I created a gmail account a while ago . But I forgot my password . However , my firefox browser allows me to login because my login info is stored in cookie .
I want to be able to login to my account from other browsers .
Is there any way i could get that login information from the coockies in firefox
Thanks
Cookies should never be used for storing any login credentials. That cookie probably contains some session information that is checked on server side.
You can't extract your username and password from the cookie.
If your only object is to use the cookie to login from different browsers, you can use one of many addons designed for Firefox or Chrome to transfer the cookie and use it to login.
Related
Have the below route defined in web.php Testing Using laravel 5.5 in my local mac laptop withvalet
Route::get('/cart/add', function () {
// Only authenticated users may enter...
return "hello owlrd123";
})->middleware('auth.basic');
First time when I hit the url http://eshop.dev/cart/add it prompts for username and password. When i enter the valid credentials it displays the message "hello owlrd123". Cleared the cookie & session(laravel_session,XSRF-TOKEN) in chrome and when i hit the url again it doesnt prompt for credential it directly displays the message "hello owlrd123". How does it remembers the session? I dont want it to remember the session.
You are using auth.basic, there is no proper way of logging out with Basic Authentication, it was simply not designed to handle logging out.
There are some ways in which you could invalidate basic auth, but none are proper fixes.
Closing browser completely
Pop up another auth window and send a 401
See these answers for more info:
- How to log out user from web site using BASIC authentication?
- How to logout user for basic HTTP authentication
Main question is:
Why are you using basic auth instead of cookies for this?
As we know when we login to a system, they creates some type of sessions or cookies to keep track which user is logged in and further processing is based on sessionid or cookies.
Is it possible to get the session or cookies from virtual server and access website from some other location or browsers?
For example :- I have login credentials of a website abc.com, I logged in that website on remote server and get the sessionid or cookies created by website on remote server browser.
Next based on that sessionid or cookies without login to abc.com again I can access the whole features? Is it possible or not? If yes then how?
may be some type of session hijacking?
Note: I don't need it for hacking purpose.:)
thanks in advance.
I have stored the login detials into a cache file by using these lines in the login process.
intel.xdk.cache.setCookie("userid",username,50);
intel.xdk.cache.setCookie("password",password,50);
I want the app to remember credentials so I thought somehow I have to get them while in init-app.js file and forward to content page .
Which method should I use to forward to specific page in js by passing the index.html page?
And is this the appropriate way to do cache authentication?
Instead use localStorage.setItem("password", password); and retrieve it using localStorage.getItem("password");
Don't store passwords in localstorage. What i do,
User authenticates using username and password from app
Server authenticates the request and sends a token (Json Web Token) which is then stored in localStorage
The app will then query the User's profile using the token
Is possible to detect Google cookies and sessions from browser to warn user that logout from his account?
I need detect it by my site.(PHP or JavaScript)
Use document.cookieto get current cookies. You can't access outside cookies.
After the username password login form is submitted (presumably with some kind of encryption through https) how does the server maintain the information that the user is logged in?
The user submits the login form and the server authenticates the user and returns a page. But when the user clicks on a link on that page how does the server know the request it is receiving is coming from someone who is authenticated and therefore the server knows its safe to send the html for that new page.
The act of logging on will usually result in the browser getting a session cookie passed back. It's this cookie that the server uses to identify which session (if any) belongs to the user.
If cookies are disabled on the clients browser, most web programming frameworks will cope by sticking a session ID onto the URL.
the username and some flag like is_logged are stored in the session.
on any page you should check those variables from the current session.
on logout you clean the session or destroy it, thus your protected page is in accessible.
good luck
Arman