When using the expires flag, the date must be exactly in the format you are currently using, as well as in the GMT (Greenwich Mean Time) timezone. The reason that your cookie does not get expired 2 minutes after it has been created is because you are using datetime.now(), which returns the current local date … Read more
I had the same problem and I used similar approach as in the question with no luck. The thing that made it work for me was to add the domain for each copied cookie. (BasicClientCookie cookie.setDomain(String)) My util function: public static BasicCookieStore getCookieStore(String cookies, String domain) { String[] cookieValues = cookies.split(“;”); BasicCookieStore cs = new … Read more
ASP.NET session cookies are HTTP only, regardless of the httpOnlyCookies setting linked to in your question, because this is burned into ASP.NET. You can’t override this. If you dig into the System.Web.SessionState.SessionIDManager class in the System.Web assembly the code for creating the ASP.NET session cookie looks like: private static HttpCookie CreateSessionCookie(string id) { HttpCookie cookie … Read more
Here are few suggestions: Make sure that you are specifying the correct expiration format of date When setting a cookie on a page that redirects, the cookie must be set after the call to header(‘Location: ….’); eg: header(‘Location: http://www.example.com/’); setcookie(‘asite’, $site, time()+60*60, “https://stackoverflow.com/”, ‘site.com’); If you have human urls like www.domain.com/path1/path2/, then you must set … Read more
The Cookie header is one of several which cannot be modified in an XMLHttpRequest. From the specification: Terminate [execution of the setRequestHeader method] if header is a case-insensitive match for one of the following headers: Accept-Charset Accept-Encoding Connection Content-Length Cookie Cookie2 Content-Transfer-Encoding Date Expect Host Keep-Alive Referer TE Trailer Transfer-Encoding Upgrade User-Agent Via … or … Read more
Which directory are you in when the cookie gets set? From the PHP manual on setcookie(), emphasis mine: Path The path on the server in which the cookie will be available on. If set to “https://stackoverflow.com/”, the cookie will be available within the entire domain . If set to ‘/foo/’, the cookie will only be … Read more
You’re on the right track! I’ve been working on this for a few days and finally figured it out. (Many thanks to the OP for the helpful links to the Chromium source.) I’ve put up a post with a little more detail and a working script, but here is the basic idea: #! /usr/bin/env python3 … Read more
Create a ISessionIDManager, since you only want to change the cookie domain we will let the default one do all the work. This is configured in web.config on the sessionState element under <system.web>. <sessionState sessionIDManagerType=”MySessionIDManager” /> And the implementation. public class MySessionIDManager: SessionIDManager, ISessionIDManager { void ISessionIDManager.SaveSessionID( HttpContext context, string id, out bool redirected, out … Read more
You should NEVER EVER store a users password in a cookie, not even if it’s hashed!! Take a look at this blog post: Improved Persistent Login Cookie Best Practice (Nov 2006; by bjaspan) (orignal) Quote: When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard … Read more
You could inject a script element into HEAD of the document with a callback that passes the cookie you need to whatever function needs it. Something like: <script type=”text/javascript”> var newfile=document.createElement(‘script’); newfile.setAttribute(“type”,”text/javascript”); newfile.setAttribute(“src”, ‘http://first.com/doAjax?getCookie&callback=passCookie’); document.getElementsByTagName(“head”)[0].appendChild(newfile); </script> And the page first.com/doAjax?getCookie could do this: passCookie({‘name’:’mycookie’, ‘value’:’myvalue’});