Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 07-27-2013, 08:56 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is there some way to eliminate the cookie header? I don't see the point of sending cookie values to the browser and that's the only place my password cookie shows, as the password value is blanked out when the form is submitted. I'm using YAHOO ajax for all my operations
Reply With Quote
  #12  
Old 07-27-2013, 09:37 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't get what you're asking for...
Reply With Quote
  #13  
Old 07-27-2013, 10:20 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here's what I see in my dev tool for headers when I send an ajax request

Request URL:http://xxxxxxxxxx.net/filemanager/filemanager.php
Request Method:POST
Status Code:200 OK

Request Headers
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:175
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:bb_lastvisit=1373594455; bb_lastactivity=0; bb_userid=1; bb_password=6c70309c0fasihfoaishu7aedbbdfa34cf7; bb_fe8adc6d804a36; bb_cpsession=90088ef658flaasjhaeiswhfiuhtihae61571 6573ec05172c4fc8; bb_fmsession=e14eaa1506aiueihjfoaijuwhrfiaa6597ecd 9d4cd
Host:xxxxxxxxxxx.net
Origin:http://xxxxxxxxxxxxx.net
Referer:http://xxxxxxxxxxxxx.net/filemanager/filemanager.php
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36
X-Requested-With:XMLHttpRequest

Form Data
securitytoken:1374966662-571d23q5rtyqo3uiht70d396a2423a97095dc88b
adminhash:7981e222c687a5780tqfju3hp095rt8c1a39795f 21
do:findfiles
dir:/home/aaaaaaaaaaaaaa/forum/admincp


Response Headers
Cache-Controlrivate, post-check=0, pre-check=0, max-age=0
Connection:Close
Content-Type:text/xml; charset=windows-1252
Date:Sat, 27 Jul 2013 23:11:25 GMT
Expires:0
Pragma:no-cache
Server:Apache/stuff stuff stuff
Transfer-Encoding:chunked
X-Powered-By:PHP/5.3.18

Same kind of thing when you go to a page. All the cookies are listed in the request header
Reply With Quote
  #14  
Old 07-27-2013, 11:43 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, stating the obvious, that is how cookies are supposed to work - they get sent when the domain and path of the request match. There is a "secure" attribute that is supposed to send the cookies only if you're on a secure server, so maybe if you set that it will work like you want (unless it also disallows JS access because the page wasn't loaded via a secure server).
Reply With Quote
  #15  
Old 07-28-2013, 12:09 AM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Tried setting secure=true and it created a cookie but the JS can't read it.

There ought to be some way for a script to make a browser store something that is read only by JS and never by the server scripting, but I know only of cookies and passwords and they are interceptable.
Reply With Quote
  #16  
Old 07-28-2013, 12:50 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

why can't the server read it?
Reply With Quote
  #17  
Old 07-28-2013, 01:10 AM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The server doesn't need it (but I suppose all cookies are read anyway). I want this stored on the browser and used only on the browser so it can't be intercepted.

I'll be the first to say I don't know much about all this but I would sure like to avoid having information that others can intercept.
Reply With Quote
  #18  
Old 07-28-2013, 04:22 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I guess I just don't get it, its going to be sent to the server anyway.

You could try local storage available in modern browsers.
Reply With Quote
  #19  
Old 07-28-2013, 05:32 AM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Seems to do it

Code:
var password = fetch_object('fm_login_password');
if(typeof localStorage == 'object'){
	window.onload = function(){		
		setTimeout("if(PassWord = localStorage.getItem('fmpassword')) {password.value = PassWord; password.focus();}", 100)
	}
	password.form.onsubmit = function() {
		localStorage.setItem('fmpassword', password.value);
	}
} else {
	password.value = '';
}
Thanks
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:28 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04420 seconds
  • Memory Usage 2,238KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete