I want to create an extension for Firefox and Chrome to make troubleshooting a bit easier. All of what I will describe is currently possible using Firebug or Charles Proxy. However, I have a bunch of users that don't have the tools, experience, or patience. The main function of the extension is to answer the following questions:
- Does the browser have a session cookie for X? If so, what are its attributes (domain, path, secure, et cetera)?
- What request contained the Set-Cookie HTTP header?
- Did the value of the session cookie change? Which request? Was it due to session rotation or because N minutes passed since the last request?
- Does the request have multiple Set-Cookie HTTP headers with differing attributes? Which one was kept?
- Are responses to requests for site resources (images, stylesheets, scripts) also including a session cookie?
- Is the previous session cookie still valid?
A configuration panel would allow entry of a cookie name to watch, JSESSIONID for example, and a hostname pattern like *.my-app-name.com. To prevent storing a silly amount of data, it would have an option to set the maximum number and age of remembered requests. As a user clicks around an application, the extension's icon would light up when conditions are met, such as a change in session cookie attributes or value. I'd also like to add support for additional HTTP response header tracking, such as X-Node containing the name of a node behind a load balancer that actually served the request.
Hopefully all of these features would allow a user to see why they were "logged out" and be able to communicate the information to me. Or, better yet, the extension could have an option to send the current data to a collection API so I could parse it myself after the user has experienced a problem.