Playwright seems to default in incognito mode and I would like to disable this so that I can have cookies remain consistent when navigating different web pages.
I've scavenged the entire Playwright documentation and they state that a new browser context defaults to incognito but did not provide a way to disable this option.
Related
So now that Chrome has rolled out its newest safety measures against CSRF attacks with ensuring cookies are set w the "samesite" attribute to either lax, strict or none - is there a way to override this new behavior for specific sites? Particularly sites running on the old Azure servers which are sending me cookies without this attribute set and causing all kinds of browsing frustrations whilst using a webapp hosted there. Any ideas?
I have disabled all 3
chrome://flags/#same-site-by-default-cookies
chrome://flags/#enable-removing-all-third-party-cookies
chrome://flags/#cookies-without-same-site-must-be-secure
You don't need to changechrome://flags/#enable-removing-all-third-party-cookies, you can leave this on default. This is just controlling UI currently and does not affect site behaviour.
If you are using a managed version of Chrome, e.g. enterprise enrolled in an organisation that can apply policies, then you can make use of LegacySameSiteCookieBehaviorEnabledForDomainList to specify a list of (as the name implies) domains to retain the legacy cookie behaviour. See: https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies
Aside from that, I don't believe there's a built-in way of excluding specific sites from the new behaviour.
When I enter user id and password in netsuite every time it asks me my security questions , how can I stop this happening every time. Other people in my team are not having similar issue so I wonder what needs to be changed in my settings
*Note: I am not having administrator role
NetSuite saves a cookie in your browser in order to recognize your machine and browser the next time you log on. If it does not find this cookie it will ask a security question. There are several conditions under which this can occur:
You log on using a different machine.
You use the same machine, but a different browser.
You use 'private browsing' or 'incognito' mode.
You use a browser extension or other program which automatically deletes your browser cache, or cookies, when you exit.
You have your browser itself set to empty cache on exit. E.G.: Chrome has a setting to "Keep local data only until you quit your browser"
Anything else that might interfere with cookies.
You'll need to check which of these apply to you and act accordingly. If you're still unsure what could be causing it, you could reset your browser to defaults, or install a completely new browser and test whether it still happens with that. You may need to disable or uninstall any browser extensions too.
I am building a webapp in Laravel 4.1, and I wish to force logout on browser / tab close.
A bit like your typical bank does... You log into your online banking, close the window, then go back to the site, you need to log back in again.
I have set the following in my app/config/sessions.php
'driver' => 'file',
'lifetime' => 0,
'expire_on_close' => true,
Safari and Firefox appear to work properly, however Chrome seems to keep the session cache as valid meaning that the user is logged in when they browse to my site.
Is there any way I can force Chrome to not keep the user logged into my site? Maybe there is something I can do in htaccess or similar?
As far as I can tell, Chrome does not have a specific issue when it comes to session cookies. I just tested my own app on Firefox, Safari and Chrome and the behaviour was the same for all three.
I would recommend opening up the Developer Tools in Chrome, clicking on the "Resources" menu and checking the cookies for your site. If things are working correctly, the cookie for your site should be listed with a value of "Session" in the "Expires / Max-Age" column. If not, then your app may not be setting the cookie correctly. Or you may have an old cookie hanging around, so just delete the cookie and try again.
BTW - Laravel 4.1 overrides PHP's native session handling and does everything itself, INCLUDING garbage collection. And it gets its session lifetime value from the 'lifetime' value above. So if you stick with your current settings, you are going to end up with ALL of your logged in users being logged out every time garbage collection runs (which, by default, will be 2 in 100 requests). You should change 'lifetime' to some value like 1440. I wrote a lengthy article on this problem just today in fact:
http://yetanotherprogrammingblog.com/content/laravel-40-41-session-configuration-problem-solved
How it is possible to move cookie from one browser to another? This must be done through the browser options
It sounds like you would like to be able to set a cookie in one browser (such as Google Chrome) and be able to access it from another browser (such as IE6).
If that is the case, check out evercookie (a very beefy solution).
If you want something more lightweight, you could try Adobe Flash cookies.
An easy way to see flash cookies in action:
In one browser open a YouTube video.
Change the volume.
Open a YouTube video in another browser.
You will be able to see that the volume has been remembered between browsers.
If you're trying to manually copy cookies between browsers, this JavaScript bookmarklet may be useful - it allows you to access and modify the cookies of the current domain; this means you could run it in one browser, copy the cookies to clipboard, then run in another browser and paste.
Note that some apps may store browser-specific data (or flags) in cookies (or related components, like sessions), which may lead to strange behavior (e.g. "this-cookie-was-set-for-IE6=1, enable broken-browser-workarounds").
I use a web application that forces you to reauthenticate with the application even if you open a new browser window that shares the same session, e.g. File, New Window in Internet Explorer. I was surprised since I thought that if you opened a new browser window from File, New in both IE and Firefox (vs. starting a new browser process) that it would share the same session.
Using an Internet Explorer cookie viewer/editor, I saw no cookies for this application at all.
How do they likely implement this forced authentication scheme that seems to disallow new browser windows from continuing the session?
One common approach is to pass a session ID in the URL.
For instance, asp.net uses this approach for cookieless sesssions. URLs within the application are rewritten to contain a session ID.
there are two possibilities for this:
it's session id stored in all <a href=''> , so clicking on link automatically sends some data to server.
Same, but with POST queries (hidden form fields)