All geek questions in one place

Setting cookies in javascript basement

Help is needed to enable cookies for cross-subdomains. Failed to set cookie to fix value in javascript. I'm not sure if Javascript cannot set a cookie or MVC.NET rejects the request cookie.

Browsers do not work

  • Chrome 43 (Windows)
  • Firefox 38 (Windows)
  • iOS 8 Safari

When setting my web.config to use <httpCookies domain=".adomain.com" /> everything starts to go horribly wrong.

I have javascript code combined with pickadate.js datepicker that changes the cookie value to a date selected by the user.

Javascript function

 // Call pickadate API to retrieve selected date var dateString = this.get('select', 'dd/mm/yyyy'); var cd = new Date(); var exp = cd.setMinutes(cd.getMinutes() + 10) setCookie("_date", dateString, new Date(exp), "/", ".adomain.com"); window.location.reload(); function setCookie(name, value, expires, path, theDomain, secure) { value = escape(value); var theCookie = name + "=" + value + ((expires) ? "; expires=" + expires.toGMTString() : "") + ((path) ? "; path=" + path : "") + ((theDomain) ? "; domain=" + theDomain : "") + ((secure) ? "; secure" : ""); document.cookie = theCookie; }

What does .NET do when it receives a request ? After changing the date picker, it will update to the page by sending a new request with a date in the cookie. This gets the MVC.NET controller. However, the cookie does not change on the client side.

  if(this.ControllerContext.HttpContext.Request.Cookies.AllKeys.Contains("_date")) { cookie.Value = this.ControllerContext.HttpContext.Request.Cookies[sessionDate].Value; // Do some logic with date to retrieve products } else { // Set cookie.value to today date } cookie.HttpOnly = false; cookie.Path = "/"; cookie.Secure = true; this.ControllerContext.HttpContext.Response.Cookies.Set(cookie);

The HTTP request contains the following duplicate for _date:

 _date=30/07/2015; _date=31/07/2015;

but the date should be equal 07/31/2015, but I have duplicates. Domains differ on the chrome resouce tab.

_DATE = 07/30/2015; domain = .adomain.com <I need it to be the property of _DATE = 07/30/2015; domain = sub.adomain.com

+6
source share
2 answers

As long as I'm not a .NET expert, you can explicitly specify the domain for the cookie in the Set-Cookie header. According to RFC 6265 , if you specify the domain in the title as example.com , then the cookie will also be available for www.example.com and subdomain.example.com . Subdomains are not considered external domains and, therefore, are not a security breach.

Perhaps adding something like this before sending a cookie to your controller should work

cookie.Domain = "adomain.com";

+5
source

This is not possible for security reasons. details here

You can try using iFrame to set cookies as Facebook does .

+2
source

Source: https://habr.com/ru/post/990059/

More articles:


All Articles