Results 1 to 9 of 9
Thread: Cookies and HTML
-
03-28-2018, 10:00 PM #1
Cookies and HTML
I have a script that generates a meta tag to set a cookie and remember the cart for the user. Chrome (and possibly FF in the near future) has decided that this practice isn't secure and quietly fails the script with this in the console:
Code:[Deprecation] Setting cookies via `<meta http-equiv='Set-Cookie' ...>` no longer works, as of M65. Consider switching to `document.cookie = ...`, or to `Set-Cookie` HTTP headers instead.
Your one stop shop for decentralization
-
04-10-2018, 01:23 AM #2Junior Guru Wannabe
- Join Date
- Apr 2018
- Location
- Passau, Germany
- Posts
- 33
-
04-10-2018, 04:25 AM #3Junior Guru Wannabe
- Join Date
- Sep 2017
- Location
- Lithuania
- Posts
- 85
If you don't want to use PHP/HTTP headers to create cookies, you can easily replicate meta tag by using JS - https://www.w3schools.com/js/js_cookies.asp
-
04-10-2018, 07:13 AM #4
-
04-10-2018, 07:57 AM #5Junior Guru Wannabe
- Join Date
- Sep 2017
- Location
- Lithuania
- Posts
- 85
-
04-10-2018, 08:51 AM #6Junior Guru
- Join Date
- Mar 2014
- Location
- United States
- Posts
- 206
From what I'm looking at, set-cookie can only be set via http-headers, which means it needs to be set before the HTML page loads. My guess is http-equiv was dissabled to stop people from being able to use XSS to set a cookie. There are 2 basic options.
1) use PHP or PERL or something to do set.cookie and modify the HTML header.
2) use Javascript document.cookie (should be only 2 or so lines of code if that) to set the cookie.
3) A purely hypothetical third option... Use .htaccess and mod_rewrite to manipulate cookie content? - https://www.askapache.com/htaccess/h...h/#modrewrite2
-REPlummerQuick and Easy Servers - QnEZ - 732-907-9030 - replummer@qnez.net
DirectAdmin based hosting solutions and Cloud VPS - Registered Softaculous NOC
-
04-10-2018, 08:52 AM #7Junior Guru Wannabe
- Join Date
- Apr 2018
- Location
- Passau, Germany
- Posts
- 33
You should be able to set headers over the webserver engine.
In Apache something like that should work:
Code:Header set Set-Cookie "cookie_name=Foobar; path=/; Secure; HttpOnly;"
Code:Header append Set-Cookie "cookie_name=Foobar; path=/; Secure; HttpOnly;"
-
04-10-2018, 09:02 AM #8
Correct.
As this involves PERL shopping cart, that would be what I need. As it is now that cart prints the META to the pages, so a method that I could use to replace that would be ideal. I'm not very good with PERL. Here's one of several lines in the script:
Code:if(($cf{'use_cookies'} eq "yes")&&($line =~ /<\/head>/i)){ my($metaCookie) = "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"cart_id=$cart_id; path=\/;\">\n"; $metaCookie .= "</head>"; $line =~ s/<\/head>/$metaCookie/ig; }
Your one stop shop for decentralization
-
04-10-2018, 09:15 AM #9Junior Guru Wannabe
- Join Date
- Apr 2018
- Location
- Passau, Germany
- Posts
- 33
Must be years since I used Perl the last time but could you try replacing the code with this code?
Code:if(($cf{'use_cookies'} eq "yes")&&($line =~ /<\/head>/i)) { #my($metaCookie) = "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"cart_id=$cart_id; path=\/;\">\n"; #$metaCookie .= "</head>"; #$line =~ s/<\/head>/$metaCookie/ig; new CGI::Cookie(-name=>'cart_id',-value=>$cart_id); }
Code:use CGI::Cookie;
Similar Threads
-
Need two basic PSD files sliced and HTML'ized
By lotuslnd in forum Employment / Job OffersReplies: 11Last Post: 02-07-2003, 01:00 PM -
Cookies and View New Posts
By NxTek in forum Web Hosting LoungeReplies: 0Last Post: 02-02-2003, 11:45 AM -
How can I make .htm and .html files as server parsed, through CPanel?
By shamrock in forum Hosting Software and Control PanelsReplies: 2Last Post: 10-05-2002, 09:34 AM -
cookies and click through search engines
By tuvok in forum Hosting Security and TechnologyReplies: 1Last Post: 05-30-2002, 04:23 PM -
Image and Html Color
By MikeM in forum Hosting Software and Control PanelsReplies: 4Last Post: 06-28-2001, 02:37 PM