Powershell Net-Cookie Expires - powershell

We are using PoSH Server for our Webservices.
Does anyone know how to change / set the cookie expires in our script? This is how we currently try to do it:
$Response = $Context.Response
$Response.Headers.Add("Accept-Encoding","gzip");
$Response.Headers.Add("Server","PoSH Server");
$Response.Headers.Add("X-Powered-By","Microsoft PowerShell");
$Cookie = New-Object Net.Cookie
$Cookie.Name = "SessionID"
$Cookie.Value = New-TimeStamp
$Cookie.Expires = now+10
$Response.AppendCookie($Cookie)
We also tried s.th. like: $Cookie.Expires = DateTime.Now.AddMinutes(10) a.s.o.
The cookie is read in the following way:
$Cookies = $Request.Cookies["PoSHSessionID"];
The Cookie Expires (Lifetime) does not change. It´s always: Lifetime ends of session.

I am able to get it to set send along a value based on the date set to the Expires property, but it sends it as "max-age" instead of "expires" in the http header, which it would seem (from a quick internet search) isn't supported by at least IE of lower versions.
I'm not used to using the System.Net.HttpListenerResponse type (more used to the System.Web namespace used in ASP.NET) so I'm very likely missing something very obvious, but the only way I could get it to work as I wanted was to add the Set-Cookie header manually. An example on how to do this would be the following:
$Context.Response.Headers.Add("Set-Cookie", "myCookieName=myCookieValue; expires=Tue, 12-Jan-2016 01:14:40 GMT")
Do be aware, however, that you might have special characters in your cookie value which makes your Set-Cookie string invalid. A possible way to work around that could be to create the cookie value string using the System.Net.Cookie class, like you are doing, and just add the Set-Cookie header with the ToString() of the cookie with a manually appended expires value (ensure they are separated with a semicolon).
This does feel very much like an ugly work-around which shouldn't at all be necessary. I'm probably missing something, but on my virtual test machine (Win7, PowerShell 2.0, .NET 4.0, IE10, FF26) I couldn't get it to send Expires instead of Max-Age.
You can find a description of the format for the expires date at the Wikipedia page about HTTP cookies under the header 'Expires and Max-Age'.

Related

Not able to read complete cookie in perl

I am receiving below cookie from my source system
ExternalAccess=unixtime=1593603710&oracletime=01-jul-20
12:41:50_Hash_thNnmggU2ex3L5XXeMNfxf8Wl8STcVZTxscSFEKSxa0
At destination system [PERL based], using below code to read the cookie
my $extSysCookie = $Query->cookie('ExternalAccess');
i am getting below output
External Access cookie = unixtime=1593603710
and not able to read full value.All characters after & are getting omitted. Can anyone help?
First of all, that's not a valid cookie. Spaces are not allowed in the value of cookies. Ref.
Secondly, that's not a correctly formatted cookie for CGI.pm's ->cookie. ->cookie is designed to handle cookies created using CGI.pm's ->cookie. The cookie value in question was not created with that method, and the cookie can't be handled (correctly) by that method.
To get the desired string from ->cookie, either construct the cookie using ->cookie, or otherwise create a cookie with the URI-encoding the value you wish ->cookie to return.
For example, the desired string will be returned for a cookie with the value
unixtime%3D1593603710%26oracletime%3D01-jul-20%2012%3A41%3A50_Hash_thNnmggU2ex3L5XXeMNfxf8Wl8STcVZTxscSFEKSxa0
CGI's approach allows cookies to have multiple values, and gets around the problem of spaces being forbidden in the values of cookies.

Set cookie on response in lumen 5.6

Actually I want to set header like this
response()->json($data)->header('Set-Cookie','strCookie1',false)->header('Set-Cookie','strCookie2',false)->send();
But the Set-Cookie not shown in the header.
Is there any way to set the cookie in Lumen 5.6
I saw the withCookie(cookie()) but not sure how to use. The cookie() in Lumen is not defined.
Note: I need 2 set-cookie at the same time, and the strCookie1 is already the full long string of the cookie value.
(Like this: TOKEN=abcxyz; Path=/; Expires=Sun, 24 Mar 2019 03:40:11 GMT; Max)
Thank you.
According to documentation here:
However, for most routes and controller actions, you will be returning a full Illuminate\Http\Response instance. Returning a full Response instance allows you to customize the response's HTTP status code and headers. A Response instance inherits from the Symfony\Component\HttpFoundation\Response class, providing a variety of methods for building HTTP responses:
You can find the appropriate method to set cookie here. The argument is either string or a Symfony\Component\HttpFoundation\Cookie instance. If you see the code inside it (here's the link), the string argument only accepted when the
cookie function is defined. In this case, it's not defined. So this method only leaves you one option:
To supply the first argument with an instance of
Symfony\Component\HttpFoundation\Cookie
<?php
use Symfony\Component\HttpFoundation\Cookie;
$response
->withCookie(
new Cookie($name, $value, $expire)
);

Play framework - retrieving the Date header in the request

I need to access the Date: header when I handle the request, but this seems to be "swallowed" by the framework; any other header (even made up FooBar ones) show up and I can get them, but this gives me None (I'm using Postman to send a simple GET request - everything else works just fine):
println("Date: " + request.headers.get("Date").getOrElse("no date!"))
returns "no date!" no matter how I try to send something sensible.
I'm wondering whether this gets processed before the request object reaches my Action.
I need the actual string value sent, as this should be part of the request's signature - so an equivalent Date object representing the same value would not be of much use (as it needs to be part of the hash, to avoid replay attacks).
Just as a test, I replaced the Date header with a Date-Auth one, and this one shows up just fine:
ArrayBuffer((Date-Auth, ArrayBuffer(Wed, 15 Nov 2014 06:25:24 GMT))
Any ideas or suggestions greatly appreciated!
Are you sure there is a Date Header in your request (tested with tools like firebug or wireshark)?
Browsers do not need to send a Date header.
RFC 2616 (HTTP 1.1) from the Date section (14.18)
Clients SHOULD only send a Date header field in messages that include an entity-body, as in the case of the PUT and POST requests, and even then it is optional. A client without a clock MUST NOT send a Date header field in a request.
I stand corrected - it turns out that Chrome blocks a whole bunch of headers:
http://www.getpostman.com/docs/requests
I wrote a Python Flask test server and, in fact, the Date header is not there.
That page has also a fix, which works just fine with Postman Version 0.10.4.3 and Interceptor(1).
sorry for wasting everyone's time!
1 Incidentally, IMO Postman is the best REST client and has now also some awesome looks, beyond incredible functionality. If you're working with REST APIs, I highly recommend it.

BigCommerce API Update Order with PUT

I need to update an order which is done via PUT method passing the order id as part of the https url string and a single parameter, the status_id.
https://mystore.mybigcommerce.com/orders/12345.json
I have tried several methods to pass the status_id value but no matter what I try "status_id=12" or formatted as JSON "{"status_id": 12,}" I always get the same response:
[{"status":415,"message":"The specified input content type is not valid."}]
I have also tried as a POST request passing the JSON or XML code as raw data but that method is not supported.
How am I supposed to pass that field=value pair? can I embed it in the url string?
I also tried it but it wouldn't work for me.
Any ideas?
In case you are wondering I am doing it within FileMaker with TROIUrl plugIn, not a very popular technology, but the GET method retrieving orders works like a charm
TURL_Put( ""; $url ;"status_id=12") (I have also tried other FM plugIns to no avail)
Don't get too caught up in the Filemaker part, I don't expect many people out there to be familiar with BigCommerce and Filemaker. I just need a generic answer.
Thanks
Commandline tool curl is worth a try. It supports put and https.
Mac OS X: curl already installed, call from FileMaker via AppleScript do shell script.
Windows: must be installed, call via Powershell.
It works for me using { "status_id": "3" } which means you probably need to put quotes around the actual number.
Also, it is a PUT operation and application/json which is part of the request content.
The error message received by the OP:
[{"status":415,"message":"The specified input content type is not valid."}]
Is saying that he did not supply the 'Content-Type' header in his request or that the header supplied is for a content type that is not allowed. For the OP's case using JSON he would need to include the header:
Content-Type: application/json
in his HTTPS request. This description can be found along with those of the other status codes you may see here:
https://developer.bigcommerce.com/api/status-codes

Writing the Pragma header in a DelegatingHandler in Asp.Net Web API

I've asked this question over on programmers that's linked to this one. I'm trying to find a suitable header, that is unlikely to be stripped, that I can use to send back a unique Request ID with every response, even if it does not send a body.
One of the headers I considered was the Pragma header, as looking at the spec it appears to be intended not only for the additional no-cache HTTP 1.0 backwards-compatibility value, but also for application-specific values, so I should be able to use it. It should be possible, for example, to send something like no-cache; requestid=id.
So in a DelegatingHandler I tried writing to it with my ID:
//HttpResponseMessage Response;
Response.Headers.Add("pragma", "some_value");
But it arrives at the client with no-cache; always. I think WebAPI automatically sends caching headers consistent with caching being switched off, which includes the Pragma one.
So, how do I make sure my value is maintained and not overwritten?
I've cracked it, the answer is to make sure you also set the CacheControl header on the HttpResponseMessage, which then bypasses some slightly fishy logic in System.Web.Http.WebHost.HttpControllerHandler (I've opened a discussion on CodePlex about this; I think the logic needs to be changed).
So instead of
//HttpResponseMessage Response;
Response.Headers.Add("pragma", "some_value");
You have to do:
Response.Headers.CacheControl =
new System.Net.Http.Headers.CacheControlHeaderValue()
{
NoCache = true
};
Response.Headers.Add("pragma", "some_value");
(I've used NoCache since the current API default is to switch caching off for all responses).