I am creating a cookie with a value(like an Id) and adding it to the browser's response context.
So when the www.abc.com is called from my applciation through click, it auto logs into abc.com web site.
When I log out of abc.com without closing the window(www.abc.com) and try to click the link from my application again, it is creating a new cookie with a new value but it is not auto login to www.abc.com
But when I logout from www.abc.com and close the window(www.abc.com) and reclick from my application, it let me autologin.
Any ideas?
Telepathic powers: you are deleting cookie from wrong domain (setting cookie on abc.com, but deleting only from www.abc.com).
Make sure that domain for both set and expire cookie calls is the same (either both calls made to/from page on abc.com domain OR domain is set correctly).
#Alexis: Thanks for pointing it out. But I did find the answer. The session was already open from the previous web site. As that wasn't closed, the new web site which got open when I clicked the link again couldn't establish a brand new session. SO the browser couldn't read the session cookie.That is why you always has to close the first one.
But thanks for helping me alexis. But I will remember to add more data in my question from next time onwards.
Related
I want to set 'Response.Cookies[ASP.NET_SessionId].Secure = true'. I was trying to do it in master page so that on every page load 'ASP.NET_SessionId' will be marked as secure. However, when i write this code, my HttpContext.Current.Session is all erased.
Can someone help how this works and what can be the solution
How Session cookie gets created ?
ASP.NET fires the session_start event on very first request and creates an "ASP.NET_SessionId" cookie on client browser.
Session getting erased ?
Can you check if your browser is sending the same session cookie value as originally created on first request? Ideally, asp.net identifies and track user's session based on the cookie value.
Share relevant code if that permits you.
Thanks
I need to get automatically login to website from my windows application. I am doing it with HttpWebRequest but what i want is to
Click on the button in my application.
Open the Index page (page after getting login)
Reason : I don't want to enter user name and pasword, i just want to click button and any browser(default browser) open with index page (page after login)
Normal Example :
I open a link " http://mail.yahoo.com " it shows me a page asking my email address and
password.
I enter the email id and password and press Login.
It redirects me to my Mail box page.
What to Do ?
click on the button
Automatically send my email id or user name and password to the website
Open my Mail box page.
Hint :
get cookie from HttpWebRequest.
set it to the browser.
Open browser and pass the credentials to login automatcially
can anyone help me?
I also need to solve the same issue, and the problem is hint point 2 in your list.
ie. how to set a cookie in a browser, without limiting yourself to using a specific broswer.
The conclusion I am coming to, is that I need to use a standard 'Single Sign-On' logic, where we update the web-server to use short term tokens such as mentioned here...
http://msdn.microsoft.com/en-us/library/ms972971.aspx
In this case the steps would be something like:
1. In app - Logon with HttpWebRequest.
2. Get short-term token (the link suggests validity lifetime of just 2 seconds)
3. Open browser with url
http://MyWebsite>/SignNn?token=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
4. Next I need to confirm if the SignOn process can return cookies correctly.
I dont think you can solve this in a generic way.
What usually happens in such scenarios is that the form within the web page is submited to web server, the web server reads the user name / password values from the form and authenticates the user against the underlying user managment repository.
You can write such a solution for specific sites, by analzying with a sniffer the posted form in the authentication pages, and then creating such an http message yourself and sending it to the relevant site.
I am currently using a WSS 3.0 Web Part (C#) for creating a cookie.
I have a link button in my Sharepoint site which has an event that calls an encryption method and then stores the encrypted value in the Cookie. After creating the cookie, I am redirecting the user to a new URL which opens in a new window.
The cookie creation is successful. I was able to store my desired value and the domain that it gets is the one of where the link button is located.
What I want to do is to open the cookie in the newly opened window but when I try to use HttpContext.Current.Request.Cookies["cookieName"] I always get a null.
Can anyone help me with this issue ? I've been working on this for a couple of days now. I believe that there is an issue here regarding domains but I can't figure out the right solution.
I would start troubleshooting this by using browser developer tools (e.g. F12 in IE) to ensure that the cookies are actually being saved on the client - yes? Then :-
Is the new window opening with a URL that has a domain the same as the orig URL?
e.g.
#1 http://site.yourdomain.com/page1
#2 http://site.yourdomain.com/page2
If not then site1 can't read site2's cookies.
You also need to do some extra stuff to share across sub-domains.
MSDN - ASP.NET Cookies Overview
Using ASP.NET MVC, sessions are stored in SQL database (never had a problem with them, and didn't use web farm). Using also Twitterizer2 library. Using Firefox.
First request, no browser instances is opened. Browser instance is started.
We have simple form "Publish on twitter" and submit button Share.
When Share is clicked we store message in Session and redirect to Twitter's OAuth authentication (on POST submit).
We authenticate OK and return to our Action and before posting to Twitter we check if message is stored in Session (and it isn't! - it is lost immediately after Twitter redirection)
When we try another messsage Share it is now working (Session).
We solved it using a Cookie but we don't have a clue while we lost Session (first time) after returning from Twitter.
Any deas?
I'd like to ask how did you maintained the session without cookie the first time?
I think the problem can be of the cookie set process. I also experienced similar problem before a couple of weeks.
The problem was that when I make request for REQUEST token, this request is internal HTTP request (not via user browser). As a response to this request I get REQUEST token and then set it in the user session.
$token = getRequestToken();
$_SESSION['token'] = $token;
However, if the user just came to my site for first time without a session, he does not have a session cookie to sent me. Internally at the web site I have created a session for him, and stored the token inside it, but then instead of sending him response with cookie headers included, so that he "accepts" my session, I make redirect to the provider authorize endpoint. This way, the user does not get the session cookie, and when he is returned back, he is like a new user for my site.
This is the flow of the process that happened to me:
create user session in the database
setcookie(usersession) // add headers to the eventual response
get request token
set the token in the session
redirect the user (user does not receive the session cookie)
user goes to authorization point
user returns, but he is a new user for me
I'd be interested to know if you had similar problem :)
Best regards
check the request and callback domain are the same
i.e. you are making request for oauth from localhost and callback to 127.0.0.1
Does the same session continue or is a new session created for the same "USER" when a user logs in from computer 'A' using Firefox.
By my understanding, a 'session is created for that user by the server'.
Now, without closing the browser tab, a user opens a new tab and goes to the same page [that would require the user to log in first].
What will happen?
Will the server continue the same session, making the code recognize the user?
Will the server start a new session for this request and destroy the old session?
Consider the same question, but now the user logs in from another browser. What will happen?
Sessions are based on cookies in which a Session ID is stored. So, it is purely a matter of how the browser stores it's cookies.
Generally, the browsers share cookies between tabs, so with new tab, the Session ID is preserved and new session will not be created.
Two different browsers, however, don't share the cookies, so in another browser, new session is created.
There are also cookieless sessions. In that case, the session ID is stored in URL (such as http://www.server.com?sessionId=12345). So obviously in this case if you open a new tab and type the address without sessionId, a new one is created too.
This really all depend on the site programming. But generally you can see tabs sharing session but different browsers not.
The sessions are not shared between browsers and are only shared between tabs (or windows) if the new tab/window is spawned from the current page (unless cookieless session handled via the querystring). When you click a link and say open in a new tab or window or choose to duplicate the current tab/window, both tabs/windows will share the same session. This is browser dependant though and each brower could implement it differently.
It's very easy to test. Create a simple aspx page with a Label and a link back to the current page. In the PageLoad do the following:
if (Session["Test"] != null)
{
Session["Test"] = (int)(Session["Test"]) + 1;
}
else
{
Session["Test"] = 1;
}
yourLabel.Text = Session["Test"].ToString();
Then open the page using different methods. Use an href with target=_blank. The href will make a new tab/window and share the session but loading the page any other way shouldn't.
The user session is usually kept in a cookie which is created by the web server, but is actually stored on the client. If the two Firefox tabs share the cookies, the session will be shared between them. However, if the two tabs don't share the cookies, there will be a server session created for each of them.
Sessions generally do not persist across browsers. If the user opens a new tab and goes back to the log in page and logs in again or if he gets automatically logged in all depends on how the back-end code is written.
If it's a new tab then the same session will be used (because the browser will provide the same session cookie). If it's a different browser, the cookie will not be present and a new session will be started (the session in the other browser will persist assuming your using a standard session mechanism).