Is possible to detect Google cookies and sessions from browser to warn user that logout from his account?
I need detect it by my site.(PHP or JavaScript)
Use document.cookieto get current cookies. You can't access outside cookies.
Related
As we know when we login to a system, they creates some type of sessions or cookies to keep track which user is logged in and further processing is based on sessionid or cookies.
Is it possible to get the session or cookies from virtual server and access website from some other location or browsers?
For example :- I have login credentials of a website abc.com, I logged in that website on remote server and get the sessionid or cookies created by website on remote server browser.
Next based on that sessionid or cookies without login to abc.com again I can access the whole features? Is it possible or not? If yes then how?
may be some type of session hijacking?
Note: I don't need it for hacking purpose.:)
thanks in advance.
I created a gmail account a while ago . But I forgot my password . However , my firefox browser allows me to login because my login info is stored in cookie .
I want to be able to login to my account from other browsers .
Is there any way i could get that login information from the coockies in firefox
Thanks
Cookies should never be used for storing any login credentials. That cookie probably contains some session information that is checked on server side.
You can't extract your username and password from the cookie.
If your only object is to use the cookie to login from different browsers, you can use one of many addons designed for Firefox or Chrome to transfer the cookie and use it to login.
I'm working on an OS X app where the user can connect to its accounts on different external services (in OAuth).
To do so, I need to open a page of my API (a Rails app) in a Webview, which will redirect the user to the service to connect. At the end of the process, the user will be redirected again on my API, which will tell him if the connection has worked fine or not.
Therefore, the user needs to be authenticated on my API, both before and after the OAuth process on the external service website.
When I open the Webview, the user is authenticated thanks to an access token as a parameter of the url, and the redirection to the external service works fine.
But very often, when the user is redirected on my API after the connection, he is not authenticated anymore (but sometimes it works).
When I check the existing cookies for my app through
[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:]
I do have a session cookie for my API:
<NSHTTPCookie version:0 name:"_..._api_session" value:... expiresDate:(null) created:2014-02-12 19:16:00 +0000 (4.13925e+08) sessionOnly:TRUE domain:... path:"/" isSecure:FALSE>
It just doesn't seem to be sufficient to keep the user authenticated.
Where this can come from?
It somehow seems to be related to the Webview, because when I do this whole process by sending the user to an external browser, it works fine.
Does the Webview have a specific way to handle session cookies?
I don't know if I'm being specific enough, please ask if you want other details.
I finally found out what the problem was.
My app communicates with my API through a permanent sync process, and needs to be authenticated with an access_token. I use AFNetworking for that, which creates a session cookie in the app container.
When I authenticate again in the Webview, it also creates a cookie session. Somehow, the cookies are in conflict and break the session.
I just told AFNetworking not to use cookies to avoid that, and it worked.
Using Forms Authentication in ASP.Net MVC 3, it appears that the login cookie is cross-browser. When a user logs in in IE and then opens the site in Chrome, for example, they are already logged in. When they logout in Chrome and then refresh the page in IE, they have been logged out there as well.
Is this correct or am I moy loco?
How does this work? I didn't think browsers used a common cache for cookies.
They don't share cookies. Something else is going on. The logout can be explained in the way the server handles logouts though. If your server has a single cookie that is then invalidated all logins across all sessions will be invalidated making them all log in again.
I know there is the offline_permission option, but is there a way to keep the Facebook session alive?
Facebook generates the session from the stored cookie, so I am not sure, if a periodical API request renews the session.
The offline_access extended permission keeps the token you receive alive. Checkout the documentation at: http://developers.facebook.com/docs/reference/api/permissions/
Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
You don't need to make repeat calls to keep the token active, you can just store it and use it as needed. Here's an answer that describes how to use the token with the PHP SDK: How to login with OFFLINE_ACCESS using the new Facebook PHP SDK 3.0.0?