All geek questions in one place

Persistent cookies in managing WPF WebBrowser?

I use WPF WebBrowser to display online help inside the application (just a few small web pages). Some of these pages use cookies to display elements only the first few times when they are viewed (this is the type β€œWhy not try X”).

However, for some reason, the cookie does not seem to work inside the WebBrowser control. They work fine in IE, as well as Firefox and Chrome (so the elements are hidden correctly), but they never hide when viewed through the WPF WebBrowser control.

Is there anything special about using cookies in a WPF WebBrowser control? It seems to behave as if all cookies are stored only in memory, and not stored on disk.

Here is one of these pages inside the browser (where cookies work):

Help pane inside a browser

And here is exactly the same page inside the application:

Help pane inside the application

This additional content should only be displayed for the first few times using software (i.e. it should be hidden after N hits of this web page), but because I cannot receive cookies for work, it always displayed.

+2
source share
2 answers

The handling of cookies in Internet Explorer (or hosted versions) is tied to IE's own concept of "URL Security Zones", doc here: About URL Security Zones

In this way, IE defines a URL zone using various algorithms applied to the URL. Depending on the zone, your hosted browser may or may not support session or persistent cookies.

It's strange when I create a small WPF sample, add a web browser to it and go to this constant cookie test using the page: http://www.rbaworld.com/Security/Computers/Cookies/givecook.shtml , it works great. Every time I run the sample application, the counter increments in order, so not everyone can reproduce your problem. It’s good that the whole purpose of URL security zones is: it can vary depending on the machine, user, Windows policy, etc.

The next question is: can I change the zone in which you work? The short and simple answer is no, because it is strongly tied to security.

If you host IE yourself, you can implement your own security zone descriptor, as described here: Deploying a custom security manager and sample here: SAMPLE: Secumgr.exe overrides Security Manager for WebBrowser Host , but you rely on a WPF web browser that doesn't allows you to override ... You can go to Reflector and copy all the closed / internal WPF code, but this is a risky work log!

The last thing you can try is to manipulate the standard Internet Security Manager. Here is a sample code that gives some hints. At the very least, you should be able to determine the zone in which you work (MapUrltoZone) and change the cookie (TryAllowCookie). The problem with the standard manager in most cases, it opens a dialog for the end user allowing authorization ... (security again!):

[ComImport, Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")] private class InternetSecurityManager { } [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")] private interface IInternetSecurityManager { void Unused1(); void Unused2(); [PreserveSig] int MapUrlToZone([In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, out int pdwZone, [In] int dwFlags); void Unused3(); [PreserveSig] int ProcessUrlAction(string pwszUrl, int dwAction, ref int pPolicy, int cbPolicy, ref Guid pContext, int cbContext, int dwFlags, int dwReserved); // left undefined } public static SecurityZone MapUrlToZone(Uri uri) { IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager(); int zoneId; if (securityManager.MapUrlToZone(uri.ToString(), out zoneId, 0) < 0) return SecurityZone.NoZone; return (SecurityZone)zoneId; } private const int URLACTION_COOKIES = 0x00001A02; private const int URLACTION_COOKIES_ENABLED = 0x00001A10; private const int URLPOLICY_ALLOW = 0x00; private const int URLPOLICY_DISALLOW = 0x03; private const int PUAF_DEFAULT = 0x00000000; public static bool TryAllowCookies(Uri uri) { IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager(); int policy = 0; Guid context = Guid.Empty; int hr = securityManager.ProcessUrlAction(uri.ToString(), URLACTION_COOKIES_ENABLED, ref policy, Marshal.SizeOf(policy), ref context, Marshal.SizeOf(context), PUAF_DEFAULT, 0); return (hr == 0) && policy == URLPOLICY_ALLOW; }

Good luck :)

+6
source

The WebBrowser control will not allow this by default. For security reasons, you probably won’t want different applications from different developers / companies to access cookie information created by another application.

However, see this answer. How to delete cookies from windows.form?

This applies to deleting cookies through javascript, but you can use a similar method to save and create a cookie for the site every time the application loads.

0
source

Source: https://habr.com/ru/post/1385864/

More articles:


All Articles