I am setting a session cookie in one page using
setCookie("cookietime","1000");
And resetting it to "" on going back to previous page
setCookie("cookietime","");
When I go back I am showing an alert after seeting the cookie to "". it is showing "" in alert.
But in the next page it still shows "1000".
Is the cookie page specific
Cookies are stored client side and are computer+browser specific not page specific! I guess you are using document.cookie which should persist through the session - they persist even when the page is refreshed. Using window.name will only persist through the same browser window but will clear on page refresh. HTML5 localStorage may be a suitable alternative.
Relates question: Persist javascript variables across pages?
Session cookies are temporary cookie files that will be removed when you close your browser.
Persistent cookies remain on your browser until it expires or until you erase them.
Neither are page specific.
Note that session cookies in Firefox will be restored after a browser restart when you use the session restore feature, which can cause some inconsistencies.
Related
I have a page which alters the dom based on user interaction. However, the user might click on a link, which will navigate to an external site. If the user clicks the back button, my page is shown again, but the dom changes do not persist.
What is the best way to keep track of the user interactions so I can rebuild the page on their return?
To maintain state and rebuild the page, I need to keep track of 7-10 variables.
Some ideas I had:
server-side session - would require a callback to the server every time a variable changes value?
client-side cookies - what if the user disables cookies?
hidden form fields - most (all?) browsers locally cache form data, so hitting the back button should retain?
In most cases I'd say the best way to do this, is to represent the page state in the URL.
Here's why:
Because a URL is such a simple concept, this method works regardless of what browser or what privacy settings (e.g. allow cookies and local storage) are used.
If User A would send the URL to User B who would like to see the page in the same state, this would still work. This wouldn't be the case for any of your considered methods.
If the variables you want to keep track of are related to a specific user (or session), it would be wiser to track these in some sort of session. This could be both server- or client-side.
Local or session storage (HTML5 Local storage vs. Session storage) are possible solutions, but have some limitations.
Doesn't work in every browser or browser settings (HTML5 local storage isn't supported in older browsers and I know for instance that running Safari in private mode doesn't allow local storage)
If you would send the link to another user he wouldn't see the page in the same state because he hasn't visited the page before, and his local or session storage hasn't been filled with the correct values.
Try the Session variable:
sessionStorage.setItem('key', { "data": "mad data here" });
then to recall it:
var data = sessionStorage.getItem('key');
You could use jQuery as such upon loading the page:
document.load(function() {
var data = sessionStorage.getItem('key');
if (data) {
data.doStuff();
}
}
So we have a web application that is accessed through a link from an email. When the user clicks on the link, we call a web service to pull the necessary data to the client. This data is then stored in the client's localstorage for the span of the user's session and cleared after.
The problem here is that if a user clicks on the link twice and logs out of one of the sessions, the local storage is cleared for both of the sessions.
So I've been thinking about solving this issue and here are my possible solutions:
Reusing the same tab for the external links of the same domain. But its not possible as of now.
Append the session Id to the keys of the localstorage and clear only them at logout. But in this case if someone does not logout properly, the local storage items will still persist and we don't want that.
So I'd like to know if there is any way to keep the local storage session specific or else if I should be skipping localstorage entirely. Thanks!
Use sessionStorage instead of localStorage. sessionStorage is specific to tab and those will be cleared on that tab. But sessionStorage is specific to one session that is from the point window opened to the close of that window.
I'm trying to remove the user's authentication cookie by using $cookieStore.remove('.ASPXAUTH'), but if I refresh the page afterwards, the cookie still exists and the page is still available instead of the user being redirected to the login page as I would expect.
Why is the user still able to view the page after I delete the authentication cookie and refresh the page?
I'm afraid that there isn't much you can do to a http-only cookie with javascript. The backend has to remove it if it's http-only. you can trigger a logout by using ajax.
$http.get("/logout");
The other option is to use non http cookie so you can modify it with javascript. But that would make it vulnerable and unsafe for risk of an XSS flaw grabbing your cookie and allowing your session to be hijacked.
PS: try HEAD request method if you don't want to load the page that follows (might work like an "do-and-forget-about-it")
$http.head("/logout");
I need to display a popup to the user once per session. My thought was to create a session cookie by creating a cookie with no expiration date to track if the popup has already been displayed. These cookies should be removed when the browser is closed. I have since learned that Chrome has a "feature" where session cookies are not removed (Chrome doesn't delete session cookies).
I am not asking why the cookies aren't deleted in chrome. I am asking if there is a way to force chrome to remove the cookies or some other solution to only display a popup once per session.
You can maybe use sessionStorage to store your flag? http://www.w3schools.com/html/html5_webstorage.asp
Or is this information required to be sent to the server on every request?
I'm looking to persist all cookies in localStorage. When the page is loaded the cookies should be inflated from the data in localStorage. Whenever they change, or possibly just on page close, localStorage should be updated with the cookie data.
I'm in an environment where cookies do not persist between restarts and you're expected to use localStorage. The problem is that the server framework I'm using sets all the cookies independently of my code.
Thanks for any help navigating this -- I don't know my way around cookie behavior that well.
The localStorage API operates on a simple set/get/clear set of methods that allow you to interact with a key-value store. To store all the cookies for the current page under the key "cookies" you could write:
localStorage.setItem("cookies", document.cookie);
and later recover them by:
document.cookie = localStorage.getItem("cookies");