irigsoft Posted September 22, 2022 Share Posted September 22, 2022 Hi, I am trying to change some session Cookie values "UNI_GUI_SESSION_ID" such as Secure, HttOnly and others as follows but I am not succeeding. What am I doing wrong? if ARequestInfo.Cookies.GetCookieIndex ('UNI_GUI_SESSION_ID') > 0 then begin ARequestInfo.Cookies.BeginUpdate; ARequestInfo.Cookies.Cookies [ARequestInfo.Cookies.GetCookieIndex ('UNI_GUI_SESSION_ID')].Secure := True; ARequestInfo.Cookies.Cookies [ARequestInfo.Cookies.GetCookieIndex ('UNI_GUI_SESSION_ID')].HttpOnly := True; ARequestInfo.Cookies.EndUpdate; end; Quote Link to comment Share on other sites More sharing options...
Sherzod Posted September 22, 2022 Share Posted September 22, 2022 Hello, Why do you want to change exactly here? BTW, are you using https? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 22, 2022 Author Share Posted September 22, 2022 6 minutes ago, Sherzod said: Hello, Why do you want to change exactly here? BTW, are you using https? Hello, I try to change some attributes on system cookies by security reason ( I use unigui session id in some code in my projects and want to disable it to external access) BTW, are you using https? - At this point, No. I know "Secure" is impossible without https, but I tried setting other attributes as well Quote Link to comment Share on other sites More sharing options...
andyhill Posted September 22, 2022 Share Posted September 22, 2022 I stopped using cookies a long time ago, why not use local storage with your own encryption. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 22, 2022 Author Share Posted September 22, 2022 55 minutes ago, andyhill said: I stopped using cookies a long time ago, why not use local storage with your own encryption. hi, I'm using it already, thanks, but I saw that it's not possible to apply the attributes to this cookie, and I just wanted to know if I'm doing something wrong. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 31 Author Share Posted March 31 Hi, a new questions about this cookie 1. Is it possible to set HTTPOnly = True? 2. Is it possible to change name on the "UNI_GUI_SESSION_ID" cookie ? because: "Configuring a cookie with the HTTPOnly flag forces the web browser to have this cookie processed only by the server, and any attempt to access the cookie from client-based code or scripts is strictly forbidden. This protects against several type of attacks, including CSRF." Quote Link to comment Share on other sites More sharing options...
Sherzod Posted March 31 Share Posted March 31 4 hours ago, irigsoft said: Is it possible to set HTTPOnly = True? ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 31 Author Share Posted March 31 17 minutes ago, Sherzod said: ? this not work for me. http and stand alone app, but httponly cannot be changed, by this way Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 2 Author Share Posted April 2 On 3/31/2024 at 7:45 PM, Sherzod said: ? Hi, I'm going to add a new way to protect cookies, but I can't test it, if someone can confirm my code is working I'd appreciate it. add to MainForm.Script this: function getCookie(name) { const value = `; ${document.cookie}`; const parts = value.split(`; ${name}=`); if (parts.length === 2) return parts.pop().split(';').shift(); }; //function setCookie () { var keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';Secure=true;SameSite=Strict'; keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';HttpOnly=true'; //}; Quote Link to comment Share on other sites More sharing options...
Hayri ASLAN Posted April 2 Share Posted April 2 Why you are not changing it from UniGUIApplication.pas, line 1965 until we check it? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 2 Author Share Posted April 2 3 minutes ago, Hayri ASLAN said: Why you are not changing it from UniGUIApplication.pas, line 1965 until we check it? Hi, I don't have Source Code. Quote Link to comment Share on other sites More sharing options...
Hayri ASLAN Posted April 2 Share Posted April 2 1 minute ago, irigsoft said: Hi, I don't have Source Code. What build are you using? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 2 Author Share Posted April 2 4 minutes ago, Hayri ASLAN said: What build are you using? Professional - 1.9.1551 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.