Cookie persistency

[azygis]

Is there any way to get cookies persistent without code changes? I'd like to avoid entering my email every single time and that's only possible with cookies being available between launches.

Would do it myself, but my knowledge of C++ is quite limited, let alone Qt itself. Wonder if it supports something like enabling persistency via environment variables or something.

[azygis]

After creating the issue I've decided to rummage through the code after all. Looks like cookies are allowed and the persistent storage is set. I wonder now how FortiClient works around us needing to enter the email, maybe not even the cookies but a separate argument to IdP.

[gm-vm]

Correct, persistent cookies are indeed enabled and that's actually the default. There's even the possibility to persist session cookies changing policy( QWebEngineProfile::ForcePersistentCookies), but I don't think that's how Forticlient does it.

I remember there was an option in the official Forticlient to see some logs. Those helped me a lot in figuring out how SAML works, maybe you'll find something useful for your problem.

If that's of no help, you can try to enable the inspector of this application or more simply use an actual browser and inspect the page.

[azygis]

Thanks for the hint, I'll try to see what's in the logs for the official client. It's completely unusable on ubuntu, but the important part works - it does start the authentication itself so I hope I can find the outgoing requests in one form or the other. Worst case, have to try and find something similar to Fiddler Classic for ubuntu.

How can one open dev tools in Qt browser? There's no F12 and no option in the context menu.

[gm-vm]

Launch the application with --remote-debugging-port=XXXX, where XXXX is some number. Then you'll have to use Chrome/Chromium and connect the inspector: https://blog.chromium.org/2011/05/remote-debugging-with-chrome-developer.html

This works pretty much with all the Chromium based browsers, although some may not give you a way to pass this magic argument (I assume the official Forticlient, which if I remember correctly uses Chromium under the hood, does not allow that).

[azygis]

Thanks, managed to start remote debugging session. The command args didn't work, but setting QTWEBENGINE_REMOTE_DEBUGGING environment variable worked.

What I can see is that cookies are not persistent at all. Each time the window is opened, it gets a fresh batch of the cookies. Since the email is part of the cookies themselves, I always need to enter the email, compared to the official FortiClient / my own browser where the cookies are stored properly. Qt docs say AllowPersistentCookies should restore the persistent cookies from disk, but it doesn't look like it does. Maybe the profile has to be named for it to work?

Any ideas?

[azygis]

Okay, decided to try whether my idea about named profile was worth anything and it proved it right.

Now I don't need to even enter the credentials at all as long as my session is still valid after disconnecting from VPN. Will see whether I get to skip the email when my session expires.

If it works (it probably should), do you want me to create a PR?

[gm-vm]

You are right, this is apparentely something new in Qt6, Qt5 used some default profile.

Feel free to open a PR. What you are doing only works with Qt6, so either you keep the code backward compatible with Qt5 with some ifdefs or just ignore the existence of Qt5. Qt6 has been out for ages after all, it's probably time to move on (I'd maybe just change this line).

[azygis]

Thank you for pointing me at the right direction!