authentication – Same session cookies for a user logging from different browser/machine

Having the session cookie specific to the machine or browser offers at least the possibility to associate machine/browser specific information with the cookie (like some kind of browser fingerprint). Such associated information might then be used to better detect if the cookie was used on a different machine, i.e. impersonation done via cookie theft.

Note that this cookie protection is purely optional, i.e. just because the cookie is machine/browser specific does not mean that such information will be definitely associated with the cookie but only that this could be done.

If the session cookie is instead machine/browser independent such protection is not possible at all, but instead a stolen cookie could easily be used from other systems. This means the risk of impersonation would be higher.

Which is more vulnerable …

None of this actually presents a vulnerability. A vulnerability would be if some attacker could steal the session cookie, for example using XSS or by sniffing unprotected connections. The options you present only offer more or less ways to mitigate the impact of the vulnerability by making it harder or easier for the attacker to misuse the stolen cookie.

browser – Best way to suggest enabling cross-site cookies with Brave

For technical reasons (OIDC library uses CORS requests to renew API access tokens), our application requires that when using the Brave browser, the security shields built into Brave be either disabled or cross-site cookies enabled.

Any ideas or suggestions on the best way to inform the user of this?

During the login process, we could just have some italic text for this, but would be easily ignored.

I was envisioning perhaps having the Brave logo somewhere in the app, perhaps in the footer with a tooltip / overlay and a popup on click that clarified that the authentication session will not renew past 6 minutes without cross-site cookies enabled and a description of how to enable this.

Any other ideas or thoughts on the best ways to convey this to our users as painlessly as possible?

Thanks, really appreciate any and all suggestions!

How to monetize website with cookies

So I have this website that I don’t want to put ads on because it would completely ruin the user experience to even have one ad on screen. I was wondering if there was a way to monetize my site just by using tracking cookies. I’ve never done this before and I wanted to know how exactly I could do this and what to be concerned about by taking this route. Sorry if the question is a little vague but I couldn’t find much information on this kind of stuff online for some reason.

memory – How to save browser cookies in ram?

I have a laptop I use in public where I access some sensible information over the browser. I already encrypted it and cookies are automatically deleten when I close the browser. The problem is, if somebody could find out the password, that person could maybe recover the cookies and access my private data. I know the RAM has nothing saved when the laptop is powered off, so it would be a good idea to save my cookies there.

Is there a way to save cookies in the RAM?

express – How to delete cookies on node.js when the user leaves the website

I install a cookie on node.js when the user selects a language like this:

res.cookie('lang', req.body.lang)

But I want to delete this cookie when the user closes the website, so that when he returns, the language he sees is the default language, is it possible? I only found solutions regarding session cookies but I think this does not apply to this case.

"stay connected" how to keep the user connected via cookies with PHP

I am creating a login system with HTML and PHP and I would like to know how to make sure that the user is logged in with the use of cookies when he ticks the "stay logged in" box on the login page. The code I use is: index.php (routes):


$app->get('/admin/login', function() {

    $page = new PageAdmin((
        "header"=>false,
        "footer"=>false
    ));

    $page->setTpl("login");
});

$app->post('/admin/login', function() {

    User::login($_POST("deslogin"), $_POST("despassword"), $_POST("remember"));

    header("Location: /admin");
    exit;

});

User.php:

private $values = ();

public static function login($login, $password, $rememberCheck):User -> verifica senha e username com o DB.
    {

        $db = new Sql();

        $results = $db->select("SELECT * FROM tb_users WHERE deslogin = :LOGIN", array(
            ":LOGIN"=>$login
        ));

        if (count($results) === 0) {
            throw new Exception("Não foi possível fazer login.");
        }

        $data = $results(0);


        if (password_verify($password, $data("despassword"))) {

            $user = new User();
            $user->setData($data);

            $_SESSION(User::SESSION) = $user->getValues();

            return $user;

        } else {

            throw new Exception("Não foi possível fazer login.");

        }

        if($rememberCheck=='1' || $rememberCheck=='on')
        {
            $hour = time() + 3600 * 24 * 30;
            setcookie('username', $login, $hour);
            setcookie('password', $data("despassword"), $hour);
        }

    }

    public function setData($data) -> cria Sets e Gets automáticos em conjunto com o método "__call" e retorna para $values.
    {

        foreach ($data as $key => $value)
        {

            $this->{"set".$key}($value);

        }

    }

    public function __call($name, $args)
    {

        $method = substr($name, 0, 3);
        $fieldName = substr($name, 3, strlen($name));

        if (in_array($fieldName, $this->fields))
        {

            switch ($method)
            {

                case "get":
                    return (isset($this->values($fieldName))) ? $this->values($fieldName) : NULL;
                break;

                case "set":
                    $this->values($fieldName) = $args(0);
                break;

            }

        }

    }

    public function getValues()
    {

        return $this->values;

    }

}

The $ RememberCheck (user.php) and the last "if" from the class user were the last method I tried as an attempt but it didn't work, I can login but it is not saved and then if i open another page, i have to log in again, i would like to know how to change the code so that i only log in once and only It is stored in cookies, so I do not need to log in again when I enter the site.

HTML:


is it safe to implement a custom method of storing cookies in android?

I want to temporarily store session information in the Android app (as long as the app is running). I send real-time data to the node.js server from the Android client using a custom protocol (over UDP). With this data, I will send a cookie (or a unique session string to each user) to the server for further processing. is this a safe way to store cookies in RAM. Is it safe for users?

I am new to this security area, so I want help. if i missed any information, i am ready to add it.

cookies – Does the FB share button contain trackers?

I plan to put a Facebook share button (shown below) on my website to encourage people to share content on their FB page.

share button fb

However, I don't want cross-site trackers to "inflate" my website or user tracking. This is the code I should put in HTML to add the share button to my website.

Does this code contain trackers?

javascript – How can I increase the counter based on the amount of ingredients a user enters to create cookies using jQuery?

Hi! I was planning to do a little function in jQuery to be able to tell a user how many cookies he can make based on the amount of ingredients he has entered in the respective fields.

The data I use to prepare nail cookie is 200 grams of sugar, 100 grams of flour, one tablespoon (16 milliliters) of oil and one cup (250 milliliters) of water. Obviously, if the user enters an amount greater than this, he wants to specify the number of cookies he can create. The problem is that I would not know how to apply a counter to increase the quantities of cookies that you can make according to the ingredients you have?

I can leave you some of the basics of JavaScript and jQuery below:

$("#btnCalcular").click(calcularRecetas);

let azucar;
let harina;
let aceite;
let agua;
let galleta = 0;
// una galleta = 200g azúcar && 100g harina && 16ml aceite && 250ml agua //
let cantidadGalletas =0;

function calcularRecetas(){
    galleta++;
    azucar = Number($("#txtAzucar").val());
    harina = Number($("#txtHarina").val());
    aceite = Number($("#txtAceite").val());
    agua = Number($("#txtAgua").val());
    if(azucar>=200 && harina>=100 && aceite>=16 && agua>=250){
        // cantidadGalletas = cantidadGalletas + 1//
    }
}

I also leave you the basic structure of the HTML document so that you can enter such data:


    
    





magento2 – How to reload the page with server-side data when changing cookies?

I am creating a plugin for a custom condition before Loading the list of products in Magento 2. I have created an "inventory" cookie to save the source_selected inventory by the user in the window. inventory. If the user accesses certain pages before choosing the inventory window. When users return to these pages, the content of the page loads from the cache. It is not run on the beforeLoad function to check the inventory conditions.
How to check if the value of the cookie is changed, then run on beforeLoad to filter the product.

public function beforeLoad(MagentoCatalogModelResourceModelProductCollection $subject, $printQuery = false, $logQuery = false)
    {
        $areaCode = $this->_state->getAreaCode();
        if($areaCode == 'frontend'){
            $inventory_source = 'default';
            if(isset($_COOKIE("inventory"))){
                $inventory_source = $_COOKIE("inventory");
            }
            $joinCondition() = "e.sku = isi.sku";
            $joinCondition() = "isi.source_code = '".$inventory_source."'";
            $joinCondition = implode(' AND ', $joinCondition);

            if (!$subject->isLoaded()) {
                $subject->getSelect()
                    ->join(
                        ( 'isi' => $subject->getTable('inventory_source_item') ),
                        $joinCondition,
                        ()
                    );
            }
        }

        return ($printQuery, $logQuery);
    }

Thanks and best wishes,
BienHV