remove cookie using javascript / jQuery - javascript

I have a little demo page to show the effect of a website depending on different user cookies.
Then I set the click() function of some div to use the plugin jquery.cookie.js which provides 2 functions:
$.cookie('name', 'val')
$.removeCookie('name')
after I called $.removeCookie(), I call window.open('new page') since I need to go to the content. but httpliveheader always shows that it's not removing the cookie in question.

OK, I found it, it was because the cookie set by my backend code and front end JS are in different path.
my java spring MVC controller has an access path of /MyPath/Blah/ in the code I just did
httpServletResponse.addCookie(new Cookie("something", "something"));
this turns out to default to the path where the code sits under , i.e. /MyPath/Blah/
but the JS sets something like $.cookie("something", "somevalue"), it goes to root. that's why I am seeing 2 different values in httpLiveHeader dump. unfortunately the path thing is controlled by browser, so it doesn't show up on liveheader dump. I only found this after I inspected the "remove cookie" window in mozilla

//for example :
document.cookie = "cookie_name=" + encodeURIComponent(cookie_value) +
"; expires=" + expires.toGMTString() +
"; path=/";
you need to set PATH.

Related

How do I link an external js file that returns code 302

I am trying to combine Github Pages with Google Apps Script so I can have Server Side Scripting with Github Pages. I try to connect to the Google Script web app using:
<script src="https://script.google.com/macros/s/NO_LINK_FOR_YOU/dev">
</script>
(I need that /dev there, google script says nothing was returned when I don't use it.)
That is supposed to (and does) return:
return ContentService.createTextOutput("window.onload = function(){document.getElementById(\"request\").innerHTML = \"Generated: " + generateRandomNumber(10, 42) + "\";}");
Which outputs this:
window.onload = function(){document.getElementById("request").innerHTML = "Generated: 28";}
(Of course, it would not always be 28.)
When I load this into the browser, it does nothing. I looked in inspect element and it says that it's returning the code 302 (Temporarily Moved). This is usually used for redirects, and content service always makes the browser redirect "for security reasons", so this is expected.
But how can I get the browser to follow that redirect and get the script from there? Can I even do that?
In this case, a mimetype error occurs, since mimetype is not set. So please add setMimeType() as follows.
return ContentService
.createTextOutput("window.onload = function(){document.getElementById(\"request\").innerHTML = \"Generated: " + generateRandomNumber(10, 42) + "\";}")
.setMimeType(ContentService.MimeType.JAVASCRIPT);

What are these Google-calendar events from?

It seems it's fairly common practice to grab the contents of a Google-calendar embed code, and add a stylesheet into it (either manually or through something like a PHP script) and display a custom-styled public calendar.
The odd thing is, I noticed if you click the print button at the top, or the "Google Calendar" in the lower right, it goes to localhost or whatever domain the page is - not the Google calendar.
If you try to trace the "gcal$func$[3]();" onclick through the Chrome devtools, or through Firefox with gcal$func$[3].toSource(); it will not find it or say
"function () {
[native code]
}"
So where is this function coming from, and how can you tweak this to make it open in a new window with the Google url, not the current domain (404)?
According to the Google Calendar embed JS code, the function points to the following code
window.open(Pf(this.c.i.Nb + "/render", "cid", b))
this.c.i.Nb represents the base URL, which is by default the domain where the script runs (in your case that's your domain). However, it's intended to be google.com domain and fortunately, it's very easy to change that. baseURL is one of the parameters in the initialization script (declared in the page you're grabbing) and you just need to configure that to https://www.google.com.
If you use PHP, your code might look like this.
$page = new DOMDocument("1.0", "utf-8");
// grab the Google Calendar code
$page->loadHTMLfile("https://www.google.com/calendar/embed?src=yourcalendar%40gmail.com");
// set up the baseUrl and print the grabbed page
echo str_replace('"baseUrl":"/"', '"baseUrl":"https://www.google.com/"', $page->saveHTML());
Now all the links should work correctly.

Cookie not being set in Safari, ios but works in ie, ff, chrome

I was alerted that when items are placed in our shopping cart using safari/ios, they are not showing up. The cart cookie is not being set. It is set by a redirect page. I saw the issue about safari not setting a cookie and redirecting, but if I take out the redirect, it is still not getting set. Here is the code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>
<script type="text/javascript">window.onload= function() {
SetCookie('RORDERID','OECLICK*17180*39521',10);
setTimeout("redir()",100);}
function redir(){window.location = 'http://www.shopthethirdfloor.com/forward-to-ttf-cart.html';}
function SetCookie(cookieName,cookieValue,nDays) {var today = new Date();var expire = new Date();
expire.setTime(today.getTime() + 3600000*24*nDays);
document.cookie = cookieName+"="+escape(cookieValue) + ";expires="+expire.toGMTString();}</script>
</head>
<body><br>If you are not redirected to the shopping cart, click here</body></html>
I thought maybe the setTimeout would allow it to work, but if I take out the call to redir() it still does not set the cookie.
Any suggestions?
Additional notes: I found a posting about this, and updated the code to:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>
<script type="text/javascript">window.onload= function() {
setCookie2('RORDERID','OECLICK*17180*43',10,'','','');
//setTimeout("redir()",100);
}
function redir(){window.location = 'http://www.shopthethirdfloor.com/forward-to-ttf-cart.html';}
function setCookie2 (name, value, nDays, path, domain, secure) {var today = new Date();var expires = new Date();
expires.setTime(today.getTime() + 3600000*24*nDays);
var curCookie = name + "=" + encodeURIComponent(value) + (expires ? "; expires=" + expires.toGMTString() : "") + (path ? "; path=" + path : "") + (domain ? "; domain=" + domain : "") + (secure ? "secure" : "");
document.cookie = curCookie;}</script>
</head>
<body><br>If you are not redirected to the shopping cart, click here</body></html>
and it works, but still does not work on my site. This code is being ran in an iframe from a different domain on my site. The site is www.shopthethirdfloor.com. If you go to products, select a product and add it to the cart, it does not add a cookie on safari, but does the other browsers.
ok, after a lot more digging and trial and error, it was the issue where safari would not set a cookie in an iframe cross domain. I tried several suggestions on the web including here, but they either were not relevant or did not work (were old). I found that I had 2 options. The first, change the framed domain to be a sub domain of the parent window domain which I could have done, but would have needed to change umpteen links and the payment gateway which I did not want to do. The second, took several steps, but works excellent is as follows:
The page that is trying to set the cookie checks if it is a safari browser and if it is, changes the window location to a php script on from the same domain as the browser passing the cookie in a get variable, this in turn changes the window location to an asp script from the iframe server sending it the cookie informtion which has the cookie setting code and after setting the cookie, loads the page for the the shopping cart.
The key here is getting the cookie setting page that needs to set the cookie into the parent window and then load the new destination page.
This has a few steps, but works well.
try to use HTML5 local storage concept to achieve cookie storage in safari browser
Default safari settings will be Cookies enable for trusted sites ,so you must enable the settings to enable cookie storage... TO overcome this issue you can use HTML5 local storage concept

Why can't I expire a cookie with JavaScript (not HttpOnly)

I've got a cookie being set in a framework I'm developing within via JavaScript (the framework appears to be using https://github.com/carhartl/jquery-cookie). I'm developing within this framework but don't have access to the framework code and I want to delete a cookie via JavaScript (I do not have access to anything serverside within this framework).
Inspecting the cookie via Chrome, I can tell a lot about it:
"domain": "www.example.com",
"expirationDate": 1667235180,
"hostOnly": true,
"httpOnly": false,
"name": "my_cookie",
"path": "/",
"secure": false,
"session": false,
"storeId": "0",
"value": "123456789"
It is hostOnly, but that should be fine as I am trying to remove from the same domain set in the domain field.
I'm trying to remove it using the following code:
function clearCookie(name, domain, path) {
var domain = domain || document.domain;
var path = path || "/";
document.cookie = name + "=; expires=" + +new Date + "; domain=" + domain + "; path=" + path;
};
clearCookie('my_cookie', 'www.example.com', '/');
When I do this however, it creates a new session cookie with a domain of ".www.example.com" (note the extra period) and doesn't delete the current cookie.
What am I missing?
Old question, but I just ran into this and discovered the issue.
If you have a hostOnly cookie, do not specify the domain when you modify/expire it.
Most cookie handling libraries will auto-specify the domain if one is not provided, making it difficult, if not impossible, to edit a hostOnly cookie.
I think there's a problem with how you're setting the expiration. Setting cookies with JavaScript requires a UTC/GMT format for the date. See this related answer:
Which date formats can I use when specifying the expiry date when setting a cookie?
You can't actually delete a cookie via javascript. What you do is set the existing cookie to expire and then allow the browser to handle its destruction. If you check the jquery-cookie source you can see that it actually has a function to destroy cookies that you could use here to simplify things.
The simple answer here is to use the existing frameworks remove function.
$.removeCookie(key)

How to use Javascript to check active directory to see if a user is in a memberof a particular group?

I have at my disposal Javascript and Classic ASP. Using these two how can I check to see if a user is a member of a particular active directory group? I know VBSCRIPT has memberof function but I can only use javascript. Any help is appreciated
You'll need to ensure that your web server is set to use Windows Authentication. Then you can use Request.ServerVariables("LOGON_USER") to get the current user's domain\username.
You'll then query Active Directory using ADSI to get group membership.
Here's a link to msdn's ADSI pages. http://msdn.microsoft.com/en-us/library/aa772170%28v=vs.85%29.aspx
This page has some sample scripts (in vbscript)
As far as I know there is no possibility to access activeDirectory by using Javascript. Javascript runs within the browser - and may not access anything out of this sandbox.
In case I misunderstood your question und you ment server-side checking - use ASP functions to check for.
You might also try using Javascript to instantialte a WScript.Network object
var WshNetwork = new ActiveXObject("WScript.Network");
From there, you can get
var netWorkUserName = WshNetwork.UserName;
var netWorkDomain = WshNetwork.UserDomain;
A word of warning: I'm pretty sure this is IE only and requires security changes in IE.
You'll need AJAX and a connection to the AD using ADODB.Connection with the "ADsDSOObject" provider.
EDIT: I saw your comment above. Here's a start:
ldapCommand.CommandText = "select sn from '" & _
"LDAP://example.com/DC=example,DC=com" & _
"' WHERE samAccountName=" & "'" & username & "'"
Set ldapRecordSet = ldapCommand.Execute
ldapCommand is an ADODB.Command, and if Execute throws an error, then the user is not in the domain.

Categories

Resources