Is there any other method to send a post request without using the Navigate function. In some instances I need to able to send a post request to update some data but I don't want the browser to navigate to the php page.
I used HttpWebRequest to Post data, to Login to a site and copy the cookies into a cookiecontainer
Then before going into a Authorized page via GeckoFX I copied over the cookies from the cookiecontainer over to GeckoFX.
For Each cook As Net.Cookie In CookieContainer.GetCookies(New Uri(url))
Gecko.CookieManager.Add("www.example.com", "/", cook.Name, cook.Value, False, True, False, DateTimeToUnixTime(DateTime.Now.AddDays(10)))
Next
Related
I have sessions enabled in Django to use Django's authentication framework.
From a html page served by Django, and after authenticating as a user with sufficient permissions, I'm trying to send a PATCH request via JQuery's ajax() function, and I'm getting HTTP 403 errors with the response detail CSRF Failed: CSRF token missing or incorrect.
What I've done so far:
I'm including the correct csrf token in the X-CSRF-TOKEN header field.
I've set SESSION_COOKIE_HTTPONLY = False.
The cookie sent in the ajax request includes the sessionid. If I get rid of this sessionid, the request succeeds.To do so, I either delete the session cookies in the browser or edit the PATCH request in the browser's developer tools and resend it with the sessionid deleted from the Cookie header field. Obviously I need to re-login as soon as I refresh the page, but in the meantime, I can PATCH to my heart's content.
So far I couldn't find out why the presence of the sessionid cookie makes Django deny the request.
I'm using Tornado to build a web server and Now I'm coding the login module: after doing login, user can send a message to the server.
My idea is as below:
When the user login successfully, the server will set a secure cookie: self.set_secure_cookie("user", username, expires=time.time() + 60).
Then when the user sends a message to the server, the request should contain the cookie that the server just set to tell the server the identity of the user. If there is no cookie in the request, the server will redirect to the login page.
Now the problem is: the server can't get any cookie.
Login:
You can see that a cookie is set when user does login.
Then the browser tries to send a message to the server with ajax:
url: 'http://www.example.com/addcomment',
method: post,
crossDomain: true,
data: message,
processData: false,
cache: false
However, when the server tried to self.get_secure_cookie("user"), it gets a None, which means that the request doesn't send any cookie to the server.
I also add
xhrFields: {
withCredentials: true
},
to the ajax but it doesn't work either.
If ajax can't send any cookie to the server, how could I use the secure cookies of Tornado?
well,after set cookie you can redirect to visit_page_url
self.set_secure_cookie
self.redirect(visit_page_url)
if you via chrome check redirect network request headers,you will find like this have Cookie field:
We have a Node.js application that invokes a Spring controller. For a PoC purpose, I am creating the cookie in the Spring controller before returning the JSON response to the Node.js application.
Cookie cookie = new Cookie("myCookie", "myCookieValue");
response.addCookie(cookie);
I had my Firebug console open to see if the cookies created in server side are visible but, unfortunately i did not see them.
Also, on the 2nd submit, i tried reading the cookies using request.getCookies() but this is also giving me NULL.
Are the cookies not being received by the browser because it is a
Ajax/JSON request-response ?
How does browser send back cookie to the server during post requests. How is this different than the form data that is sent during a post ?
Also are the values of cookies for a particular domain automatically sent back to the domain for all its subsequent requests ?
Thanks,
Murtaza
There is no different between how cookies are sent for GET and POST requests.
Form data is data such as fields from an HTML Form, eg. name, username, file, etc...
Any cookies sent back in a response from a domain will be sent back to the server in subsequent requests. This is true in web browsers at least, if you are doing this in code, you might have to write additional code to handle cookies.
This should work for AJAX calls made by your browser as well as full pages. Every request, be it full pages, images or AJAX calls will have the Cookies attached if they are going to an appropriate domain and path.
These primers on cookies and HTTP POST would be useful:
http://en.wikipedia.org/wiki/HTTP_cookie
http://en.wikipedia.org/wiki/POST_(HTTP)
I'm working on a mobile web-app using sencha touch, HTML5 and phonegap as a wrapper.
I'm using PHP-Authentication (Cookie) and ajax-requests. Everything works fine on safari or chrome, but after the deployment with phonegap (webview) it does't work anymore...
Any help would be appreciated :)
Some more details:
All data for my app is loaded via ajax requests to my server component "mobile.php".
I use basic PHP-Auth to autenticate the user:
AJAX-Request [username, password] -> mobile.php
-> Session established (cookie)
All other requests if auth was successful
What's the difference between a normal safari website and the webview?
i figured it out:
you have to change the phonegap_delegate.m file and add the following to the init method:
- (id) init
{
/** If you need to do any extra app-specific initialization, you can do it here
* -jm
**/
//special setting to accept cookies via ajax-request
NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage
sharedHTTPCookieStorage];
[cookieStorage setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
return [super init];
}
it enables webview to accept cookies from ajax requests
If your Phonegap AJAX requests are not firing callbacks like they're supposed to, this may be the reason.
If the response you're getting attempts to set cookies and you haven't done Michael's fix then your (jquery) AJAX request will fail quietly -- neither success: nor error: callbacks will fire despite the fact that the server actually received the request and sent a response. It appears you must do this even if you don't care about the cookies.
I hope this helps someone.
I didn't care about the cookies but just spent a few hours trying to figure out why the callbacks didn't fire!
There is a solution that works on android too:
Install plugin https://github.com/wymsee/cordova-HTTP to perform arbitrary HTTP(S) requests.
Replace XMLHttpRequest with the plugin alternative (cordovaHTTP.get or cordovaHTTP.post):
cordovaHTTP.post("https://example.com/login", {email: 'xyz#example.com', passwd: "s3cr3t"}, {}, function(response) {
console.log('success');
console.log(response);
}, function(response) {
console.log('failure');
console.log(response);
});
The response will contain status, data and response.headers["Set-Cookie"], that can be parsed for name, value, domain, path and even HttpOnly flags ;-)
Said cookie can be saved in LocalStorage and sent in subsequent requests (see cordovaHTTP.setHeader() or header parameter of .get/.post methods) to simulate an authenticated user on a desktop browser.
Best ways to store get and delete cookie its working fine in my app which is on live
To store value in cookie
window.localStorage.setItem("key", "value");
To Get value in cookie
var value = window.localStorage.getItem("key");
To Delete cookie value
window.localStorage.removeItem("key");
window.localStorage.clear();