good session handler will have set it), then you simply won't be able to set or unset this cookie from the browser; you will have to do it from your PHP code.
For more info on this topic, see this wikipedia article: https://en.wikipedia.org/wiki/Secure_cookie
I have two subdomains foo.example.com and bar.example.com, I am setting javascript cookies on the foo.example.com, but not able access it on bar.example.com, please suggest a way to access the cookie created on the foo.example.com on bar.example.com
In php I set a persistent cookie to do something similar, if it can be accessed from separate browsing sessions it can be accessed cross-domain i'd imagine.
I have "borrowed" this javascript from #pete because I'm not a JS expert, and barely even a novice, but I think something along these lines could work, set a cookie to expire after a year or other time period, as opposed to when browser session closes or the page has been left.
You'll need to do some messing about with it but hey, that's the fun part!
// Build the expiration date string:
var expiration_date = new Date();
var cookie_string = '';
expiration_date.setFullYear(expiration_date.getFullYear() + 1);
// Build the set-cookie string:
cookie_string = "test_cookies=true; path=/; expires=" +
expiration_date.toUTCString();
// Create or update the cookie:
document.cookie = cookie_string;
I'm very new to JMeter and need your help on how to modify a cookie.
Here is the scenario:
I'm testing an assessment/test taking website that offers multiple answers to questions. When a user makes his selections and hits the submit button, the JavaScript in the page appends his answers (e.g., "Answers = BBAACDA...") to the cookie and makes the next GET request (instead of a POST request!).
Since, JMeter does not execute JavaScript (as popularly mentioned in its manual - it's not a browser), it cannot append the answers to the cookie. As a result, my test plan fails to recognize user interaction.
How can I add/append/modify a dynamic cookie? Thanks in advance!
--Ishti
Use a Beanshell pre-processor or better a Jsr223 Pre-Processor with groovy and use code mentionned here:
http://javaworks.wordpress.com/2011/08/05/setting-cookie-in-jmeter/
Code:
import org.apache.jmeter.protocol.http.control.CookieManager;
import org.apache.jmeter.protocol.http.control.Cookie;
CookieManager manager = sampler.getCookieManager();
Cookie cookie = new Cookie("<NAME>","<VALUE>","<HOST>","/",false,0);
manager.add(cookie);
I had to implement some changes in the code that worked for me:
import org.apache.jmeter.protocol.http.control.CookieManager;
import org.apache.jmeter.protocol.http.control.Cookie;
CookieManager manager = ctx.getCurrentSampler().getCookieManager();
Cookie cookie = new Cookie("<NAME>","<VALUE>","<DOMAIN>","<PATH>",false,0, true, true, 0);
manager.add(cookie);
Following the definition in http://jmeter.apache.org/api/org/apache/jmeter/protocol/http/control/Cookie.html
It is possible to modify or add a cookie manually in a groovy pre-processor script in the same way as https://stackoverflow.com/a/38505077/5747304.
Here's how to find and edit a cookie by browsing all cookies in the cookie manager:
import org.apache.jmeter.protocol.http.control.CookieManager;
import org.apache.jmeter.protocol.http.control.Cookie;
log.info("#########################################################################");
// cookie manager
CookieManager manager = ctx.getCurrentSampler().getCookieManager();
def NbOfCookies = manager.getCookieCount();
for (def i = 0; i < NbOfCookies; i++) {
log.info("Cookie n° " + (i+1) + ": " + manager.get(i).getName() + ": " + manager.get(i).getValue());
if (manager.get(i).getName() == "Cookie_name_to_find") {
log.info("MAJ of Cookie_name_to_find");
manager.get(i).setValue("New_cookie_value");
log.info("-> " + manager.get(i).getName() + ": " + manager.get(i).getValue());
}
}
log.info("#########################################################################");
Here is the list of cookie manager methods like add or delete ...: http://jmeter.apache.org/api/org/apache/jmeter/protocol/http/control/CookieManager.html.
Here is the list of cookie methods to modify more properties like the domain, its expiration date ...: http://jmeter.apache.org/api/org/apache/jmeter/protocol/http/control/Cookie .html
It should be known that according to the standart chosen in the cookie manager, the manually modified values can still be modified by the manager before the request so you have to be careful.
There is a cool Firefox extension which lets you export all cookies to a Netscape HTTP Cookies File, cookies.txt, which you can then use with wget (et.al.)
Here is an example cookies.txt file for the happycog.com site:
# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This is a generated file! Do not edit.
cognition.happycog.com FALSE / FALSE 1345696044 exp_last_visit 998800044
cognition.happycog.com FALSE / FALSE 1345696044 exp_last_activity 1314160044
How can I build the same style "cookies export" with Javascript? Granted it would only be able to read cookies for the current domain. That would be just fine.
Additional Details:
I realize that cookies can't be exported to the file system with pure javascript. I'd be happy with them being exported to a textarea, or with document.write. I just want to know how I can get them in the same format where I can basically copy and paste them to a cookies.txt file. The challenge here is to do it with javascript, though, and not to use an addon.
var cookieData = document.cookie.split(';').map(function(c) {
var i = c.indexOf('=');
return [c.substring(0, i), c.substring(i + 1)];
});
copy(JSON.stringify(JSON.stringify(cookieData)));
This will export your cookies into an array of key/value pairs (eg. [ [key1, val1], [key2, val2], ...]), and then copy it to your clipboard. It will not retain any expiration date info because that's impossible to extract via Javascript.
To import the cookies back, you'd run the following code:
var cookieData = JSON.parse(/*Paste cookie data string from clipboard*/);
cookieData.forEach(function (arr) {
document.cookie = arr[0] + '=' + arr[1];
});
Sorry about the delayed response - had to sleep. I have just been playing with this and concluded that the answer is NO.
The reason for this is that Javascript does not have access to any more information than the cookie's name and value, you can't retrieve the path, expiry time, etc etc. What do you actually want to do? Is this for one specific site you are developing or just for general use when browsing?
All cookies for the page is stored in document.cookie
I am attempting to set a cookie on a particular page to be read on another page. I wish to know why the other page is not being sent the cookie. Examining what is going on shows that the cookie is being set, but is not being sent to the server. My understanding was that if the path of a cookie is not set, the cookie will be sent to any page on the domain, though I tried adding path=/ to the cookie in case that would help anyhow. Opera has the cookie tagged as "Only sent to creator" for whatever reason. I'm sure I'm missing something simple.
<script type="text/javascript">
function setCookie(c_name,value,expiredays)
{
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString());
}
setCookie("mycookie",document.location.href,7);
</script>
http://www.site.com/Folder/subfolder/page.aspx - Cookie set here
http://www.site.com/folder/page.aspx - Cookie should be sent here. Why isn't it?
As you said yourself, add the path:
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString()+" ;path=/");
If it's not working, clear all cookies and start again. Old cookies without the path set might be messing something up.
It certainly won't work without explicitly setting path; it certainly should work if you are setting the path.