While previewing the Cloudflare app previously stored cookies are coming into play - cloudflare-apps

Scenario:
Let's say I'm setting a cookie (name=John Doe;path=/).
After some time I'm again setting a cookie (name=Jonny;path=/).
Now, If I get the cookie name I'm receiving "John Doe".
May I know Why I'm not receiving the latest value? Please help me with this issue.

Are you setting this cookie in a Cloudflare app and then seeing the old cookie stored in the app previewer? or is the old cookie stored incorrectly on a site with it installed?
If it's on only the previewer, this is likely something to do with the iframe.

Related

Transfer cookies to another device on Chrome

I am trying to move the login session of Facebook from one device to another device. Both the devices use chrome browser. I tried using a cookie extension to export the cookies and then import the cookie on another device. The cookies in the logged-in device are:
In the destination device, after importing the cookie, when I open Facebook.com it asks for credentials as usual. Also, it replaces a few cookies and removes some (like presence).
My question is, is there anything facebook uses to stop transferring cookie sessions? How FB detect that it's a different device?
It's for leaning purposes to figure out the attacks and defenses in the cookies system.
I was able to get it to work by just creating c_user and xs cookies manually and copying the values in the other browser. I think I was doing something wrong while exporting or importing the whole cookie set.

UIWebView using Mobile Safari cache data/cookies ... is this possible?

I have an application that may access authenticated content. I know that the webview can't handle authentication so I do some NSConnection magic to make it work (something similar to this)
The thing is that there is some content that can be accessible using this web view, but there is some other content that event after a sucessfull authentication, the web view is not able to load.
BUT.. if I enter the same url with mobile safari, enter the needed credentials and then I go back to my app, the WebView seems to load the content fine.
I tried reviewing the cookies before and after the auth in Safari is done using this code
[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
and the cookies are the same.
As far as I understand that code will retrieve the cookies my app generates and not the ones available in iOS, so apparently this is not the way to look for a hint...
Any ideas?
Recently, i've lurked for the same question over the internet, and the answer is "no" =(.
Objects of UIWebView class and Safari or other browsers live apart and are sandboxed.
Here is official position about cookies.
TO the best of my understanding, Cookies can not be sent with the first request from a Webview, but can be sent with subsequent requests to the same URL, if and only if, the first request was successful.
This causes problems with authentication services that require cookies to authenticate on the first request to the URL.
Possibly user credentials are stored via keychain api. Keychain is shared between apps, so stored login/pass in Safari can appear in your app UIWebView.Can you elaborate this as i also need this.

Are iPhone cookies enabled by default?

Are iPhone cookies enabled by default when you buy an iPhone? I ask as I do not want to build any features for a webapp which require cookies if most users do not have have them enabled.
Cookies are enabled for visited websites by default. In the settings app you can change the setting for cookies. What visited websites means is this (i think):
For example you buy a new phone or restore and visit youtube.com which is from google. google.com would maybe try to save any cookies to save your username and password ir anything but can't, because you have not visited google.com before. Only youtube.com will be able to save cookies on your phone.
Note there appears to be a bug in which this setting randomly changes to "Never". I don't know what the trigger is; some people are claiming it happens when updating to iOS 5 but I think that's just a coincidence of timing for certain folks.
I just had this happen to me when I restored my phone from a backup; however the backup was only an hour or so old and it definitely wasn't set to "Never" in the backup. I've been on iOS 5 ever since it released, and the cookie setting was definitely the normal default (1st part cookies only) until I did the restore last week.

Apple Push Notifications

I'm building an app that checks as site every 15 minutes for changes. I can do this fine in the app, when it's open. But how do I go about doing this while the app is in the background?
The trouble is I don't think I can use the Push Notification Service. The page on the site which is being checked, requires the user to be logged into the site. Because there is a cookie jar for each app, the user logs into the site through a UIWebView at the beginning and then once logged in, the site is polled every 15 minutes using NSURLConnection and receives the data for the logged in user because of the cookies created at login in the webview. I don't believe there is a way to do this on a server for many different users? And if there was wouldn't the user's site username and password have to be stored on my push server which is a huge no.
So can I use task completion, or is it possible to access a page that only appears correct when the correct cookies are present from a server and then use push notification.
Unfortunately there is no way to get the cookie from a UIWebview. And task background completion can only run for 10 minutes.
I'm not sure what kind of website you are trying to access, but if you can replicate the login using a NSURLConnection you can retrieve the cookie using NSHTTPCookie. Then store the cookie data on your server and then access the web site from the server with the "Set-Cookie" header to check the content for changes.
This, of course, depends on how long the cookie lasts (expires).

iphone bookmarklet cookie persistence

I have an iphone (jqtouch based) web app that uses cookies for authentication. The use flow is as follows :
user goes to the mobile landing page and is instructed to save the page as a bookmarklet on their home page.
they launch the bookmarklet to go to a login page to login and get a cookie.
the cookie works and they can navigate throughout the web site.
However this session cookie is not persistent. If they leave safari and then restart using the saved bookmarklet, the cookies set during their previous session are gone.
Just using safari (ie: launch safari directly rather than through the bookmarklet) to navigate the pages works fine (ie: start safari, go to url, do login, restart safari, go back to url).
I find that that the cookies that were active when the bookmarklet was created are persistent but any cookies set during the session when safari is accessed through the bookmarklet are not persistent.
I'm wondering if this is a safari/iphone issue and/or if there is any way around this. Many thanks for any insight you can provide.
K, for anyone encountering the same problem, i found a work around by making use of html5's localstorage. I just needed to use javascript to set the storage based on cookie values as the cookies were being set and to set the cookies from the storage values when the first page was loaded.
I have tried that in one of my applications. I have tried this in this way:
The user logs in and his cookie is set into the sharedHttpCookieStorage.
Check the cookie against your URL, get its values and save it in your application's storage.
Next time user wants to use your application, check if there is any cookie values in your storage. If Yes then create a cookie with those values else get him to log in again.
Make sure to clear the cookie values when the user logs out or the cookie expiration date reaches.
I know it sounds difficult but infact is really easy. All you have to go through is Apple's documentation on NSHTTPCookie.