Cookies issue?

I’m just getting around to testing saving information with a cookie so please excuse me if this is a naive question/problem.

I have a login app and I want to save the last application that the user logged into - they are displayed in a popup menu.

If they successfully login then I save the cookie as such:

Session.Cookies.Set(“ID_WAPP”,str(pmApplications.RowTagAt(pmApplications.SelectedRowIndex)),DateTime.Now.AddInterval(1))

If I check it right after the value of ID_WAPP is set, but in the Opening event of this container that sits on a web page the following code shows no value.

var cID_WAPP As String = Session.Cookies.Value(“ID_WAPP”)

Can someone point me in the direction of doing this correctly so the cookie is retained. I’m running this in my local browser for right now.

So… cookies are stored on the browser and only sent to the web app when the browser loads the app. Because Xojo web apps don’t reload on every page, the data is not sent again until you refresh the browser or reconnect.

A better plan would be to use a dictionary or other property on Session where you store the value whenever it is set or loaded. Then you can reference it at any time.

speaking of cookies, what is the best way to have the user credentials saved somewhere

so that he doesn’t have to type his login pw each time the page is reloaded by the user

in a webcookie with timeout or in a session property ?

thanks

Please start your own thread @Jean-Yves_Pochez

So if I am understanding what you are saying, I should get the value of the cookies in the opening event of the session? Trying to get them in the first webpage loaded is too late?

It looks like what you may have failed to point out was mentioned in this thread. Can’t test in Safari when connected to an unsecured connection such as local browser. Safari only stores the cookies temporarily. it would be nice is this was mentioned in the docs.

https://forum.xojo.com/t/i-cant-retrieve-cookies-value/85130

Did you try searching Issues? It’s been fixed for R3.
#79652 - Session.Cookies.Set is failing for http connections

To summary #79652, you can’t use SameSiteStrength.Off without serving the website through https:

Note that if SameSite=None is set then the Secure attribute must also be set — SameSite=None requires a secure context.

But you can use SameSiteStrength.Lax instead (which will be the default value in 2025r3)

For example:

Session.Cookies.Set("foo", "bar", Nil, "", "", False, False, WebCookieManager.SameSiteStrength.Lax)

That works with current versions of Xojo. Sample project:

test-cookies.xojo_binary_project.zip (8.4 KB)

Ricardo - Thanks for the tip on the LAX setting and the sample app. Got it tested and working.

I hope that’s not true. Surely running over a non-secure connection is the exception to the rule not the standard. IMHO, Xojo should always be aiming to protect developers from having to secure their apps if at all possible.

Strict causes the browser to only send the cookie in response to requests originating from the cookie’s origin site. This should be used when you have cookies relating to functionality that will always be behind an initial navigation, such as authentication or storing shopping cart information.

The problem is the current default isn’t Secure, it’s Off (None). Lax is the default value browsers are using, so we’ll be following them in this case.

In implementing cookies, I found the Framework was behaving differently than the way web browsers do, which was unexpected. Xojo made it unnecessarily complicated (see above) to set a short-lived cookie.

You mean in comparison to JavaScript?

My findings are documented in the ticket.