I need to display a popup to the user once per session. My thought was to create a session cookie by creating a cookie with no expiration date to track if the popup has already been displayed. These cookies should be removed when the browser is closed. I have since learned that Chrome has a "feature" where session cookies are not removed (Chrome doesn't delete session cookies).
I am not asking why the cookies aren't deleted in chrome. I am asking if there is a way to force chrome to remove the cookies or some other solution to only display a popup once per session.
You can maybe use sessionStorage to store your flag? http://www.w3schools.com/html/html5_webstorage.asp
Or is this information required to be sent to the server on every request?
Related
Even if I use HttpOnly cookie I noticed that I can change the cookie from the browser.
And I store the users' tokens in the cookie,
so I don't want any user copy the token of another user, then he gets user authorization and data.
So I want to remove the cookies to remove All-access, if anyone has changed cookies in the browser.
You should hash it and make it time sensitive.
There's no way you forbid user to view and manipulate cookies on their browser.
I have a REST based service architecture. One service is used to login users. A successful login request results in a auth_token sent back to the web client.
I would like to store the token in localStorage which is working fine in most situations. However it is possible that the user disables localStorage or the browser is in private mode (as far as I know only an issue on Safari).
My question is: Is there any concept I can use as a fallback when localStorage is not available?
Is storing the token in the window variable an option?
Any ideas are appreciated.
Checkout this link to find whether you have local storage enabled or not.
https://mathiasbynens.be/notes/localstorage-pattern
Also, for the fallback you can use cookies always. Or even if the cookies is not enabled, the only way to support is by URL param. Usually, in these cases people will show a warning message staing their Localstorage/Cookie should be enabled in order to work with their site. Hope it helps .
Alternatively, you can store in window.name which will be carried over on one browser tab; if you open the same page on anther tab it wont be available.
So we have a web application that is accessed through a link from an email. When the user clicks on the link, we call a web service to pull the necessary data to the client. This data is then stored in the client's localstorage for the span of the user's session and cleared after.
The problem here is that if a user clicks on the link twice and logs out of one of the sessions, the local storage is cleared for both of the sessions.
So I've been thinking about solving this issue and here are my possible solutions:
Reusing the same tab for the external links of the same domain. But its not possible as of now.
Append the session Id to the keys of the localstorage and clear only them at logout. But in this case if someone does not logout properly, the local storage items will still persist and we don't want that.
So I'd like to know if there is any way to keep the local storage session specific or else if I should be skipping localstorage entirely. Thanks!
Use sessionStorage instead of localStorage. sessionStorage is specific to tab and those will be cleared on that tab. But sessionStorage is specific to one session that is from the point window opened to the close of that window.
I'm creating a session cookie via JavaScipt. The cookie is being created successfully, and when I check in Chrome developer tools, I see the cookie with an "Expires-Max Age" value of 'Session'. When I close the application in the Chrome tab, or when I close the entire browser, and re-enter the application, the cookie is still there. How long does it take for the cookie to actually be removed? Or is there something else I need to do?
I am setting a session cookie in one page using
setCookie("cookietime","1000");
And resetting it to "" on going back to previous page
setCookie("cookietime","");
When I go back I am showing an alert after seeting the cookie to "". it is showing "" in alert.
But in the next page it still shows "1000".
Is the cookie page specific
Cookies are stored client side and are computer+browser specific not page specific! I guess you are using document.cookie which should persist through the session - they persist even when the page is refreshed. Using window.name will only persist through the same browser window but will clear on page refresh. HTML5 localStorage may be a suitable alternative.
Relates question: Persist javascript variables across pages?
Session cookies are temporary cookie files that will be removed when you close your browser.
Persistent cookies remain on your browser until it expires or until you erase them.
Neither are page specific.
Note that session cookies in Firefox will be restored after a browser restart when you use the session restore feature, which can cause some inconsistencies.