set_cookie adds point

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

set_cookie adds point

Postby Albus » Thu Sep 27, 2018 7:39 am

In our application we use cookies for authentication. We use the global cookie manager to set a cookie with the respective domain, for example "server.domain.de". Now, however, I have noticed that this cookie arrives in the chromium as ".server.domain.de", with a dot in front of it. While this basically works for authentication, there are problems if this cookie is to be overwritten by the web server. If the web server wants to overwrite the cookie, it does not use a dot. This ultimately gives us two cookies with the same name, which results in authentication errors.
My question now: How can I configure the Global Cookie Manager not to place a dot in front of the domain?

I pass this data to the cookie manager:

url = "https://server.domain.de/some/path"
name = "AuthSessionId"
value = "..."
domain = "server.domain.de"
path = "/"
secure = true (also tried with false)
httponly = true (also tried with false)
creation = (Now)
last_access = (Now)
has_expires = false
expires = (not set)

Also tried it with expire date:
has_expires = true
expires = (Now + 2 days)

I'm using the Delphi implementation CEF4Delphi for using chromium embedded framework. CEF4Delphi passes the domain correctly to the global cookie manager.
Albus
Techie
 
Posts: 11
Joined: Thu Mar 22, 2018 2:56 am
Location: Germany

Re: set_cookie adds point

Postby magreenblatt » Thu Sep 27, 2018 9:21 am

magreenblatt
Site Admin
 
Posts: 10188
Joined: Fri May 29, 2009 6:57 pm

Re: set_cookie adds point

Postby Albus » Mon Oct 01, 2018 2:15 am

I know what the difference is between these two guys. My problem is that I HAVE to set a cookie WITHOUT the dot, but Cef won't let me. Cef simply adds a dot to the domain on his own authority. And that's why we have serious problems. And since the Cookie Manager is browser independent, you can't leave the domain empty, because it can't be set automatically.
Albus
Techie
 
Posts: 11
Joined: Thu Mar 22, 2018 2:56 am
Location: Germany

Re: set_cookie adds point

Postby Czarek » Mon Oct 01, 2018 3:10 am

CEF documentation states clearly that you can set an empty domain, you just have to READ IT.
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. I'm available for contract work, see my resume.
User avatar
Czarek
Virtuoso
 
Posts: 1869
Joined: Sun Nov 06, 2011 2:12 am

Re: set_cookie adds point

Postby magreenblatt » Mon Oct 01, 2018 3:19 am

If you set |CefCookie.domain| then you will get a domain cookie (with the dot). Otherwise you will get a host cookie and the host value will be extracted from the |url| parameter passed to CookieManager::SetCookie.
magreenblatt
Site Admin
 
Posts: 10188
Joined: Fri May 29, 2009 6:57 pm

Re: set_cookie adds point

Postby Albus » Mon Oct 01, 2018 5:54 am

magreenblatt wrote:If you set |CefCookie.domain| then you will get a domain cookie (with the dot). Otherwise you will get a host cookie and the host value will be extracted from the |url| parameter passed to CookieManager::SetCookie.

Thank you, this worked fine.

Czarek wrote:CEF documentation states clearly that you can set an empty domain, you just have to READ IT.

I think it is a (bad) development of modern times that a developer no longer looks at the documentation. (Which of course shouldn't be the case).

Sorry if my last answer was a little aggressive.
Albus
Techie
 
Posts: 11
Joined: Thu Mar 22, 2018 2:56 am
Location: Germany

Re: set_cookie adds point

Postby vmas » Wed Jul 08, 2020 3:27 am

This behavior looks strange. For example, in CefCookieVisitor.Visit the |CefCookie.domain| is always filled, and if you use these cookies to set in a different context, you will get a different result.
Maintainer of the CefNet project.
vmas
Techie
 
Posts: 10
Joined: Mon Feb 24, 2020 4:03 am


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 43 guests