According to connects documentation the session should expire when the browser is closed:
By default cookie.maxAge is null, meaning no "expires" parameter is set
so the cookie becomes a browser-session cookie. When the user closes the
browser the cookie (and session) will be removed.
I am using express 3 with connect-mysql for session store (Tried with connect-mongo too and its the same), and this is how i set the session data.
req.session.userid = results[0].id;
req.session.ip = req.connection.remoteAddress;
req.session.useragent = req.headers['user-agent'];
req.session.is_logged_in = true;
This all works fine except in google chrome browser for some reason (This is in OS X Lion.I have no possibility to test under win or linux right now).
Anyone had this problem in google chrome and know a way to fix it?
This is a fairly wild guess, but I wouldn't be too surprised if it's this. Google chrome will keep running in the background if you have any extensions that make use of this installed. If that's the case after a log off-log in the session should be reset.
If that isn't it, could you please open the developer tools (cmd+alt+i) and copy all the information about the cookie from there (resources->cookies->yourdomain.com). (Especially what's written in the Expires column, because it should say Session)
Related
In my Google Application Script Web application I need to get the URL so I can reload the page. I need to distinguish whether the end user is using DEV or EXEC environments.
Server side approach
With my current settings
using gmail.com account
Enable Chrome V8 runtime is checked
is the ScriptApp.getService().getUrl() ALWAYS returning EXEC url, never the url of DEV.
I read about Tanaike's workaround but he said that when V8 runtime is disabled, it returns the exec URL. It works the opposite for me and more importantly I have not idea how to use his suggestion "Method: projects.deployments.list". I am using just script.google.com with my gmail account.
Browser side approach
If I want to get the URL on the browser side using console.log(top.location.pathname) I get issue with the cross-origin.
Uncaught DOMException: Permission denied to access property "pathname" on cross-origin object
although I am able to see the URL from browser console
So my question is whether there is a way or workaround how I can get URL of my GAS web?
This issue has been reported in Google's Issue Tracker here: https://issuetracker.google.com/193820645
Click the "star" next to the issue number to indicate you are affected by ti too.
The Workaround Is To Use the Deployment ID
As pointed out, the exec and dev endpoints seem to be buggy. However, if you look into the actual urls, they all contain deployment IDs. The deployment ID for your exec files changes with every version, however your dev one never does (as returned by ScriptApp.getService().getUrl()). So once you have the dev deployment ID down, you can check with the following approach (replace the hard-coded urls with ScriptApp.getService().getUrl() of course.
const devDeploymentId = 'AKfycbyF8LrL28jrFWjpTaC8Po7yD-0jV6YpUVG0XJPYCxuCWVRy-9qE';
const re = /(?<=\/)[^\/]+(?=\/(exec|dev)$)/i;
// In Google Apps Script you would have of course const url1 = ScriptApp.getService().getUrl();
const url1 = 'https://script.google.com/macros/s/AKfycbwmBEIYinZ9zCsD_-oFKKn72CQ5IRVR5j3hXRu8xSIE2Vzswje4oRgUskNYzvcGJtGlFg/exec';
const url2 = 'https://script.google.com/macros/s/AKfycbyF8LrL28jrFWjpTaC8Po7yD-0jV6YpUVG0XJPYCxuCWVRy-9qE/exec';
const deployementId1 = url1.match(re)[0];
const deployementId2 = url2.match(re)[0];
console.log(deployementId1, 'is dev:', deployementId1 === devDeploymentId);
console.log(deployementId2, 'is dev:', deployementId2 === devDeploymentId);
console.log(deployementId1.length);
console.log(deployementId2.length);
You will also notice that the dev deploment ID is shorter (56 characters) than the exec one (74 characters), so you may use that as reference. This way when you extract the deployment ids, just check which length it is and you have your answer.
Let's say I am logged in (with login/password) on a website/service https://example.com in a browser. If I open Developer tools, I can run document.cookie in the console and copy the string containing all the cookies associated with the current website.
Then I open a new incognito window, I go to https://example.com. Of course, I'm not logged in. I can remove the current cookies with the method described in Clearing all cookies with JavaScript in the Developer tools console, and then restore the cookies copied before:
document.cookie = "<the string that I copied before>"
Then after a page reload (F5), I expected to be logged-in again, but it did not work. The cookies set with document.cookie = "<the string that I copied before>" are not kept. (For example, in the case of Reddit, it did not work.)
What's wrong with this JS approach to set cookies in the "Developer tools" from a previous session from another browser? Shouldn't it work?
Normally, the session id is set to server only, you can not get session id in JS/console.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Restrict_access_to_cookies
This drives me crazy. Every browser and device has it's own way to clear the cache and reload the .js and .css files. For example, the only way I can get do this in Chrome is to go to go to my login page, do an F12 to load the debugger and proceed. This seems to be the only way to do it windows.
On the old safari in windows you could do it from the menu, as you seem to be able to do in Safari on the IMac desktop.
But how do you do in on the IPhone or IPad??????
I am using the IMac to debug the phone, but no matter how I do it, the .js file stays the same. When I look on the website at the page, the changes are there.
I have tried crashing the phone, double tapping the refresh button, putting it in private mode and back. Nothing works. What was interesting was that I tried it in private move and in the Develop menu I could see two versions of the .js file - one with the changes and one without. When I went back to the non-private mode, the old .js files (no changes) were there.
I also tried to delete the website data for my site and that didn't work.
Anyone know how to do it??????
Thanks,
Tom
Append a query string when including your JS or CSS and change it when you update the code. It will invalidate the cached local versions of this file.
<script src="test.js?1234567"></script>
It's common to use a timestamp.
2 answers:
First Answer: Hit the tabs icon, then select Private and paste&go the URL if you only need to force refresh the one time. The Private session will never have a cached version of anything unless it is cached at an intervening proxy. Of course it will cache subsequent requests for the same file. You can close the Private session and create a new one, which is roughly on par with the annoyance level of switching to/from the Settings app.
Second Answer: If you are a developer and you're using Apache, you can set up an .htaccess file like so:
<filesMatch "\.(html|htm|js|css)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 21 Oct 2015 07:28:00 GMT"
</ifModule>
</filesMatch>
I've found this solution works for iOS Safari and other browsers ...
It performs a window.location.reload(true) to force the page to reload avoiding use of caching whenever it detects that the cached web app or web page does not match the server's version.
You really want this mechanism in place before you publish the first version of your site as otherwise once it's out there you can no longer rely on ever upgrading your iOS users. This is a nightmare if you rely on client app and server versions being in sync. Sigh ... Sadly it seems Safari and iOS Safari in particular is eager to take the throne once held by Internet Explorer.
During deployment
Increment and save a build number.
I use a version.json file that looks like {"major":1,"minor":0,"patch":0,"build":12}
Copy version.json to both client and server apps.
On server:
Write a server API in PHP/Node/Ruby/C# that returns the server's version.json
Use web server rules and response headers to prevent API results being cached.
In client app or web page:
To diagnose issues, display the client version + client and server build numbers.
Call on page load ...
function onload() {
var clientVersion = require("./version.json");
// Might replace axios with new fetch() API or older XMLHttpRequest
axios.get("/api/version").then(function(res) {
var serverVersion = res.data;
var lastReload = parseInt(localStorage.getItem("lastReload") || "0");
var now = new Date().getTime();
if (
serverVersion.build !== clientVersion.build &&
now - lastReload > 60 * 1000 // Prevent infinite reloading.
) {
localStorage.setItem("lastReload", now);
window.location.reload(true); // force page reload
}
});
}
You might prefer to test serverVersion.build > clientVersion.build rather than serverVersion.build !== clientVersion.build. The benefit of testing !== is that it allows you not only upgrade the version but also roll back a version and ensure clients get rolled back as well.
In the event that the client and server build numbers are mismatched I prevent the client from infinitely reloading by only performing a single reload within 60 secs.
Note that this method is only concerned with matching build numbers (= deployment number) you might prefer something more sophisticated.
Here's a simple node app to increment a build number.
const APP_DATA = "../app/src/assets"; // client folder
const FUNC_DATA = "../functions/data"; // server folder
var log = require("debug")("build:incr");
var fs = require("fs");
function readJson(path) {
log(`Reading: ${path}`);
const text = fs.readFileSync(path);
return JSON.parse(text);
}
function writeJson(path, json) {
log(`Writing: ${path}`);
fs.writeFileSync(path, JSON.stringify(json));
}
let version = readJson("./version.json");
version.build++;
log("Version = ", version);
writeJson("./version.json", version);
writeJson(`${APP_DATA}/version.json`, version);
writeJson(`${FUNC_DATA}/version.json`, version);
In iOS 10, you can clear the cache by going to Settings > Safari and clicking the "Clear History and Website Data".
For me, this is a bit overkill as I don't want to delete everything for every site. So, what I do is browse directly to the js or css file and reload it if it is the older, cached version.
I don't think there is a "easy" way to do this. I've tried all of the above including modifying css and js query strings. The closest thing that works is in Rockadile's comment.
Open Setting--Safari--Website Data
Then clear the site you are trying to refresh
Tip: If you are debugging a page use the IP Address then it will show up at the top of this list. Keep both safari and the Website data open so you can toggle between the two.
This isn't as simple as ctl-F5 but is certainly less intrusive than clearing the entire browser's cache.
Goto Safari -> Preferences -> click the Advanced tab at the bottom of the Advanced tab click the checkbox that says "Show Develop menu in bar" and close Preferences. Then you can open the Develop menu in the program bar that has Safari, File, Edit, View, etc... in it, and click Empty Caches.
I need to delete gmail cookies set in my chrome browser, using chrome extension , but it can delete all cookies other then Gmail cookies, then I noticed that Gmail cookies are httponly, Is there a way to remove them using javascript chrome extension..
Thanks :)
Chrome extensions can use chrome.cookies API, that has access to all cookies in the cookie store, including httpOnly.
The documentation for the API is here.
Note that this API requires declaring a permission and will not work from content scripts.
This one works absolutely fine for deleting every cookie, even if it is httponly
chrome.cookies.getAll({'domain':'accounts.google.com'},function(cookie){
for(i=0;i<cookie.length;i++){
var prefix = "https://";
var url = prefix + cookie[i].domain + cookie[i].path;
chrome.cookies.remove({'url':url , 'name':cookie[i].name},function(cookie){ });
}
});
The point of HTTPOnly cookies is not let javascript to access them.
So basically you can not read them.
If you want to delete them you can do it from the options that offers browser
I'am working an a Grails app and create different cookies.
Some appears in the chrome console Resources TAB and some are not showing.
I need to get the value of these Cookies using Angularjs and can access only the one that are showing on console Resources TAB.
The other cookies are visible in the Chrome Content settings button.
In the Cookies section, but not in the Chrome console Resources TAB.
All cookies are created the same way:
Cookie cookie = new Cookie("username", username)
cookie.maxAge = 1209600 //14 days
cookie.httpOnly = true
response.addCookie(cookie)
Thanks for your help.
Ok the problem was the path. To be visible in all the page the path must be "/"
cookie.setPath("/")