NetTalk Central

Author Topic: Cookie handling  (Read 2995 times)

hkalmbach

  • Jr. Member
  • **
  • Posts: 85
    • View Profile
    • Email
Cookie handling
« on: December 02, 2024, 01:15:42 PM »
Hello,

I would like to set a cookie with livetime of some minutes for a webserver. The value is the user id of the person who logged in. If the user leaves and calls again the webserver within the amount of the livetime of the cooke he should not have to login again.

for that I set the cookie directly after the login:

p_web.SetCookie('MAGWebUserLoggedIn',UserId,TODAY(),CLOCK()+xMinutes*6000)   

Directly after setting the cookie I can read the value of the UserId by

UserId = p_web.GetCookie('MAGWebUserLoggedIn')

Unfortunately, if I start a new window of the browser and read at the beginning of my indexpage i don't get the UserId by the command

UserId = p_web.GetCookie('MAGWebUserLoggedIn')

The cookie is empty.
But if I look in my new browser window with F12 at the cookie list I see my cookie, see attachment.

Does somebody know, why I can't read this cookie in a new session?


Thanks for any help.

Cheers

Heinz

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11263
    • View Profile
Re: Cookie handling
« Reply #1 on: December 02, 2024, 08:06:01 PM »
>> Unfortunately, if I start a new window of the browser and read at the beginning of my indexpage i don't get the UserId by the command

If you look at the web server log, ie your WebServer window, and you look at the incoming request, do you see the Cookie included in there?
If not I'm guessing you set a memory cookie, not a disk cookie.

(As an aside, this would be a pretty big security hole - so you might want to think a bit about this feature. Let's say the user was using a public machine , closed the browser, walked away. Using you system another person could access the site some minutes later, and they would be logged in as the previous user.)

Cheers
Bruce

hkalmbach

  • Jr. Member
  • **
  • Posts: 85
    • View Profile
    • Email
Re: Cookie handling
« Reply #2 on: December 02, 2024, 11:22:20 PM »
Hi Bruce,

thanks for your answer. I think its a normal cookie, you can see in the screenshot. It appears together with the session Id as well in the web server window and also in the browser.
I set the cookie when the username and password are accepted in the login form. If I then come back to my Indexpage the cookie can be read (Debugview).
For test I then delete the session Id, close the tab and open a new one. In the moment when I start to type the URL (localhost:2338) and its put in the addres line a request is sent to the web server which contains all three cookies as shown in the screenshot. This happens even before I accept the URL and the login form is shown. If I then accept the URL again a request is shown in the web server window and this also again contains my 'MAGWEBUSERLOGGEDIN'-cookie. But now it is not read by p_web.GetCookie('MAGWEBUSERLOGGEDIN'). I don't get a value, its empty. But its still shown in the browser and the web server window.

This feature I only use for a special situation. The users use their smartphones connecting to the app by scanning a QR code which contains the complete URL to the web server and a machine number as parameter. They use it for inventory, that means they go from machine to machine, scan the QR code with the camera or a QR code app and therefore open always a new session. If they scan serveral machines in a short time they should not have to login all the time. The cookie should only exist for lets say 10 minutes.

Or is there another possibility to stay logged in when scanning a QR code with the camera and from there open the URL to the web application?

Thanks a lot

Cheers
Heinz

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11263
    • View Profile
Re: Cookie handling
« Reply #3 on: December 03, 2024, 09:00:24 PM »
>>  p_web.GetCookie('MAGWEBUSERLOGGEDIN')

In the server, you don't read cookies using the GetCookie method. That's inherited from the web client.
Rather use

 p_web.GetValue('MAGWEBUSERLOGGEDIN')

hkalmbach

  • Jr. Member
  • **
  • Posts: 85
    • View Profile
    • Email
Re: Cookie handling
« Reply #4 on: December 04, 2024, 12:58:33 AM »
Hi Bruce,
thanks for your answer.
Unfortunately this does not work in the example I made for test.

I set the cookies in the login form on ValidateUpdate, directly after setting them I try to read them with getCookie and getValue. Both works.
After that I go back to indexpage and try to read again on ProcedureSetup and there both do not work. I put the web3 example changed in the attachment.


1   0.000000   11296   web3.exe   [st][3] [netTalk][thread=3] LoginForm GetCoookie Loc_Login: DEMO
2   0.000068   11296   web3.exe   [st][3] [netTalk][thread=3] LoginForm GetCoookie Loc_password: demo
3   0.000129   11296   web3.exe   [st][3] [netTalk][thread=3] LoginForm SessionId: PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ
4   0.000188   11296   web3.exe   [st][3] [netTalk][thread=3] LoginForm GetValue Loc_Login:
5   0.000240   11296   web3.exe   [st][3] [netTalk][thread=3] LoginForm GetValue Loc_password:
6   0.000716   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_Login: DEMO
7   0.000800   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_password: demo
8   0.000847   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage SessionId: PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ
9   0.000902   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_Login:
10   0.000958   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_password:
11   0.002936   11296   web3.exe   [st][3] [netTalk][thread=3] [SEND LEN 2658] HTTP/1.1 200 OK
12   0.002936   11296   web3.exe   Date: Wed, 04 Dec 2024 08:55:16 GMT
13   0.002936   11296   web3.exe   Expires: Tue, 05 Dec 2023 08:55:16 GMT
14   0.002936   11296   web3.exe   Content-Length: 1932
15   0.002936   11296   web3.exe   Content-Encoding: gzip
16   0.002936   11296   web3.exe   Content-Type: text/html
17   0.002936   11296   web3.exe   Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
18   0.002936   11296   web3.exe   Pragma: no-cache
19   0.002936   11296   web3.exe   Set-Cookie: SESSIONIDX=PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ; path=/; HttpOnly; SameSite=Strict
20   0.002936   11296   web3.exe   Set-Cookie: LOC__LOGIN=DEMO; expires=Thu, 02 Jan 2025 23:00:00 GMT;; path=/
21   0.002936   11296   web3.exe   Set-Cookie: LOC__PASSWORD=demo; expires=Thu, 02 Jan 2025 23:00:00 GMT;; path=/
22   0.002936   11296   web3.exe   Connection: close
23   0.002936   11296   web3.exe   Access-Control-Allow-Origin: *
24   0.002936   11296   web3.exe   X-Frame-Options: sameorigin
25   0.002936   11296   web3.exe   Referrer-Policy: strict-origin-when-cross-origin
26   0.002936   11296   web3.exe   X-Content-Type-Options: nosniff
27   0.002936   11296   web3.exe   X-Xss-Protection: 1; mode=block
28   0.002936   11296   web3.exe   
29   0.002936   11296   web3.exe   ?
30   0.031145   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_Login:
31   0.031202   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_password:
32   0.031255   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage SessionId: PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ
33   0.031315   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_Login:
34   0.031371   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_password:
35   0.034410   11296   web3.exe   [st][3] [netTalk][thread=3] [SEND LEN 2411] HTTP/1.1 200 OK
36   0.034410   11296   web3.exe   Date: Wed, 04 Dec 2024 08:55:16 GMT
37   0.034410   11296   web3.exe   Expires: Tue, 05 Dec 2023 08:55:16 GMT
38   0.034410   11296   web3.exe   Content-Length: 1932
39   0.034410   11296   web3.exe   Content-Encoding: gzip
40   0.034410   11296   web3.exe   Content-Type: text/html
41   0.034410   11296   web3.exe   Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
42   0.034410   11296   web3.exe   Pragma: no-cache
43   0.034410   11296   web3.exe   Connection: close
44   0.034410   11296   web3.exe   Access-Control-Allow-Origin: *
45   0.034410   11296   web3.exe   X-Frame-Options: sameorigin
46   0.034410   11296   web3.exe   Referrer-Policy: strict-origin-when-cross-origin
47   0.034410   11296   web3.exe   X-Content-Type-Options: nosniff
48   0.034410   11296   web3.exe   X-Xss-Protection: 1; mode=block
49   0.034410   11296   web3.exe   
50   0.034410   11296   web3.exe   ?
51   0.251435   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_Login:
52   0.251483   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_password:
53   0.251535   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage SessionId: PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ
54   0.251593   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_Login:
55   0.251647   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_password:
56   0.253522   11296   web3.exe   [st][3] [netTalk][thread=3] [SEND LEN 2411] HTTP/1.1 200 OK
57   0.253522   11296   web3.exe   Date: Wed, 04 Dec 2024 08:55:16 GMT
58   0.253522   11296   web3.exe   Expires: Tue, 05 Dec 2023 08:55:16 GMT
59   0.253522   11296   web3.exe   Content-Length: 1932
60   0.253522   11296   web3.exe   Content-Encoding: gzip
61   0.253522   11296   web3.exe   Content-Type: text/html
62   0.253522   11296   web3.exe   Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
63   0.253522   11296   web3.exe   Pragma: no-cache
64   0.253522   11296   web3.exe   Connection: close
65   0.253522   11296   web3.exe   Access-Control-Allow-Origin: *
66   0.253522   11296   web3.exe   X-Frame-Options: sameorigin
67   0.253522   11296   web3.exe   Referrer-Policy: strict-origin-when-cross-origin
68   0.253522   11296   web3.exe   X-Content-Type-Options: nosniff
69   0.253522   11296   web3.exe   X-Xss-Protection: 1; mode=block
70   0.253522   11296   web3.exe   
71   0.253522   11296   web3.exe   ?
72   0.336126   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_Login:
73   0.336188   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage Loc_password:
74   0.336241   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage SessionId: PCr91q3r6sGjitnrvkMHl5ceQ2JfLZ
75   0.336297   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_Login:
76   0.336355   11296   web3.exe   [st][3] [netTalk][thread=3] IndexPage GetValue Loc_password:
77   0.338225   11296   web3.exe   [st][3] [netTalk][thread=3] [SEND LEN 2411] HTTP/1.1 200 OK
78   0.338225   11296   web3.exe   Date: Wed, 04 Dec 2024 08:55:16 GMT
79   0.338225   11296   web3.exe   Expires: Tue, 05 Dec 2023 08:55:16 GMT
80   0.338225   11296   web3.exe   Content-Length: 1932
81   0.338225   11296   web3.exe   Content-Encoding: gzip
82   0.338225   11296   web3.exe   Content-Type: text/html
83   0.338225   11296   web3.exe   Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
84   0.338225   11296   web3.exe   Pragma: no-cache
85   0.338225   11296   web3.exe   Connection: close
86   0.338225   11296   web3.exe   Access-Control-Allow-Origin: *
87   0.338225   11296   web3.exe   X-Frame-Options: sameorigin
88   0.338225   11296   web3.exe   Referrer-Policy: strict-origin-when-cross-origin
89   0.338225   11296   web3.exe   X-Content-Type-Options: nosniff
90   0.338225   11296   web3.exe   X-Xss-Protection: 1; mode=block
91   0.338225   11296   web3.exe   
92   0.338225   11296   web3.exe   ?
93   7.965041   11296   web3.exe   [st][3] [netTalk][thread=3] [SEND LEN 547] HTTP/1.1 200 OK
94   7.965041   11296   web3.exe   Date: Wed, 04 Dec 2024 08:55:24 GMT
95   7.965041   11296   web3.exe   Expires: Tue, 05 Dec 2023 08:55:24 GMT
96   7.965041   11296   web3.exe   Content-Length: 73
97   7.965041   11296   web3.exe   Content-Type: text/xml
98   7.965041   11296   web3.exe   Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
99   7.965041   11296   web3.exe   Pragma: no-cache
100   7.965041   11296   web3.exe   Connection: close
101   7.965041   11296   web3.exe   Access-Control-Allow-Origin: *
102   7.965041   11296   web3.exe   Accept-Ranges: bytes
103   7.965041   11296   web3.exe   X-Frame-Options: sameorigin
104   7.965041   11296   web3.exe   Referrer-Policy: strict-origin-when-cross-origin
105   7.965041   11296   web3.exe   X-Content-Type-Options: nosniff
106   7.965041   11296   web3.exe   X-Xss-Protection: 1; mode=block
107   7.965041   11296   web3.exe   
108   7.965041   11296   web3.exe   <?xml version="1.0" encoding="utf-8"?>
109   7.965041   11296   web3.exe   <ajax-response></ajax-response>

Cheers
Heinz

hkalmbach

  • Jr. Member
  • **
  • Posts: 85
    • View Profile
    • Email
Re: Cookie handling
« Reply #5 on: December 04, 2024, 03:12:37 AM »
Hello Bruce,

one additon: in the first HTTP block I see the cookies. In the following not. I don't know why this happens within one sesson.

Cheers
Heinz

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11263
    • View Profile
Re: Cookie handling
« Reply #6 on: December 04, 2024, 07:30:07 PM »
you are getting the value names wrong. Try

    p_web.trace('IndexPage SessionId: ' & p_web.SessionID)
    p_web.trace('LoginForm GetValue Loc:Login: ' & p_web.GetValue('loc:login')) 
    p_web.trace('LoginForm GetValue Loc:password: ' & p_web.GetValue('loc:password'))