I am using this JavaScript Code, but it will return only cookies of a particular page. I want to clean all the cookies of Browser
function deleteAllCookies() {
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i];
var eqPos = cookie.indexOf("=");
var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
}
};
You cannot delete cookies via Javascript that come from other domains than the page you are currently on. This is a browser security feature. And, if a cookie is marked for a particular path, you can only access it from a page on that particular path (even from the same domain).
And, for cookies that are marked HttpOnly (e.g. server-side access only cookies), you can't even delete those for your own domain via javascript.
The only way to clear all cookies is for you (the user) to use the browser's user interface to delete the cookies or to configure your browser to automatically clear cookies when you close the browser.
Related
I'm trying to access cross site url though IFrame and xyz.com is loading inside IFrame.
in xyz.com we have used asp.net membership module and we are using SetAuthCookie.
FormsAuthentication.SetAuthCookie(userName, false);
previously we were able to access these auth cookies in safari by using following logic by accessing top frame href by referrer.
<script>
window.onload = function () {
if (navigator.userAgent.indexOf('Safari') != -1 && (navigator.userAgent.indexOf('iPhone') != -1 || navigator.userAgent.indexOf('iPad') != -1)) {
var cookies = document.cookie;
if (top.location != document.location) {
if (!cookies) {
href = document.location.href;
href = (href.indexOf('?') == -1) ? href + '?' : href + '&';
top.location.href = href + 'reref=' + encodeURIComponent(document.referrer);
}
} else {
ts = new Date().getTime(); document.cookie = 'ts=' + ts;
rerefidx = document.location.href.indexOf('reref=');
if (rerefidx != -1) {
href = decodeURIComponent(document.location.href.substr(rerefidx + 6));
window.location.replace(href);
}
}
var redirectValue = document.getElementById('hgvRedirectValueHiddenField').value;
if (redirectValue != "") {
window.open(redirectValue, '_self');
}
}
}
</script>
But with the latest updates safary not allows to set
top.location.href = href + 'reref=' + encodeURIComponent(document.referrer);
and auth cookie seems no longer allows and getting following error
The frame attempting navigation of the top-level window is
cross-origin or untrusted and the user has never interacted with the
frame.
What will be the work around for this problem as I don't have access to ABC.com and cookieless forms authentication seems huge change for us.
Is that possible to ask users to accept cookies from inside Iframe page and set cookies?
As solution we have done some changes to web. config
<sessionState timeout="70" cookieless="AutoDetect" />
The possible values for "cookieless" attribute are:
AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
UseCookie: Session always use background cookie. This is default.
UseDeviceProfile: Session uses background cookie if browser supports cookies else URL is used.
UseUri: Session always use URL.
And added :
<authentication mode="Forms">
<forms loginUrl="Login.aspx" cookieless="AutoDetect" timeout="2880" name=".ASPXAUTH" slidingExpiration="true" />
</authentication>
i have stored the data in cookies by office task pane word add-in. to store the data in cookies i have used the following function.
function setCookie(cname, cvalue, exdays)
{
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires="+d.toUTCString();
document.cookie = cname + "=" + cvalue + "; " + expires;
}
This function stores the data. But when i'm trying to clear the cookies it doen't get cleared. I have cleared the history and delete the cookies of safari browser, i have cleared the cache and cookies at location ~/Library/caches and ~/Library/cookies but still cookies are not cleared. If anyone know the exact location where the cookies get stored, please let me know.
Thanks in advance.
Had a similar problem with Excel add-in.
Unlike JavaScript add-in on Windows, on Mac every time user closes the task pane, the embedded browser clears everything, including localStorage and Cookies.
A work around we came up with is to persist data to cells in a hidden sheet, but it should never be used for authentication.
I do not know where cookies are stored, but you can clear the cookies using this code:
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookieName = cookies[i].split("=")[0];
document.cookie = cookieName + "=;";
}
You can try to clear Internet explorer cookies as it use this browser internally.
Clear the Internet history and cookies for INTERNET EXPLORER. This should solve the issue.
Using IE11, I can display the content of all cookies, write out a cookie, find it, and delete it using JavaScript, even though I have my Privacy set to "Block All Cookies". (And actually, no matter what version I set my IE emulation to, the document.cookie still works.) It works as it should on Chrome with cookies disabled - i.e. document.cookie returns empty/nothing when I try to reference it in the same JavaScript.
I'm trying to detect whether the user has cookies turned off in their IE. (Old ASP app that requires IE with cookies. No JQuery. No Modernizr.) To do that, I'm attempting to write out a cookie, find it, and then delete it. That either works or it doesn't - which should tell me whether cookies are turned ON or OFF. Any ideas? I thought this was the safest way to detect a user's IE cookie setting.
My code:
<script language=javascript>
cookiesON = false;
if ("cookie" in document ) {
alert("1. document.cookie (before add): " + document.cookie);
var dateNow = new Date();
document.cookie = "testcookie=" + new Date()
alert("2. document.cookie (after add): " + document.cookie);
if (document.cookie.indexOf("testcookie=") > -1) {
cookiesON = true;
} else {
cookiesON = false;
}
// delete cookie: set cookie to expire 2 minutes ago
document.cookie="testcookie=xx; expires=" + (new Date(dateNow.getTime() - 2*60000).toGMTString());
alert("3. document.cookie (after delete): " + document.cookie);
}
On IE:
All 3 alerts show values for document.cookie, no matter whether cookies are turned on or off. You can see the testcookie being added and deleted back off.
On Chrome:
All 3 alerts show blank for document.cookie when cookies are off. Works as described for IE when cookies are turned on.
How can I clear a session cookie that resides in the browser memory programmatically, preferably using javascript?
Since it's a session cookie and doesn't have an expiry date, setting the expiration date in the past will not work like it does for a persistent cookie.
I have a current session for our website, but we have an iframe that connects to another site. This site creates a session cookie. I would like to clear their session cookie without effecting ours. I can do it in Firefox via the clear cookies option, but I need to do it programmatically.
Thanks
I never did try the following method of deleting cookies since I read that session cookies don't have an expiration date, but here's what I've found. Will this work for reseting the session cookie? I know this deletes all cookies, but I could modify it.
function deleteCookies() {
var allcookies = document.cookie.split(";");
for (var i = 0; i < allcookies.length; i++) {
var cookie = allcookies[i];
var eqPos = cookie.indexOf("=");
var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
}
}
Read about Same-origin policy
In short, if the iframe is loaded from a different domain of the page where your JavaScript runs, then you cannot have access to the cookie. This is security restriction.
If the iframe is the same domain and as the page with your JavaScript, then you can remove the iframe's cookie by chaning the expiration date or assign to it empty value.
I need (for practice) to set a cookie via bookmarklet in website X, and read him with another bookmarklet from website Y.
For example, set a cookie named "user" with value of "Guy" in Google, and read this from YouTube.
I managed to set the cookie, but can't think of any idea how to read him from website b.
Thanks!
You need two bookmarklets, a getter and a setter.
You go to site X and use the getter bookmarklet to read the cookie and let the user copy it to his clipboard.
Then you go to site Y and use the setter. The setter will prompt the user for the bookmarklet and the user will then paste it into the prompt. The code will then set the cookie accordingly.
You can of course combine these two bookmarklets into a single getter/setter. The prompt will contain the current cookie for the page. The user can then choose to either copy the cookie and cancel (using it as a getter) or choose to to alter the cookie and click "OK" (using it as a setter).
I was looking for a way to share cookies of a specific website with a friend (reading them in my browser via bookmarklet and my friend setting them on his browser also via bookmarklet). Not quite what you asked for, but searching brought me here. This is my approach:
First there is a bookmarklet for exporting cookies. It will remove unnecessary white-spaces and encode your data in a base64 string for safe transport:
javascript:(
function(){
prompt("GET cookies encoded in base64", btoa(document.cookie.replace(/\s/ig, "")));
}
)
();
Then there is a second bookmarklet for importing all cookies encoded in the string. You can also set an optional lifetime here (thanks to https://www.quirksmode.org/js/cookies.html):
javascript:(
function(){
var inputstring = prompt("SET cookies decoded from base64");
var inputclean = atob(inputstring).replace(/\s/ig, "");
if (confirm("These cookies will be imported:\n\n" + inputclean.replace(/;/ig, "; "))) {
var days = prompt("Cookie lifetime in full days", "365");
var cookiearray = inputclean.split(";");
cookiearray.forEach(function(entry) {
var expires = "";
var split = entry.split("=");
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days*24*60*60*1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = split[0] + "=" + (split[1] || "") + expires + "; path=/";
});
}
}
)
();
Do not forget you have to run those on a specific website or tab. It does NOT export the entire collection of the cookies your browser is storing.
According to this StackOverflow, how to get cookies from a different domain with php and javascript you can't get cookies from another domain UNLESS you have access to it, as it would be a huge security flaw.