468,250 Members | 1,585 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,250 developers. It's quick & easy.

Cookie problem in VB.Net

hello,
I am writing the Following coding for preventing Session Fixation
attack in ASP.Net website, but I could not retrieve the cookie added and the
value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the Web Form
Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been authenticated.
' It is expected that the session has been invalidated prior to this call.
Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub

Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is
Nothing)) Then

If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value

Thank you

Nov 18 '07 #1
4 2149
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.

Riki

anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub

Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not
(HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
Then

If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value

Thank you
--
Riki
Nov 19 '07 #2

Hello,
After changing the Path, will the code work?
thank you
"Riki" wrote:
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.

Riki

anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub

Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not
(HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
Then

If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value

Thank you

--
Riki
Nov 19 '07 #3
anoop wrote:
Hello,
After changing the Path, will the code work?
thank you
Why don't you try it and let us know?
We can't do the testing for you.

I suggest not setting the path at all, let ASP.NET do it for you.

Riki
"Riki" wrote:
>The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.

Riki

anoop wrote:
>>hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As
System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer 'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub

Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessi onID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not
(HttpContext.Current.Request.Cookies("CLoginSess ionID") Is Nothing))
Then

If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value

Thank you

--
Riki
--
Riki
Nov 19 '07 #4
Thank you

"Riki" wrote:
anoop wrote:
Hello,
After changing the Path, will the code work?
thank you

Why don't you try it and let us know?
We can't do the testing for you.

I suggest not setting the path at all, let ASP.NET do it for you.

Riki
"Riki" wrote:
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.

Riki

anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As
System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer 'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub

Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessio nID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not
(HttpContext.Current.Request.Cookies("CLoginSessi onID") Is Nothing))
Then

If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value

Thank you

--
Riki

--
Riki
Nov 19 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by brettr | last post: by
4 posts views Thread by socialism001 | last post: by
9 posts views Thread by Marco Krechting | last post: by
6 posts views Thread by kelvlam | last post: by
2 posts views Thread by kelly.pearson | last post: by
5 posts views Thread by cbhoem | last post: by
reply views Thread by NPC403 | last post: by
reply views Thread by kermitthefrogpy | last post: by
reply views Thread by zattat | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.