I have a C#/.NET website on my local machine that I use to test.
Everytime I run the website in Internet Explorer 7, I have to empty the browser history or it will stay logged on as the previous person.
How do I make it so it lets me log in without having to empty the history every single time I want to test?
Your login information is stored in the session and that sets a cookie in IE7. So you don't have to clear the whole history - just a session cookie for the site.
Alternatively you could implement 'logout' functionality in your app.
Since the issue exists only in your development environment, a workaround would be to use a browser that implements a 'private' mode such as Google Chrome's incognito mode or Microsoft Internet Explorer 8's InPrivate mode
These browsers, when operating in these 'private' modes do not keep the cookies and temporary internet files after you close the window which should solve your issue.
However, it should be kept in mind that these browsers might not be fully compatible with the website you are developing.
Moreover, you should provide more information regarding the implementation of your website's authentication and your website in general if a more permanent solution is to be reached.
Related
I have an app that tests web page layouts in different browsers without requiring the user to download a new browser to their local. Every time when a user opens a new browser to test a page, I want this browser to open in a sandbox to limit the browser's actions in case of coming across any malware or dangerous sites.
How can I do that?
Note: The app is in C#.
You may also want to determine if this will be an acceptable workflow since each launched sandbox will only have the default browser by default. Additional browsers may have to be manually installed, even scripted, but will take time and slow down testing.
Configuring your sandbox:
You may be able to devise a workaround based on creating a .wsb file and populating it with a startup script. Your app can create this file programmatically with parameters and launch it.
https://www.windowscentral.com/how-configure-windows-sandbox-windows-10
Based on that you would probably have something like the following:
<Configuration>
<VGpu>Default</VGpu>
<Networking>Default</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:\FolderThatContainsBrowserInstaller\</HostFolder>
<ReadOnly>false</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>Powershell.exe -ExecutionPolicy Unrestricted C:\users\WDAGUtilityAccount\Desktop\FolderThatContainsBrowserInstaller\ScriptThatInstallsBrowserAndLaunchesURL.ps1</Command>
</LogonCommand>
</Configuration>
Additional info may be found here: Starting the Windows Sandbox from managed code
You will have to decide what the ScriptThatInstallsBrowserAndLaunchesURL.ps1 actually does, but installing browser to test, then launching it with URL sounds like a fairly simple task.
I have a single solution with multiple C# ASP.NET Web Forms projects. I want a way to identify a given browser so that each website can identifier that same browser. I need to do this from the C# Code-Behind code (not with the client code, like JavaScript). I also cannot use the Session because it isn't shared across websites. I don't think cookies are either.
For example, if a user logs onto Website1 and then logs onto Website2 with the same browser on the same computer, I want to be able to identify that. But if a user logs onto Website1 with Chrome and then Website1 with FireFox (regardless of whether it's on the same computer or not), I want to detect that as well.
If it makes any difference, I am using Azure to publish my web projects. So all websites will have similar domains (eg website1.azurewebsites.net and website2.azurewebsites.net).
If you want to track someone using the same browser on the same computer then use a cookie. If the websites have different domains you'll need to be clever because modern browsers have a lot of protection against what they see as tracking cookies. One option is using a hidden interstitial page as described here.
Your second scenario, a user accessing same site with different browsers, I suggest storing the user agent string (one of the request headers) and adding this to a login audit so you can build up a collection of different user agents used by a given user. There are libraries available for parsing user agent strings and extracting name, version, engine etc.
Between these two techniques and a bit of business logic you should get what you need. If you would like me to clarify any of this, let me know and I'll provide more detail.
Is anybody knows how to share cookies between 2 windows users?
I have a Windows 10, where have 2 users: one is admin and second is operator.
Admin is logged in into the system and then goes to the web site, where setup some config. In this config we have some specific value which should be store locally in machine and operator shouldn't know nothing about it. So he is set some kookie { someKey: someValue } and then log out from Windows.
After this operator log in into Windows and open the same website and he should have access to this cookie { someKey: someValue }.
I search around we and found nothing about it. Found only solutions about save to file system, send via tokens and save MAC address with a value into DB. But this is not suitable for me. I know that share cookies and store locally isn't secure, but need to implement that feature.
Web project based on chrome browser, asp.net mvc, angularjs and ms sql for db storage. Is anybody can help me with this issue about cookies?
There is no way to do this. First, every browser has its own way to store and retrieve cookies. It is impossible to write something that will work for any platform and any version.
Second, there is security. You can't just copy some files and expect this to work. Browser developers aren't stupid to leave such a big security loophole in their software.
You are mixing Windows applications with full control over the system with a web application that only resides within the browser. You should find a better way. You could use a certificate installed on the machine to validate the user, but it seems to me there are better options, like simply logging in, etc.
Cookies are a browser component that all major browsers locate in user specific directories. if you could change it to HTML5 storage API and you could setup the storage to a folder both users have access (dunno about this). You could have client side shared data. Most probably, you could not. And certainly not using cookies.
Disclaimer: I havent used storage API
Edit: Just checked. Storage API does store the data un user specific folders, so cannot use it either.
"In practice, "client-side storage" means data is passed to the browser's storage API, which saves it on the local device in the same area as it stores other user-specific information, e.g. preferences and cache. Beyond saving data, the APIs let you retrieve data, and in some cases, perform searches and batch manipulations." Source: https://www.html5rocks.com/en/tutorials/offline/storage/
I have an application that uses APS.NET as the middle tier. One of the features for administrators is to allow them to popup another browser window logged in as a non-admin user, so they can provide support.
I use a javascript function "openWindowWithPost." The application takes credentials from a DB and forces a login so the support staff does not need to know the user credentials. Unfortunately when it does that the original session is reused and hence all of their application variables are shared, causing havoc with the original Admin login.
What I would like the ability to do is to force a second browser window to popup and when it talks to IIS have it create a new session and keep the original one active. Is this possible? If so where can I find how to do this?
From your post, it looks like you are using the Session object in ASP.Net to store data.
By default the Session ID is stored by the browser in a cookie. See MSDN
for a description of how it works. You could setup your application to use query strings to store the session id, but that is really old fashion and can become messy and hard to deal with.
Your best bet is to find a solution at the browser level. For example, Firefox has an extension called Multifox that would do what you want. Other browsers have similar extensions.
I have an issue with sessions. My web site is implementing a logged users console, which register a new user each time it logs in. If I try to open 2 pages within the same web explorer, it fails because the method first ask if the user is already connected for not registering it twice.
This method take as parameter the sessionID, which is provided by .net
My question is: In the same browser (or in the same computer, localhost), the sessionID it's always the same or when is it generated?
By default, new tabs or new windows in a browser will share the same process and therefore the same temporary session cookies for a domain.
To open a new session in IE, choose File > New Session.
SessionID will be the same for the same browser.
On a different browser (or a different computer) you'll get a different SessionID.
Thats kinda how it is all over the internet, not just with asp.net, because of the way Cookies work.
For example you'll notice that you can't log into amazon or ebay using different accounts within the same browser.
SessionId is same per browser. You can check it by logging in to yahoo, the first page will ask for the user name and password, if you open the second page it will directly take you to your email account.
Depends of the browser being used and how it's being used, as stated already the session is shared across the same browser on modern browsers by default. Older browsers such as IE before 8 used to share the session across windows by default as well unless the user opened a new instance of IE outside of the browsers interface (i.e. Start Menu/Shortcut).