I have a development website running on Win2K Server, using ASP 3.0. I'm
using IE6 (all updates added).
I have a cookie that is set on a login page, which is an Encrypted password:
Response.Cookie s("PWORD")=Encr yptedPassword
I then redirect to a page:
Response.Redire ct(GotoPage)
and on the page that is redirected, i look at the cookie:
Response.Write( Request.Cookies ("PWORD"))
the problem is, when I do the request.cookies , it is NOT encrypted. The only
code that ever sets this cookie is the one line that I showed above, and one
line to set it to "" when the user hits the Logout button.
why is my cookie showing up unencrypted? and how do I fixe this? it seems to
be specific to my machine... but it just started happening last friday - and
i did not update anything, when this started happening. ... i was just
looking at pages on the site.
4  2080 
More Info:
When I do this:
Response.Write( Request.Serverv ariables("HTTP_ COOKIE"))
the results show my cookie in the proper encrypted form.
"Derick Bailey" <db*****@airsys co.com> wrote in message
news:u7******** ******@TK2MSFTN GP11.phx.gbl... I have a development website running on Win2K Server, using ASP 3.0. I'm
using IE6 (all updates added).
I have a cookie that is set on a login page, which is an Encrypted
password: Response.Cookie s("PWORD")=Encr yptedPassword
I then redirect to a page:
Response.Redire ct(GotoPage)
and on the page that is redirected, i look at the cookie:
Response.Write( Request.Cookies ("PWORD"))
the problem is, when I do the request.cookies , it is NOT encrypted. The
only code that ever sets this cookie is the one line that I showed above, and
one line to set it to "" when the user hits the Logout button.
why is my cookie showing up unencrypted? and how do I fixe this? it seems
to be specific to my machine... but it just started happening last friday -
and i did not update anything, when this started happening. ... i was just
looking at pages on the site.
Hi Derick,
Is it possible for EncryptedPasswo rd to return raw string without
Encryption? For example, there are some logical problem in the function? Is
there any some else code in your project which may change the cookie?
Additionally, if you clear the client cookie in IE and browse to the web
site again, will this fix the problem?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
there is no logic used when reading the cookie, just
Request.Cookies ("PWORD")
deleting the cookie from my hard drive fixed it.
thanks.
"MSFT" <lu******@onlin e.microsoft.com > wrote in message
news:0Z******** ******@cpmsftng xa07.phx.gbl... Hi Derick,
Is it possible for EncryptedPasswo rd to return raw string without
Encryption? For example, there are some logical problem in the function?
Is there any some else code in your project which may change the cookie?
Additionally, if you clear the client cookie in IE and browse to the web
site again, will this fix the problem?
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I suspect "response.cooki es("PWORD")" was written directly in your code
without Encryption. So the client cookie save on client disk without
Encryption. You may check your code to see if it is posible.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Fred |
last post by:
I've check all the info I can find on cookies and I have gotten some
idea of how to set a cookie, set the expiration, and get the cookie
value.
But I need help bringing it all together to accomplish what I need to
do.
When someone first visits a signup page, I want them to see a popup
that says they can sign up within the next 30 days without having to
pay an appication fee. Then each time they revisit over the next 30
|
by: brettr |
last post by:
When I reference document.cookie, there is a long string of key=value;
pairs listed. I may have 100 hundred cookies on my hard drive.
However, most only have one key=value pair. Does the document.cookie
variable combine all cookie key=value pairs?
All of the examples I've seen discuss referencing a specific cookie. I
don't see how this is done.
Cookies are usually named by the domain. If I want to reference a
specific cookie, do I...
|
by: Wysiwyg |
last post by:
After a server created cookie is processed on the client I want it removed,
cleared, or expired in the javascript block but have been unable to do this.
If I set a cookie value in the server code behind and don't use a domain
then I can not change or remove that cookie's value on the client. If I
subsequently create the cookie again in the codebehind then I actually end
up with TWO cookies with the same name in the response. The cookie...
|
by: Marty |
last post by:
Something strange is happening on my web site since my hosting provider
upgraded to Server 2003 a few weeks ago.
I use forms authentication in my asp.net application, with essentially
the following c# code-behind on my login page:
If (FormsAuthentication.Authenticate(UserName.Text, UserPass.Text))
FormsAuthentication.RedirectFromLoginPage(UserName.Text, true);
Note that the createPersistentCookie parameter is set to true.
|
by: Bruno |
last post by:
I have a feature that is hosted on a different domain from the primary one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
| | |
by: dba123 |
last post by:
I need to "tie together the cookie with the domain" by referencing the
information from my web.config below in my login's codebhind. I don't
understand how. I need to also save that after doing so:
<add key="cookieDomainName" value=".test.com" />
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="CH.COM.AUTH" path="/"/>
</authentication>
|
by: TokyoJ |
last post by:
I use a popup / prompt requesting the visitor to enter a USERNAME so after the user clicks SUBMIT on the prompt all the pages in the site should greet the user with Hi, USERNAME.
But there are two problems.
1. From another page in the site, when I return to the HOME page, the prompt reappears even though I've already entered a USERNAME.
2. The other pages don't greet the user. The Hi, USERNAME doesn't appear.
Could someone offer some...
|
by: Jan Danielsson |
last post by:
Hello all,
I'm sure I'm not using this right, but I don't understand what I'm
doing wrong. What I want is to get all the cookies from the request,
then extract the 'sessId' cookie. I'm using this code:
-----------------
from mod_python import Cookie
|
by: Hans |
last post by:
Hi!
I have a login page where I have three different ways to authenticate a
user.
1. Use integrated authentication and read the server variable AUTH_USER and
then verify if this is a valid user from a database. If OK I write some
session cookies and then re-direct to another page placed in the same folder
(which will read the cookie and verify that it is valid). This works OK.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
