Category Archives: cookies

EU Cookie Law: Block Cookies set by a specific JS File?

i try to block / disable only cookies set by an specific JS File. In my Case the file is.

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

I don't want to block the hole file, i only want to block cookies that are set by these file.

I test Cookie blocking by unset the header in .httacces, but it didn't work.

<IfModule mod_headers.c>
RequestHeader unset Cookie
Header unset Cookie
Header unset Set-Cookie
</IfModule>

I want the file to load normally, but without permission to create cookies.

If Cookies are not allowed in the Browser Software, Adsense is showing ads normaly, but don't load cookies. So why to ask user permission and after that load the adsense script? Wouldn't it be better to block all Cookies generaly or only for that special file. So you don't need a Cookie permission.

Cookie Consent Plugins like these block the hole Script and reenable it after Cookie Permission.

https://cookieconsent.insites.com/documentation/disabling-cookies/

But that is a big Problem, because you lose Money. It makes no sence.

Example (Not a good solution, Because blocked on Pageview and only load after user permission)

<script **type="text/plain"** class="cc-onconsent-inline-advertising">
google_ad_client = "ca-pub-0000000000000000";
google_ad_slot = "0000000000";
google_ad_width = 728;
google_ad_height = 90;
</script>
<script type="text/plain" class="cc-onconsent-inline-advertising"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

Does anyone have an idea how to block cookies from an JS File with Jquery, Javascript, per PHP or htacess?

php or html or java or something to destory folders after 1h

I have a question for you..

I have a website and when a player connect to my website will be generated a folder with website because for every player is unique / personal or something like that.. nvm and i want but idk if exist.. after a player join the website and automatic make a folder for him.. that folder to have a script or something like this to delete the folder after 1hour for example.

short version: is generate a new folder and after idk 1 hour the folder to be delete. i read something but idk what to try.. im newbie on everything..

PS: i have the script with generate the folder. i just need the script with detroy / delete the folder after 1hour for exmaple after is generated.

VAADIN: COOKIES DISABLED with Apache

Having a VAADIN web-app 7.6.2

When web-app is deployed on Tomcat http : //localhost:8080/webapp_name/
Every thing works fine.

Even when deploying it to http: //localhost:8080/webapp_name/UI/
by configuration:
@WebServlet(urlPatterns = {"/UI/", "/VAADIN/"}, name = "", asyncSupported = true)
Every thing works fine.

But wen adding the Web-Server Apache and redirecting
http: //localhost:8080/webapp_name/UI/
to
http: //my_appserver.domain.de/

It returns COOKIES DISABLED

Apache config:
ProxyPass /VAADIN/ ajp://127.0.0.1:8009/webapp_name/VAADIN/
ProxyPass / ajp://127.0.0.1:8009/webapp_name/UI/
ProxyPassReverseCookiePath /webapp_name/UI/ /
ProxyPassReverseCookiePath /webapp_name/VAADIN/ /VAADIN/

How can one solve this?

Why does JavaScript’s document.cookie require a web server? [duplicate]

This question already has an answer here:

'document.cookie' in JavaScript does not work without a web server. Using the protocol for local file-access 'document.cookie' will always contain an empty string.

Please see the accepted answer in this StackOverflow Question!

As far as I know are cookies text-files stored in some sub-directory of the particular used browser. Containing key-value pairs.

So, after setting a cookie it should be there on the client-side.

Why has a web server to be involved?

I have made myself this demo:

writeMessage(); // Call the function when page is loaded. => No cookie there.

function writeMessage() {
  var message;

  document.cookie.indexOf('foo') === -1 ?
    message = 'Cookie does not exist.' :
    message = 'Cookie is there!';

  document.querySelector('div').innerHTML = message
}

document.querySelector('button').addEventListener('click', () => {
  document.cookie = "foo=bar";
  writeMessage(); // Call the function again when the cookie has been set.
});
<div class="message"></div>
<button>Set Cookie</button>

When the button is clicked then the cookie is set.

Then the function checks if a cookie exists. It finds that this is true and shows the according message.

!! There haven't been a second request to the web server !!

So why doesn't work cookies when using file URI scheme for accessing the page?

Session cookies working on all subdomains

i have my site set up like this:

RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteCond %{HTTP_HOST} ([^.]+)\.example\.com [NC]
RewriteRule ^/?$ /user/profile.php?name=%1 [L]

what this does is if user visits: test.example.com, it will show contents of folder: example.com/user/profile.php?name=test. if someone goes to lol.example.com, it will show page: example.com/user/profile.php?name=lol


Question 1:

right now, I have a problem with it. if i go to test.example.com/login, it will show my domain root file. how can i make it so that it will show things from /user folder? for example: test.example.com/login will show example.com/user/login and test.example.com/register will show example.com/user/register?

Question 2: SOLVED

right now if i log in on the subdomain, the session cookie (PHP) is only set for the subdomain. how can i make the cookies work for the whole site with (example.com) domain?

thanks

UPDATE: for example: test.example.com/pathtofile should get the contents of example.com/user/pathtofile. "pathtofile" should be dynamic. i just want the path to look in the folder /user, not the root folder.

Apache mod-headers – keep only specific cookies

I am trying to use a "RequestHeader edit" directive to manipulate the "Cookie" header and only keep a specific set of cookies from that header.

RequestHeader edit Cookie "PATTERN TO REMOVE ALL COOKIES DESPITE OF .." ""

Incoming

someCookie=someValue; anotherCookie=yada61; cookieToKeep-1=myValue; cookieToKeep-2=myValue2; lastCookie=yada1

To keep

cookieToKeep-1=myValue; cookieToKeep-2=myValue2;

Goal is to remove all cookies but any cookie that starts with "cookieToKeep-".

I found that Pattern (CookieToKeep-\d=(([\w]*;)|[^\s]+)) gives me all matches for the cookies I need, but I need the negative of this pattern.

Apache mod_form mod_authnz_ldap authentication session cookie decryption

I am working with Apache web server to protect few static pages in my site with HTTP authentication using mod_form and mod_authnz_ldap and mod_session . Following is the httpd.conf and .htaccess being used :

.htaccess

AuthType form
AuthName "Use your company login"
AuthFormProvider ldap
AuthLDAPURL "ldap://ldap.company.com/dc=company,dc=com?uid?sub"
AuthLDAPBindDN "[email protected]"
AuthLDAPBindPassword XXXXXXXXXXXXXXX
Require valid-user
AuthFormLoginRequiredLocation "/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase Web$iteS3cret
LDAPReferrals off

httpd.conf

<Location "/login">
    SetHandler form-login-handler
    AuthFormLoginRequiredLocation "/login.html"
    AuthFormLoginSuccessLocation "/test_dir/index.html"
    AuthName "Use your Company login"
    AuthLDAPURL "ldap://ldap.company.com/dc=company,dc=com?uid?sub"
    AuthFormProvider ldap
    AuthLDAPBindDN "[email protected]"
    AuthLDAPBindPassword XXXXXXXXXXXXXXXXX
    Require valid-user
    AuthType form
    LDAPReferrals off
    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase Web$iteS3cret
</Location>

Before adding "SessionCryptoPassphrase" to the configuration , valid login was creating a cookie named "session" with username and password in readable format . As per suggestion in apache docs added SessionCryptoPassphrase to encrypt the cookie string . I need to integrate this front-end with back-end API and have to send this cookie string as well .

Facing difficult in decrypting this cookie string .Have googled and found a few script but they are not returning expected results . As per apache docs aes256 is used for encryption , please help with algorithm to decrypt this string so that i can retrieve username and password .

Multisite Domain Mapping wp-admin login loop

I am trying to setup my multitsite with unique domains for each site. What Ive been trying: create the multisite with the specified config an .htaccess create sites (tried sub-domain & directory) test the sites work (they do) change the Site Address (URL) to the needed domain test the domain works perfect test the wp-admin dashboard this then starts the reauth login loop

if I login to the reauth link im stuck in the loop, if I change the url to wp-login then the correct cookie is created and login works until the cookie expires.

I have tried every proposed fix I have found in a whole weekend of searching: define( 'COOKIE_DOMAIN', $_SERVER[ 'HTTP_HOST' ] );, define( 'COOKIE_DOMAIN', '' ); and many many more none of them make any difference.

Only theme is 2016, no plugins etc etc

The problem is obviously cookies but I don’t know where to start, to see why.

Htaccess HTTP:Accept-Language+cookie

Here is the part of my .htaccess for browser language detection.

RewriteCond %{HTTP:Accept-Language} ^de [NC] <br/>
RewriteRule ^$ /de/ [L,R=301]<br/>
RewriteCond %{HTTP:Accept-Language} ^fr [NC]<br/>
RewriteRule ^$ /fr/ [L,R=301]<br/>

I'm trying to a site to have language detection via the browser, but to also allow for a cookie to take priority over the automatic detection.

I'm still new at complex .htaccess rules, so I'm hoping for some help here. I don't know any php really though, so I'm hoping to avoid it.

This is what I'm looking to do:

I have 3 language options: german (de), english(en),french(fr) and the main site in english (en) They correspond to: www.site.com/de/, www.site.com/, and www.site.com/fr/

Check if a language cookie has been set 1a) If set, redirect visitor to corresponding language directory. If no cookie has been set:
2a) Detect browser language and set language cookie (or default to english)
2b) Redirect visitor to corresponding directory.
If user switches language via site language selection, update cookie.
Is something like this possible? Are there limitations to trying to do it this way?

How to check if a cookie is present in order to allow the user to continue an image?

I need to restrict access to profile images only to logged in users. I've been reading some posts about how to do that, but didn't find examples that let me understand how to do it. Maybe I just didn't understand because I don't know much about .htaccess rules.

I've tried:

order allow, deny
deny from all

But it denies access to all (dóh), including myself. I cannot use IP addresses.

I don't use sessions ID's in the URLs, but I check for the logged in users with a php script (the same that generates the session in the first place, when the user logs in).

So I thought that maybe I could implement a cookie check?

I'm not using cookies at the moment, but I could create a cookie every time the user logs in, and destroy it when the user logs out. So my questions are:

Is the cookie-check a safe enough, performant option?

If it is, how may I do that check?

I've come so far to understand this:

 RewriteEngine On
 RewriteBase /

 # search for image files
 RewriteCond %{REQUEST_FILENAME} ^.*(jpg|jpeg|png|gif)$
 # look for my cookie
 RewriteCond %{HTTP_COOKIE} !^.mycookie.$ [NC] 

How to check if the cookie is present then allow to continue to the image?

Please note that the images are shown embedded in my site inside each profile .php file.

Thank for your help!