I'm currently working on a browser extension project for an affiliate marketing business. Affiliate marketing usually works by setting tracking cookies on click to identify the referrer in case an article is bought on the partner's website and rewards the referrer afterwards.
How can some browser extensions "activate cashback" or "activate affiliation" without having the user to go through a redirect page? How can they apply all the tracking cookies with no apparent redirection?
Options I considered:
Creating an API endpoint that would store an array of cookies set during the chain of redirection then applying them directly on the browser. Problem: some platforms use client script with URL matching to set cookies on landing on the partner's website.
Maybe it has something to do with form posting hack: https://stackoverflow.com/a/4702110/7576507
Furthermore, how can one know that the tracking cookies have been well set?
It seems that these browser extensions create a tab using a standard affiliate link without focusing it.
Once it is completely loaded (DOM, external scripts etc...), they close it and display on the main tab that tracking has been activated.
Related
At my company we have an internet-facing SharePoint 2010 site. We will be creating a subsite that will serve as a mobile site (different design, smaller subset of information). When a user hits our homepage from a mobile device, I would like them to be redirected to a page where they can select a link to either view the mobile site, or the full desktop site.
Correct me if I'm wrong, but I believe standard SharePoint mobile detection needs to be enabled for this. I think I can redirect the mobile users to my "choice" page pretty easily with an HttpModule, so that they don't hit the default SP mobile page. But the problem I'm having is that if they choose to go to the full desktop site, if I try to redirect them there in the module, they're just going back to the default SP mobile page.
My question is, is it possible to achieve this in SharePoint? It seems to me that the default mobile detection would be difficult to override the way I want it to happen. Do mobile users only have access to the mobile subsite in this scenario? If anyone needs more information from me, just let me know, I'll provide whatever I can.
(Also, I know it would be better to do a responsive layout, but that decision is out of my hands)
We created an "ismobile" cookie for the session after the redirect. This allows us to ignore the redirect if the user has this cookie. In means that they have already been redirected once this session so don't do it again if they hit the desktop page.
We started using this so that the "Show full website" link didn't just bounce the user back to the mobile page
I've recently installed the browser plugin Disconnect to keep Facebook, Twitter and Google from recording my browser history as I use the regular web while still letting me use those services when I choose to.
Can anyone explain how Disconnect works?
I'm interested in how it works to understand where my web experience might be changed or compromised and as an intellectual curiosity about what these sites are doing and how it can be blocked.
There are detailed descriptions of what our extensions do in the extension galleries (and someday soon, our site), e.g.:
https://chrome.google.com/webstore/detail/jeoacafpbcihiomhlakheieifhpjdfeo
More technically, all our extension code is open source (and well commented and otherwise readable, if I do say so myself):
https://github.com/disconnectme
I'm only guessing, but to track you, google, facebook and twitter send you a cookie to identify you. Then if you browse the web a display page that contain an adsense banner, a g+1 button an analytic script, a facebook/twitter widget, google , facebook and tweeter access this cookie.
So to prevent them to record your browsing, maybe the addon filter the cookie sent in http request or filter google/fb/twitter script/iframe/url from the viewed page.
Hope this could give you a hint.
Regards
Does anyone know of a way to disable the mobile browser detection and redirect feature of Facebook via querystring parameters?
For example, if I go to www.facebook.com/CraigslistGenie in a mobile browser, I get redirected to http://m.facebook.com/CraigslistGenie. I would like the user to stay on the www version of the page.
you either change the user-agent to achieve that or you add ?m2w to the link i.e. http://www.facebook.com/CraigslistGenie/?m2w does NOT redirect (tested on Android) while http://www.facebook.com/CraigslistGenie does redirect to http://m.facebook.com/CraigslistGenie
For reference see here and here.
The first answer is correct, however if you want it to work on an Android phone (and keep working when you click on links within the site) you need to go into the browser settings (after you've gone to the http://facebook.com?m2w) and check the "Desktop version" setting.
This will prevent the browser from constantly trying to send you to either the mobile version of the site or the FB app.
Method given by Yahia is good. Adding ?m2w to link means converting mobile to web view.
Or,
Change settings of mobile browser i.e. User Agent. Both Steel and Dolphin browsers allow you to change that setting however. Both are free in the market. (I am not doing any marketing of browsers.)
Some of you may have noticed that, despite changing the User-Agent in the browser, you are still sent to a mobile website anyway. Check this patches given.
Check this huge discussion about tricks used for hiding mobile browser.
Background:
I am working on a legacy ASP.NET 3.5 Web Forms applications. The application allows users to buy a subscription to a 'white-label' website which is generated for them and they can customize it further. It uses forms authentication.
A typical use-case is that the user creates an account on our system, purchases a website, and then proceeds to customize their website. The URL they will use to edit their purchased website is something like this: https://www.example.com/EditWebsite.aspx. There are many other pages also within our website editing toolbox with other URLs.
Problem:
My team has now been tasked with allowing people to use one account to access multiple website subscriptions. This means that one authenticated user could be trying to access one of many websites to edit if they use the URL mentioned above. Our system can be made aware of multiple subscriptionIds per User but the website editor web app only has support for one subscription.
To clarify with a simpler example: this would be like if Google all of a sudden allowed you to view two different inboxes with one GMail account. How would the system know which one you were trying to access if the URLs were the same for both?
We originally wanted to change the application to use URLs like: https://www.example.com/[subID]/EditWebsite.aspx which would give us all the information we need to send the user to the correct website. We looked into URL Routing to accomplish this but it seems that we would have to change all of the web app's internal links to use the route config to generate the correct URLs. Maybe we have the wrong idea here but it seems like too much work for a legacy application.
Another potential solution we came up with was simply using our systems' control panel web app (where they click links to edit any of their websites) to set a session cookie which our edit website web app can read to know which website to bring up. This has the disadvantage that the pages would not be bookmark-able and you could not look at multiple websites at once in different tabs of the same browser.
Question(s):
Is there any other options we have not investigated or thought of? Is there any other web sites which allow for this kind of behavior; how do they handle it? Is URL Routing the right way to do this and we just need to take the plunge?
Any input is appreciated!
The solution we ended up using was adding a URL parameter to the link which specifies which website you are trying to edit.
https://www.example.com/EditWebsite.aspx?subID=123
This parameter is included in the links to 'Edit Website' from the page which lists all of a user's websites.
When present, this sets a session cookie for the user. If the request parameter is not present, the app looks for the cookie being set; this handles all the internal links within the application. if a cookie doesn't exist and the request parameter was not set, we just pick the authenticated user's first subscription from the list.
This isn't perfect but it has worked without issue so far. The only consequence it has caused is that a user cannot edit multiple websites in the same browser session, e.g. using multiple tabs. This hasn't resulted in any support issues yet though so it is pretty much a non-issue.
For a middleware system with internet (which works inside a set-top box) I want to develop a primitive Facebook interface where users can type their user-names and password, showing their latest notification, messages and other casual stuff on the TV screen by using the recent Facebook Graph API.
This middleware program uses Java ME to run programs (such as this simple facebook app) and it can connect to internet however it doesn't have a real web browser. Without browser it can connect to any url to retrieve the JSON response however I am not sure how to achieve authentication without a real browser.
Under this circumstances, is it possible Facebook authentication? If you think so, what approach would you suggest ?
Thanks
Facebook provides trusted partners with a private Authorization API to get an OAuth 2 token from a username / password.
A more complicated approach would be doing something similar to how Netflix enrolls a device:
device calls server to obtain a Code
device shows code on screen and directs user to go to URL on server and enter Code
server redirects user to Facebook and obtains OAuth token, user told to go back to device
device calls server with Code and obtains OAuth token
device can now make calls directly on behalf of user
According to this documentation on "Desktop Application Authentication" I don't believe your desired result is possible:
Facebook's OAuth implementation does not include explicit desktop application support. However, if your desktop application can embed a Web browser, you can add Facebook support to your application easily using the same OAuth User-Agent Flow used by JavaScript clients.
However, it is clearly possible for certain vendors to do this, since Microsoft's Xbox 360 Facebook application does exactly what you are proposing. I'd be interested to see if anyone has dug up any API for doing this that Facebook doesn't want in their most obvious documentation.
This isn't an answer but I'm trying to do the same thing. Check out this guy's blog which uses another server to proxy the requests:
cory wiles blog
If you figure it out please post a detailed answer here so I can do it to.. :)
I think it is possible though it is pretty complicated and subject to sudden changes of Facebook interface. It might break the agreement between you and Facebook.
What you do is to emulate the Facebook.
One path you have to set up a Facebook application. Once you got the authorisation from user, you can to something with Graph API.
You need to the Facebook log-in process and authorisation process. There are some capturing tools on http/https request and response. Analyse them, both header and body.
Once you know the authorisation mechanism, you can replace it with you own. Everything afterward is on Graph API.
Another path is to emulate Facebook login and message and notification process. Capturing and analysis is needed.
In the past I have used a tool called screen-scraper (full disclosure: I used to work there) to automate logging in to facebook. Basically, it imitates a browser session; it allows you to set session variables (i.e. username, password) which would then be submitted to facebook, just as if the user had submitted them in a browser.
You may not be able to use screen-scraper in your set-top box environment (although it is java-based, so it's possible it would work). Even if it doesn't, you could implement a similar strategy in java, making the HTTP calls a browser would make to load the login page and submit the user's credentials. To keep the user's info safe make sure whatever HTTP client library you use supports HTTPS.
Proxy tools and extensions like Charles, Fiddler2, Firebug, Chrome's dev tools, etc. are helpful in seeing exactly what the browser is sending to the server in requests.