473,508 Members | 2,389 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Can't find cookie in cookie directory ... where could it be?

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.

I've included code below so you can see what I'm doing.

THANKS!
R

The cookie is first written by a login script.

Response.Cookies('sSecurity') = sSecurity;
// Set the cookie's path
sCOOKIEPATH = fSetCookiePath(); //See code at end

//Sets the cookie's expiration time to one hour in the future
sDate = fSetCookieTime('HOURS',1);
Each time the user navigates to a new screen, their authorization is
checked.
if (sSecurity == ''){
Response.Redirect('/client/login.asp)
}
else{
sDate = fSetCookieTime('HOURS',1);
}
var cookie_path = "";
cookie_path = fSetCookiePath();
function fSetCookiePath() {

var path_variable = Request.ServerVariables.Item('HTTP_REFERER');
var get_loc = 0;
var path_start = 0;
var cookie_path = "";
var path_len = 0;
path_variable = new String( path_variable);
path_start = path_variable.indexOf('//');
cookie_path = path_variable.substr(path_start + 2);
path_start = cookie_path.indexOf('/');
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(path_start, path_len);
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(0, path_len);

//If there is more than one "/" remove any data following the second
// "/"
get_loc = cookie_path.indexOf("/", 1)
if (get_loc > 0) {
cookie_path = cookie_path.substr(0, get_loc);
}

//If a path is created, then set the path
if (cookie_path > "") {
Response.Cookies('stoken').Path = cookie_path;
}
return cookie_path;
}
Jul 23 '05 #1
3 4191
On 5 Apr 2004 09:10:11 -0700, HorseGeek <ri**@harlandcomputer.com> wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.


You do realise that the cookie location has nothing to do with the Path
field in said cookie, don't you. The code you presented doesn't do
anything to help diagnose the problem.

There are only two things that I can think of at the moment that determine
whether you'll be able to find a cookie in the browser's cookie directory:

1) Are cookies accepted by the browser?
2) Is the cookie a session cookie, or a persistent cookie?

You attempt to set the expiry date for the cookie, so I'd assume the
cookie is persistent, but as you don't post the relevant code, there's no
way to tell if it functions correctly. If you are certain that the expiry
date is set correctly, this is a browser question and not a JavaScript
one. In that case, you'll have to ask a group that deals with the browser
you're using.

Mike

--
Michael Winter
M.******@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply)
Jul 23 '05 #2
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com (HorseGeek) wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

Try using Netscape 7.1. You can set Netscape up to display a
confirmation message every time a cookie is set and Netscape has a
cookie manager which allows you to examine all cookies.

I seem to recall that IE has a way of displaying cookies. You can find
the file or files where IE stores the cookie data. I didn't have any
luck with session cookies in IE. I had to set a short time value to get
cookies to work in IE.

You could include a logout button to clear the cookies. This would make
the client more comfortable.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


While I am not an expert on security from what I hear, security should
be based on the server side. I think one technique people use is to
send down a random number and send it back to the server. I'd use a
different random number for every request and not save it in a cookie.
I'd pass the random number between html files by the search parameter
(location.search).

Robert
Jul 23 '05 #3
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com enlightened us with...
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

It depends on your browser and your settings in said browser.
The place the cookie goes on the client has absolutely nothing to do
with your path data in the cookie, BTW. That is not what that is for.
The path data applies to the server.
Cookies are written on the client.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


Using cookies for security is a Bad Idea(tm).
Use a server-side method with HTTPS if you're really concerned.
Otherwise use .htaccess/Apache or IIS protection with session data that
expires when the browser is closed or the page is left.
Since it looks like you're using ASP, I'd use IIS built-ins to do
security. This is not the group to go into that, but I'm sure there's
plenty to find out at the microsoft groups.

--
--
~kaeli~
If a book about failures doesn't sell, is it a success?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
2812
Can you introduce some book about python?
by: fdsl ysnh | last post by:
--- python-list-request@python.orgдµÀ: > Send Python-list mailing list submissions to > python-list@python.org > > To subscribe or unsubscribe via the World Wide Web, > visit >...
Python
2
9158
setting cookie then redirect problem
by: bagsmode | last post by:
Hi, I'm trying to set a session cookie and then redirect, however I get the error: Status: 302 Moved Location: /index.cgi I thought I recall getting an error like this when I first tried...
Perl
0
1530
strange cookie problem
by: Jaakko T Oksa | last post by:
suppose i have a script which sets a cookie in this manner: Response.Cookies("session_id") = '12345' Response.Cookies("session_id").Expires = <future date here>...
ASP / Active Server Pages
1
1335
cookie+form-->javascript
by: Sergio | last post by:
<HTML> <!- I need to write code that saves contents of the following form as MyForm.txt(only Last_Name,First_Name) into directory c:\MyPATH\MyForm.txt or into cookies directory. -->...
Javascript
1
1416
cookie problem
by: alain dhaene | last post by:
Hi, I get the follow problem. A page is locate in C:\Directory\files\pag1.php There I call the function setUrl. (all the functions are located in C:\Directory\includes function setUrl() {
Javascript
12
4588
how can c# webpage read cookie placed by a batch job?
by: Jason Shohet | last post by:
I've asked this on the asp ng, but couldn't get any advice, wondering if anyone here can help... GOAL: place a .NET cookie, in a user's cookie folder, containing the machinename of the current...
C# / C Sharp
4
1384
is auth cookie still active
by: Alex | last post by:
hi, I have implemented forms authentication and it is woking well however I am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a...
ASP.NET
1
5865
Can't send cookies using XMLHTTP
by: Lu Wei | last post by:
Hello, I'm writing a script to send posts to a web forum. I find that MSXML2.XMLHTTP object could communicate with web server but I can't make it send cookie which is needed for post...
Javascript
2
2692
FormsAuthentication Cookie
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/>...
ASP.NET
0
7224
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7323
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7379
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
7038
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5625
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5049
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4706
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
1550
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
763
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us