How to get cookie from browser, dropped from another application - javascript

I have an application URL which generates xyz named cookie for me if the user is logged in, in browser. I want to hit the URL programatically(using Java/JSP) to look if the user is logged in or not.
Now every time when I hit the url from my Java code it doesn't find that cookie (xyz) as it creates new session on every request. This is probably because I am hitting the url from my code. Now how can I come up with this situation so that my application will create cookie in browser and my code will look for that cookie.

The cookie is stored client-side by the browser of the user, so if you call the URL server-side it won't sent the cookie back with the response.

The way you are trying to know that user is logged in or not, can not be achieved through your approach.
Possible workaround for our case is :
Implement the HttpSessionAttributeListener and override the method attributeAdded and attributeRemoved method of it.
When ever session is getting created for logged in user, you would be saving the userName attribute is session most probably. Once the userName attribute is getting saved, attributeAdded method of your listner will get called and you can see the name of user there, once user is logged out, attributeRemoved method will get called by trigger of session invalidate method and your listener will get the notification . You can see the name of user who has logged out.
See below example for detail explanation.
http://www.roseindia.net/servlets/SessionAttributeListenerExample.shtml

Related

Sharing username and password to the next HTML page

I need to share the username and password information to the right next HTML page after succeeding the login. Because the items in the second HTML page will appear according to the user identity and privilege.
I tried sharing the same js file between the 2 HTML pages. The first set the variables and the second get them, but they don't get passed. How do I do it? javascript? jquery? on the server side??
Thanks in advance :)
It can be done in many ways, but as the first language you mentioned is javascript, I will show you in it. So saving data across pages there are variable called session variable and the process of saving/retrieving them is called session management. There are many ways for session management, one most common way is using cookie. You can save the values in cookie, like this:
setCookie("key", "value", expire_time(integer));
And now on next page to get this value you can use:
var val = getCookie("key");
Hope this helps.
Username and password is a sensitive information you have to share it form Server side in these ways:
Use post method to share this information.
Set session on first page For user type and retrieve on very next page.
As your question says second page will appear according to the user identity and privilege. You can set user identity (User Type) and its privileges.

HTTP GET request working on normal session but not in 'incognito' session

Having some trouble understanding why this issue is happening, specifically within the Steam environment.
When I go to this URL and am logged in to Steam, the request goes through fine and I get the return that I'm expecting. However, when I try the request in an incognito session, I get an empty set of results. I've looked through the code that Steam itself uses to send this request (ctrl-f '// Load' and it should bring you to the relevant code). There doesn't seem to be any identifying information being passed in this request, and even in incognito mode Steam will still load up the price history charts for the item just fine. I can't understand why the request will not work in a session in which the user isn't logged in to Steam even though the page itself will still display price history using the same request.
Since this occurs on Valve's servers, this is simply an educated guess as to what is occurring.
When you visit this URL without being logged in, the server is sending back a 400 Bad Request
It appears this is due to the lack of a steamLogin cookie. When you visit the URL without being logged in, these cookies are set
timezoneOffset
Steam_Language
community_game_list_scroll_size
recentlyVisitedAppHubs
sessionid
steamCC_<IP_OF_COMPUTER>
After logging in, when the request is successful, the steamLogin cookie also exists.
It appears you need this cookie to get the information you want.
Can't comment (rep too low) but FYI, the item detail page works because the data for the graph is passed inside the html file in a bracket. You could set up a DOM environment, load the html and scrape it out without needing to login.
As the other poster mentioned, the api call you want to use requires the steamLogin cookie to work.

FB.init keeps adding fbsr_* cookies

I'd like to use Facebook Login/Connect to authenticate users on my website. The system consists of two things: 1) client side use of the FB JS SDK to auth the user and to set a (fbsr_) cookie, 2) retrieve this cookie on the server side and make a request against FB backend to get their email, that I'll use as an ID. (I'll use G+ login etc as well so email looks like a good common denominator.)
I pretty much copied what's here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web/
The problem is, every time I refresh the page, I see that a new fbsr_${my_app_id} cookie is created. After 10 reloads in a row, I end up with 10 cookies that have the same name (and same domain) and different content. In other words, it looks like FB.init() always creates a new cookie and doesn't re-use the previous one (which becomes invalid). My observation is based on what I see in the "Cookies" window of Firefox in this case.
Am I doing something wrong? What can I do so the FB API reuses the previous cookie and doesn't create a myriad of cookies with the same name on my domain?
Thanks!

Show logout notice on login page only once

On a password protected website (ajax-php-jquery login system), a fadeIn/fadeOut alert confirms that the user just logged out. The user is sent back to the login page and I do a document.referrer to check if he comes from a page of the site (if so it means that he just logged out so I can display the message). But of course if the user refreshes the page he will get the notice again.
I was thinking of changing the document.referrer but the property is read-only. Any idea how I could display the message only once if the user did log out?
You could do a conditional with PHP:
if(isset($_SESSION['justLoggedOut'])){
print '<script type="text/javascript"> ..notification code.. </script>';
unset($_SESSION['justLoggedOut']);
}
You just have to set the session from within the authenticated area (or the logout page which redirects to the index page [I'm assuming.])
Using a cookie would be easiest route. Simply add a cookie when they log out, and then delete it after the notification has been shown. This cookie could contain all of the information you want about the log out: e.g. the time the logged out and the URL from which they initiated the log out.
Of course, that is assuming your clients are allowing cookies on your site. A server side alternative would be to use session data. Your notification would then send an AJAX call back to the server to clear the indicator that the notification should be shown.

Check if logged in user liked a page on Facebook API using JS?

Im currently working on a project that require to have fan like a page before he can see several content on the site.
The webpage is not an app in Facebook, it's outside facebook. We will not use PHP or backend code, we will only use FrontEnd
I have finished the user login check to check if user is logged in or not.
I am now stuck with the check if user is a fan of our page. I try to use the function page.IsFan, but somehow it needs to have an UID.
The FQL approach is not possible due to the same reason.
Also another problem is with the appID of our page. I try to google of how to get the appID for page, but the search is mixed up with useless contents.
Is there anyway to either get the UID or check if user liked ourpage without UID?
Thank you very much
You will have to use backend code from your Facebook iFrame fan page because you have to inspect the signed_request variable that is sent in the HTTP POST request to your page, as this variable won't be available via javascript, and subscribing to edge.create in javascript won't work because the page does a full refresh when the user clicks the like button and that event won't fire.
If you are forcing the user to authenticate with your app (which is not nessary if you inspected signed_request variable, you can use a FQL query or graph api request and instead of specifiying their user id, just use "me". something like: select field from table where uid = me()
Unless you provide a UID you won't be able to know whether the user has liked the page previously. However, you can use FB.Event.subscribe to find out when the user does like the item, by subscribing to the edge.create event:
FB.Event.subscribe('edge.create', function(response) {
alert("liked the item");
});
example: http://jsfiddle.net/niklasvh/rmrE4/

Categories