hello,
I am writing the Following coding for preventing Session Fixation
attack in ASP.Net website, but I could not retrieve the cookie added and the
value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the Web Form
Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been authenticated.
' It is expected that the session has been invalidated prior to this call.
Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is
Nothing)) Then
If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
4  2277 
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.
Riki
anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not
(HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
Then
If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
--
Riki
Hello,
After changing the Path, will the code work?
thank you
"Riki" wrote:
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.
Riki
anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not
(HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
Then
If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
--
Riki
anoop wrote:
Hello,
After changing the Path, will the code work?
thank you
Why don't you try it and let us know?
We can't do the testing for you.
I suggest not setting the path at all, let ASP.NET do it for you.
Riki
"Riki" wrote:
>The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.
Riki
anoop wrote:
>>hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As
System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer 'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessi onID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not
(HttpContext.Current.Request.Cookies("CLoginSess ionID") Is Nothing))
Then
If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
--
Riki
--
Riki
Thank you
"Riki" wrote:
anoop wrote:
Hello,
After changing the Path, will the code work?
thank you
Why don't you try it and let us know?
We can't do the testing for you.
I suggest not setting the path at all, let ASP.NET do it for you.
Riki
"Riki" wrote:
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.
Riki
anoop wrote:
hello,
I am writing the Following coding for preventing Session
Fixation attack in ASP.Net website, but I could not retrieve the
cookie added and the value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As
System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer 'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been
authenticated. ' It is expected that the session has been
invalidated prior to this call. Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessio nID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not
(HttpContext.Current.Request.Cookies("CLoginSessi onID") Is Nothing))
Then
If Trim(cookie_value) <Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
--
Riki
--
Riki
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Shannon Jacobs |
last post by:
I'm doing some trivial surveys, and I want to know if the same user
answers twice. Can't really know that, but at least I thought I could
check for the same browser/computer combination by using a...
|
by: chrism |
last post by:
Hello,
I have a pop-up window that I would like to appear in front of the
browser home page when a user opens IE. Problem is, I'd like it to
never appear again if the user navigates back to the...
|
by: brettr |
last post by:
When I reference document.cookie, there is a long string of key=value;
pairs listed. I may have 100 hundred cookies on my hard drive.
However, most only have one key=value pair. Does the...
|
by: socialism001 |
last post by:
I'm trying to store a value in a cookie but its not working. Can
anyone see what I might be doing wrong.
Thanks,
Chris
~~~~~~~~~~~~~~~~~~
<script language="javascript">...
|
by: Marco Krechting |
last post by:
Hi All,
I have a page with a list of hyperlinks.
I want to save information in a cookie about the fact that I entered an
hyperlink or not.
When I click one of the hyperlinks I want this stored...
|
by: Wysiwyg |
last post by:
After a server created cookie is processed on the client I want it removed,
cleared, or expired in the javascript block but have been unable to do this.
If I set a cookie value in the server code...
|
by: CR1 |
last post by:
I found a great cookie script below, but don't know how to make it also pass the values sent to the cookie, to a querystring as well for tracking purposes. Can anyone help? If there was a way to...
|
by: kelvlam |
last post by:
Hello all,
I'm still a bit new with JavaScript, and I hope the guru here can shed
some light for me. It's regarding handling cookie and the
case-sensitive nature of JavaScript itself.
My...
|
by: kelly.pearson |
last post by:
Is this a bug? I am trying to write a cookie that can be accessed by
various .Net applications on our domain. However, whenever I add the
domain property to the cookie, no errors get thrown but...
|
by: cbhoem |
last post by:
Hi -
I am trying my hand at python cookies. I'm confused about a few
things though. Do the python cookies get written to a cookies text
file? I have simple code below -- I see the cookie in...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
