Reputation: 21
Cross browser cookies
I am working on an app which has a cookie login. Nothing exceptional.
But I encountered a strange behavior. I was testing some of the apps internals and for that purpose I had four different browsers open.
After cleaning the browser history, cookies and everything - when opening the first browser I was required to login. Good.
The next browser went directly to the content - and they were logged in with the same username/password combination I used to open the first browser.
I was certain that all browsers kept their own cookies.
More surprised when firefox, opera and chrome opened with the same user.
Anyone seen this before?
The browser used in this session was latetest Firefox, latest Chrome, latest Opera and not to forget lastest IE.
All executed on Win 8.1preview.
Now Opera look and feels very much like Chrome (same codebase?) but the others should definately not log me in with another browsers cookie.
Not to mention the fact that the cookie is encrypted and only the app knows how to decrypt it!
I am confused - very much confused. It should not happen!
Any ideas are welcome.
This post will be posted in other forums as well.
Thanks in advance for any light You clever people can shed on this matter.
Edit:
Just checked to see if I screwed something. These are the steps taken:
- Opened the four browsers
- Cleaned cookies and everything in all four browsers
- Opened the app's login page in all four browsers
- Using IE to login - check to save cookie.
- Refresh the login page in the other browsers
Result: Refreshing the 3 browsers revealed that they read IE's cookies for that specific hostname.
Edit
also posted @ http://forums.asp.net/p/1934186/5503683.aspx
Edit
I think I might have found a pointer but not sure what to look for. Testet on an an old asus-garmin phone with android 2.1.1. I used the phone to logon to the app and it looked an worked decent. Then I tried a new Nokia Lumia 920 and would do some app testing with windows phone 8. The Lumia is brand new and the first website I open is the app I am working on.
Imagine my surprise when the app opened with the user I had logged in with on the android phone.
The only thing common is the wireless accesspoint. The access point is a Cisco rv-220w which - to my knowledge - does not have any proxy features.
UEX Tech
Upvotes: 0
Views: 4980
Answers (2)
Reputation: 21
Thank You all for giving thoughts to this.
I have found the answer. It was bad coding on my side.
The problem arised from a user object in my code. The user object was checked in a baseclass for all pages but not compared to the cookie data.
I discovered this when on of by testers had logged on and when I opened the browser I was logged on with his credentials.
So it was not cookies but a user object which didnt verify correctly in code.
http://forums.asp.net/p/1934186/5506501.aspx
Hope others don't make the same mistake :)
Upvotes: 1
Reputation: 31
What I can suggest is to check if Flash is not storing those cookies (LSO).
http://www.abine.com/tracking.php - point 1.4
Flash cookies Live example: http://www.ts0.com/crosscookie/example.html (doesn't work on Ubuntu. Works on Windows). That what I was quickly able to check.
Maybe this is not cookies problem that are stored. Maybe site authorizes you using IP address... that of course shouldn't happen :) but...
Upvotes: 2
Related Questions
- Safari doesn't set Cookie but IE / FF does
- Javascript Cookie Script Opera Browser
- Internet Explorer set cross domain cookies for authorization
- I can't set cookie in opera and internet Explorer
- How do i 'share cookies' in opera extensions?
- Opera browser - cookie editor
- Internet Explorer and Chrome are not accepting my cookie
- Setting custom cookies in firefox and chrome?
- Cookies for different browser
- Why Opera is using Firefox's Cookies