Kladrie wrote:nmatheson wrote:Is there a way to not have to enter my user name and password and press Submit each time I wish to download a file. My user name and password have been stored in Google but I now have to click on them and press Submit for each file, but previously this wasn't necessary as the next file was automatically downloaded when I pressed the blue arrow. Thanks for your assistance.
I am now also experiencing the same thing, both on Firefox and Chrome. Tried clearing cookies & cache, to no avail.
hi all - we ran into this recently at work with our own web application - so I have figured out what is causing the problem, and can confirm that within a few months, the problem will also happen on IE and Edge.
The problem is that the username/password for Premium links is being cached in a browser cookie, and Chrome and Firefox have implemented a new security standard for cookies, called "SameSite" - if a cookie does not have a SameSite attribute specified, the browser will default to "SameSite=Lax" - and that combined, with the fact that the link for premium downloads is not a top-level link (i.e. it's nested inside an iframe) - means that the browser is stripping the cookie from the request header and so the request goes out without the username/pw and forces you to reauthenticate every time.
I believe that the long term solution is that the web application or application container needs to be modified so that the cookie is set with "SameSite=None; Secure" as attributes - that way the browsers will not strip the cookie off the request.
In the meantime - for Chrome at least - there is a workaround to force Chrome to go back and use the old behaviour and not strip the cookies off.
https://support.siteimprove.com/hc/en-g ... nforcementI did this and the username/passwords are cached for me again in Chrome.
Additional links with more info on this new "feature"
https://stackoverflow.com/questions/60994072/jsessionid-cookie-is-lost-in-chromehttps://stackoverflow.com/questions/608 ... 1#60850921https://www.chromium.org/updates/same-sitehttps://web.dev/samesite-cookies-explained/https://chromestatus.com/feature/5088147346030592https://scotthelme.co.uk/csrf-is-dead/ The RFC for SameSite
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00Hope this helps!