Comments (6)
The only way TIdCookieManager
would not save the cookie is if it has expired. Otherwise, TIdCookieManager
will look for an existing cookie with a matching Name
, Domain
, Path
, etc, and if found then remove the old cookie. Regardless, TIdCookieManager
will save the new cookie as long as it is not expired. The Path
should not be preventing a new cookie from being saved, it should only be influencing whether TIdCookieManager
sends the cookie back to the server on subsequent requests. Are you sure that is not the actual problem instead? Are you sure the cookie's Path
matches the URL(s) you are expecting it to be sent back to?
from indy.
Ok, now i see that TIdCookieManager
save all Cookies, but i still don't understand why
with ACookie.Path := '/';
load correct page
dest: https://login.autobid.de/auth?response_type=code&redirect_uri=https%3A%2F%2Fautobid.de%2F%3Faction%3Dauth%26show%3Dverify&client_id=premium&nonce=a1b6270f1622d107405be1b2f2628276&state=57d01baea68b35ea0ba3d5784edd718e&scope=openid - NumRedirect: 1 - VMethod:GET
dest: /interaction/18890697-d876-4c1a-a9c4-1d655df5de17 - NumRedirect: 2 - VMethod:GET
4 Cookies:
tokenpremium=uioo5rtao3qi0ntl8640038qiv; Path=/; Domain=autobid.de; HttpOnly; Max-Age=251704105579; Expires=Fri, 31-Dec-9999 22:59:59 GMT
amNewPopupHashes=YToyOntzOjc6ImJyb3dzZXIiO3M6NDA6ImQ4ZjQ4Nzc4NWI3NzVkNzk0MmVlNzkyYzBmNDFlYzZiYzdiOGQ3YmYiO3M6NDoidXNlciI7Tjt9; Path=/; Domain=autobid.de; HttpOnly; Max-Age=15551999; Expires=Sun, 21-Apr-2024 22:53:40 GMT
_grant=18890697-d876-4c1a-a9c4-1d655df5de17; Path=/; Domain=login.autobid.de; HttpOnly; Max-Age=900; Expires=Tue, 24-Oct-2023 23:08:41 GMT
_grant.sig=gOiNjXEd-p5Ll71dh57RBrNMtzI; Path=/; Domain=login.autobid.de; HttpOnly; Max-Age=900; Expires=Tue, 24-Oct-2023 23:08:41 GMT
and without ACookie.Path := '/';
send back to main page with message no cookies are found
dest: https://login.autobid.de/auth?response_type=code&redirect_uri=https%3A%2F%2Fautobid.de%2F%3Faction%3Dauth%26show%3Dverify&client_id=premium&nonce=f0b249a0630d070bedc664b1c5c9fc7a&state=bcd39b6c318fcd481806077fa74ade89&scope=openid - NumRedirect: 1 - VMethod:GET
dest: /interaction/fab23be0-c927-4c93-b5ed-09d0e34feca9 - NumRedirect: 2 - VMethod:GET
dest: https://autobid.de/#login/session/interaction%20session%20id%20cookie%20not%20found - NumRedirect: 3 - VMethod:GET
6 Cookies:
tokenpremium=v3u0mjj70fds8o4o4m1usulrm0; Path=/; Domain=autobid.de; HttpOnly; Max-Age=251704105212; Expires=Fri, 31-Dec-9999 22:59:59 GMT
_grant=fab23be0-c927-4c93-b5ed-09d0e34feca9; Path=/interaction/fab23be0-c927-4c93-b5ed-09d0e34feca9; Domain=login.autobid.de; HttpOnly; Max-Age=899; Expires=Tue, 24-Oct-2023 23:14:47 GMT
_grant.sig=qaYAieoN-JAxD5DF2BHIsLXvqkY; Path=/interaction/fab23be0-c927-4c93-b5ed-09d0e34feca9; Domain=login.autobid.de; HttpOnly; Max-Age=899; Expires=Tue, 24-Oct-2023 23:14:47 GMT
_grant=fab23be0-c927-4c93-b5ed-09d0e34feca9; Path=/auth/fab23be0-c927-4c93-b5ed-09d0e34feca9; Domain=login.autobid.de; HttpOnly; Max-Age=899; Expires=Tue, 24-Oct-2023 23:14:47 GMT
_grant.sig=qaYAieoN-JAxD5DF2BHIsLXvqkY; Path=/auth/fab23be0-c927-4c93-b5ed-09d0e34feca9; Domain=login.autobid.de; HttpOnly; Max-Age=899; Expires=Tue, 24-Oct-2023 23:14:47 GMT
amNewPopupHashes=YToyOntzOjc6ImJyb3dzZXIiO3M6NDA6IjhiZTA5YThjMWI0MTVmZjc3OTZkOWYwNzZlYjgzMmY4OWQwYThlMzciO3M6NDoidXNlciI7Tjt9; Path=/; Domain=autobid.de; HttpOnly; Max-Age=15551999; Expires=Sun, 21-Apr-2024 22:59:47 GMT
P.S. cookies with path /interaction/...
and /auth/...
server send allways as expired.
from indy.
Hello Remy!
i have done several test with request for website and i find following problem :
function IsPathMatch(const AUriPath, ACookiePath: String): Boolean;
try to execute TextIsSame and its return false because
AUriPath := /interaction/
and
ACookiePath := /interaction/af822c5a-c32b-4d30-99ad-25bc97180998
normaly AUriPath should be also /interaction/af822c5a-c32b-4d30-99ad-25bc97180998.
see redirect destination : dest: /interaction/af822c5a-c32b-4d30-99ad-25bc97180998 - NumRedirect: 2 - VMethod:GET
i think
function TIdCookie.IsAllowed(AURI: TIdURI; SecureOnly: Boolean): Boolean;
function MatchesHost: Boolean;
begin
if HostOnly then begin
Result := TextIsSame(CanonicalizeHostName(AURI.Host), Domain);
end else begin
Result := IsDomainMatch(AURI.Host, Domain);
end;
end;
begin
// using the algorithm defined in RFC 6265 section 5.4...
Result := MatchesHost and IsPathMatch(AURI.Path, Path) and
((not Secure) or (Secure and SecureOnly)) and
((not HttpOnly) or (HttpOnly and IsHTTP(AURI.Protocol)));
end;
should be IsPathMatch(AURI.GetPathAndParams, Path)
in RFC 6265 you can read following rule :
* The request-uri's path path-matches the cookie's path.
in my case requested /interaction/af822c5a-c32b-4d30-99ad-25bc97180998 and not /interaction/
from indy.
Using AURI.GetPathAndParams
would be the wrong thing to use here, since a URL's query parameters are not part of its path. Besides, the URLs in question do not have query parameters anyway. You are probably thinking of AURI.Path + AURI.Document
instead of AURI.GetPathAndParams
.
But, I think you are correct, TIdCookie.IsAllowed()
, as well as GetDefaultPath()
, need to take the TIdURL.Document
into account when processing url paths. I will make that change.
from indy.
Let me know if that works.
from indy.
its works, thanks!
from indy.
Related Issues (20)
- When SSL_get_error() returns SSL_ERROR_SYSCALL, include the error from GetLastError()
- documentation can't be downloaded HOT 5
- Assume the highest supported compiler version when a new compiler is released
- CTCP PING does not return correct value HOT 6
- Update IdCustomHTTPServer responses HOT 1
- SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
- Delphi 2007 w/ Indy 10.6.2.0 Won't Compile (File not found: IdSys.dcu) HOT 2
- EConvertError in TIdX509.notBefore and TIdX509.notAfter properties for 4-digit years
- Tidtelnet.Disconnect cannot be disconnected HOT 2
- No FHeadIndex - A Bug? HOT 4
- Wont Reset Bytes - A Bug? HOT 4
- Rad Studio 12 - Settings compatible HOT 3
- idHttp - IPv6 - IPVersion-ProtocolSwitch on Redirect (HandleRedirects=true) HOT 2
- IdSSLOpenSSL - UTC_Time_Decode - convert to char should be PAnsiChar instead of PChar on Unicode - Solved HOT 1
- Delphi Athena + Indy10 + Ubuntu 22.04.4 HOT 4
- Unable to build for C++ Builder 5 HOT 16
- how to install indy10 on the latest version of Delphi? HOT 2
- no more TCP-TLS in v10.6.3.3 HOT 2
- Cannot make a linux console application with Lazarus HOT 2
- TIdIMAP4: RFC 6154: Add a version of ListMailboxes that return also the mailbox' flags HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from indy.