467,084 Members | 1,211 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,084 developers. It's quick & easy.

Can't find cookie in cookie directory ... where could it be?

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.

I've included code below so you can see what I'm doing.

THANKS!
R

The cookie is first written by a login script.

Response.Cookies('sSecurity') = sSecurity;
// Set the cookie's path
sCOOKIEPATH = fSetCookiePath(); //See code at end

//Sets the cookie's expiration time to one hour in the future
sDate = fSetCookieTime('HOURS',1);
Each time the user navigates to a new screen, their authorization is
checked.
if (sSecurity == ''){
Response.Redirect('/client/login.asp)
}
else{
sDate = fSetCookieTime('HOURS',1);
}
var cookie_path = "";
cookie_path = fSetCookiePath();
function fSetCookiePath() {

var path_variable = Request.ServerVariables.Item('HTTP_REFERER');
var get_loc = 0;
var path_start = 0;
var cookie_path = "";
var path_len = 0;
path_variable = new String( path_variable);
path_start = path_variable.indexOf('//');
cookie_path = path_variable.substr(path_start + 2);
path_start = cookie_path.indexOf('/');
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(path_start, path_len);
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(0, path_len);

//If there is more than one "/" remove any data following the second
// "/"
get_loc = cookie_path.indexOf("/", 1)
if (get_loc > 0) {
cookie_path = cookie_path.substr(0, get_loc);
}

//If a path is created, then set the path
if (cookie_path > "") {
Response.Cookies('stoken').Path = cookie_path;
}
return cookie_path;
}
Jul 23 '05 #1
  • viewed: 3917
Share:
3 Replies
On 5 Apr 2004 09:10:11 -0700, HorseGeek <ri**@harlandcomputer.com> wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.


You do realise that the cookie location has nothing to do with the Path
field in said cookie, don't you. The code you presented doesn't do
anything to help diagnose the problem.

There are only two things that I can think of at the moment that determine
whether you'll be able to find a cookie in the browser's cookie directory:

1) Are cookies accepted by the browser?
2) Is the cookie a session cookie, or a persistent cookie?

You attempt to set the expiry date for the cookie, so I'd assume the
cookie is persistent, but as you don't post the relevant code, there's no
way to tell if it functions correctly. If you are certain that the expiry
date is set correctly, this is a browser question and not a JavaScript
one. In that case, you'll have to ask a group that deals with the browser
you're using.

Mike

--
Michael Winter
M.******@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply)
Jul 23 '05 #2
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com (HorseGeek) wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

Try using Netscape 7.1. You can set Netscape up to display a
confirmation message every time a cookie is set and Netscape has a
cookie manager which allows you to examine all cookies.

I seem to recall that IE has a way of displaying cookies. You can find
the file or files where IE stores the cookie data. I didn't have any
luck with session cookies in IE. I had to set a short time value to get
cookies to work in IE.

You could include a logout button to clear the cookies. This would make
the client more comfortable.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


While I am not an expert on security from what I hear, security should
be based on the server side. I think one technique people use is to
send down a random number and send it back to the server. I'd use a
different random number for every request and not save it in a cookie.
I'd pass the random number between html files by the search parameter
(location.search).

Robert
Jul 23 '05 #3
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com enlightened us with...
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

It depends on your browser and your settings in said browser.
The place the cookie goes on the client has absolutely nothing to do
with your path data in the cookie, BTW. That is not what that is for.
The path data applies to the server.
Cookies are written on the client.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


Using cookies for security is a Bad Idea(tm).
Use a server-side method with HTTPS if you're really concerned.
Otherwise use .htaccess/Apache or IIS protection with session data that
expires when the browser is closed or the page is left.
Since it looks like you're using ASP, I'd use IIS built-ins to do
security. This is not the group to go into that, but I'm sure there's
plenty to find out at the microsoft groups.

--
--
~kaeli~
If a book about failures doesn't sell, is it a success?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by fdsl ysnh | last post: by
2 posts views Thread by bagsmode | last post: by
reply views Thread by Jaakko T Oksa | last post: by
1 post views Thread by Sergio | last post: by
1 post views Thread by alain dhaene | last post: by
4 posts views Thread by Alex | last post: by
2 posts views Thread by rn5a@rediffmail.com | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.