Cookie disabled issue in IE - javascript

While testing our site with IE, we were disabling/enabling the cookies from the privacy settings tab. But this not does seem to work as expected. (for the first time it worked, and from then on,it stopped working).Chrome and Firefox seem to work fine though.
the logic we have written to check if cookies are enabled/disabled is as follows:
We try to create a test cookie using document.cookie(we have not specified any domain nor an expiry date). If the cookie can be created, then we say the cookies are enabled,else they are disabled.We then go ahead and remove the test cookie. The problem in IE is that,even if the cookies are enabled,we are not able to create the test cookie/if they are disabled, we are able to create the test cookie. It happens both the ways.
any thoughts/ideas?

Related

How to catch cookie change/disappear in browser debug tools?

I have cookie disappearing in my webapp when it shouldn't (expring date is a year ahead).
Can I set breakpoint on cookie change or something?
In Firebug you had the chance to stop the JavaScript execution on cookie changes. The current DevTools don't provide such a feature yet.
For Firefox it is requested in https://bugzil.la/895893, and I've just requested to add it to Chrome's DevTools in https://bugs.chromium.org/p/chromium/issues/detail?id=1171347.
What you can do right now is to search through the code within the Debugger to find the places where the cookies are changed.
To do that, you have to
Switch to the Debugger panel
Press Ctrl+Shift+F to search within all files
Enter document.cookie and hit Enter
Set a breakpoint for each found statement setting this variable
As there's currently only this way to add, remove or change cookies in JavaScript, this should allow you to find the place where the cookie you're searching is removed.

Why do certain redirects cause Nexus Chrome browser to not run Javascript?

On the Chrome 18.0.1025469 browser for Nexus 7, 4.2.2. certain redirects seem to cause Javascript not to load.
For example the following page: http://jsfiddle.net/NTEQF/show/
has the javascript
alert(1)
On my nexus I see the the alert if I type in the following:
jsfiddle.net/NTEQF/show/
But if I type in (with a clear cache)
www.jsfiddle.net/NTEQF/show/
I can see the url redirect to jsfiddle.net/NTEQF/show/ but I see no alert.
Once I visit the page a few times, the alert starts to show up. To reproduce the no alert consistently, I can clear all the data through the devices setting panel: Apps > All > Chrome > Clear Data - Sometime clearing the cache through the privacy settings within Chrome does the trick too.
This means that there are situations where pages can load as if you have Javascript disabled when it is enabled. Any ideas as to what causes this or how to fix it aside from not using redirects? I have seen the issue both on redirects that remove and add www.
You must be consistent with redirects.
If you call www.whateverpage.com on one redirect and then just whateverpage.com on another, you are actually going to two different domains, so any cookies or session cookies might be set for one domain but not the other. This is true also if you have for example a page like mobile.whateverpage.com. These are all different domains, so you'll have to treat them accordingly.

Google chrome session expire=null not working

According to connects documentation the session should expire when the browser is closed:
By default cookie.maxAge is null, meaning no "expires" parameter is set
so the cookie becomes a browser-session cookie. When the user closes the
browser the cookie (and session) will be removed.
I am using express 3 with connect-mysql for session store (Tried with connect-mongo too and its the same), and this is how i set the session data.
req.session.userid = results[0].id;
req.session.ip = req.connection.remoteAddress;
req.session.useragent = req.headers['user-agent'];
req.session.is_logged_in = true;
This all works fine except in google chrome browser for some reason (This is in OS X Lion.I have no possibility to test under win or linux right now).
Anyone had this problem in google chrome and know a way to fix it?
This is a fairly wild guess, but I wouldn't be too surprised if it's this. Google chrome will keep running in the background if you have any extensions that make use of this installed. If that's the case after a log off-log in the session should be reset.
If that isn't it, could you please open the developer tools (cmd+alt+i) and copy all the information about the cookie from there (resources->cookies->yourdomain.com). (Especially what's written in the Expires column, because it should say Session)

Cookies with expiration lost by IE6, IE7 when loaded by JS on a different domain

We trying to write an affiliate tracking system.
Users click on a link to a PHP script on server A that puts some cookies with tracking info. The script then redirects them to a landing page on server B. Once the user gets to a destination page a javascript generated by PHP code is loaded, using the previously set cookies.
This all works fine on Safari, FF, and IE9.
We had an issue on IE8 where the php that generates the javascript was only getting sent back cookies that were set without using any parameters other than name and value. Cookies that were given an expiration date were not sent back. This we eventually fixed by setting the cookie path to /, even though both of the php scripts ( the setter and the getter ) are in the same path. But that fix only worked for IE8, we still have the same problem with IE6 and IE7.
Also If we call the getter script directly ( not from a script tag on server B) then everything works as expected.
Also we have tried setting IE privacy settings to their lowest setting.
Example of how we are setting the cookies
<?PHP
setcookie($key,$val);//this works
//this doesn't
setcookie('COOKIE', json_encode($info), time()+259200000);
In IE8 some date format used by Other browsers even in IE7 and IE9 is not supported, can you review the date format, else paste set cookie code here, we can check for you.
Ok so the sorter cookie time fixed for IE7 but not for IE6
For IE6 we needed to use P3P headers, I put them on both the script that writes the cookie and that reads the cookie.
<?PHP
header('Cache-Control: public, max-age=0, must-revalidate');
header('P3P: policyref="/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"');
We might have only needed it on the script that writes the cookie, but now it works so I'm not going to mess with it if I don't have too.

How to turn off caching on Firefox?

During development I have to "clear cache" in Firefox all the time in order to make it use the latest version of JavaScript files.
Is there some kind of setting (about:config) to turn off caching completely for JavaScript files? Or, if not, for all files?
Enter "about:config" into the Firefox address bar and set:
browser.cache.disk.enable = false
browser.cache.memory.enable = false
If developing locally, or using HTML5's new manifest attribute you may have to also set the following in about:config -
browser.cache.offline.enable = false
The Web Developer Toolbar has an option to disable caching which makes it very easy to turn it on and off when you need it.
Have you tried to use CTRL-F5 to update the page?
There is no specific option to disable caching only for JavaScript, you will have to disable caching entirely.
FireBug has an option to disable the browser cache on the Network tab's drop down menu.
Firefox 48 Developer Tools
Allows you to turn off cache only when toolbox is open, which is perfect for web development:
F12
gearbox on right upper corner
scroll down top Advanced settings
check "Disable Cache (when toolbox is open)"
https://stackoverflow.com/a/27397425/895245 has similar content, but positioning changed a bit since.
On the same page you want to disable the caching do this :
FYI: the version am working on is 30.0
You can :
After that it will reload page from its own (you are on) and every thing is recached and any furthure request are recahed every time too and you may keep the web developer open always to keep an eye and make sure its always on (check).
If you're working with server side code you could generate a random number and append it to the end of the src in the following manner....
src="yourJavascriptFile.js?randomNumber=434534"
with the randomNumber being randomly generated each time.
I know I'm resurrecting an ancient question, but I was trying to solve this problem today and have an alternate solution. Toggling caching when I want to test was not really acceptable for me, and as others mentioned, hard refreshing (ctrl+shift+r) doesn't always work.
Instead, I opted to put the following in my vhost.conf file (can also be done in .htaccess) on my dev environment:
<FilesMatch "\.(js|css)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
On my dev environment, this ensures that js and css are always retrieved. Additionally it doesn't affect the rest of my browsing, and it also works for all browsers, so testing in chrome / ie etc is also easy.
Found the snippet here, some other handy apache tricks as well: http://www.askapache.com/htaccess/using-http-headers-with-htaccess.html#prevent-caching-with-htaccess
To make sure that my clients always see the latest version on production, we increment the query string on the js include on each update, ie
jquery.somefile.js?v=0.5
This forces my clients' browsers to update their local cache when they see a new querystring, but then caches the new copy until the file is updated again
Best strategy is to design your site to build a unique URL to your JS files, that gets reset every time there is a change. That way it caches when there has been no change, but imediately reloads when any change occurs.
You'd need to adjust for your specific environment tools, but if you are using PHP/Apache, here's a great solution for both you, and the end-users.
http://verens.com/archives/2008/04/09/javascript-cache-problem-solved/
You can use CTRL-F5 to reload bypassing the cache.
You can set the preferences in firefox not to use the cache
network.http.use-cache = false
You can setup you web server to send a no-cache/Expires/Cache-Control headers for the js files.
Here is an example for apache web server.
If you use FireBug, on the Network tab's drop down menu there is an option do disable the browser's cache.
There are pros and cons to the last two solutions posted, but they're both IMHO great solutions.
You may or may not want your session ID embedded in your url like that for tighter security. But in development that shouldn't matter, but what if you forget to remove it?
Also does that really work? Wouldn't you need something like a sequential number generator (hit count stored in the session, or maybe even just if 1 then 0, if 0 then 1)?
Adding a session id (or whatever sequencer) means you need to remember to add it to every resource you don't want cached. On the one hand that's better because you can just include your session id with just that resource you're actively developing and testing. On the other hand, it means you have to do that and you have to remember to remove that for production.
Modifying the vhost.conf or the .htaccess file does the trick nicely without the need to remember to add and remove the session id. But the downside is performance of all js and css resources will be affected, and if you have large files, that's going to slow you down.
Both seem like great, elegant solutions -- depends on your needs.
I use CTRL-SHIFT-DELETE which activates the privacy feature, allowing you to clear your cache, reset cookies, etc, all at once. You can even configure it so that it just DOES it, instead of popping up a dialog box asking you to confirm.
In higher versions of Firefox, like Nightly, there is an options named "disable cache", you can find it by clicking the gear. And that options works only in current session, which means when you close inspector and restart it, you have to check it again if you want catch disabled.
After 2 hours of browsing for various alternatives, this is something that worked for me.
My requirement was disabling caching of js and css files in my spring secured web application. But at the same time caching these files "within" a particular session.
Passing a unique id with every request is one of the advised approaches.
And this is what I did :- Instead of
<script language="javascript" src="js/home.js"></script>
I used
<script language="javascript" src="js/home.js?id=${pageContext.session.id}"></script>
Any cons to the above approach are welcome. Security Issues ?
In firefox 45, disk cache options can be set by changing the value of:
browser.cache.disk.enable
The value can be set on the "about:config" page.
On http://kb.mozillazine.org/About:config_entries#Browser I found the following description for "browser.cache.disk.enable":
True (default): Use disk cache, up to capacity specified in browser.cache.disk.capacity
False: Disable disk cache (same effect as setting browser.cache.disk.capacity to 0)
First of All, this can be easily done, for e.g. by PHP to force the browser to renew files based on cache date (expiration time). If you just need it for experimental needs, then try to use ctrl+shift+del to clear all cache at once inside Firefox browser. The third solution is to use many add-ons that exits for Firefox to clear cache based on time lines.

Categories