472,805 Members | 986 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,805 software developers and data experts.

Can't find cookie in cookie directory ... where could it be?

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.

I've included code below so you can see what I'm doing.

THANKS!
R

The cookie is first written by a login script.

Response.Cookies('sSecurity') = sSecurity;
// Set the cookie's path
sCOOKIEPATH = fSetCookiePath(); //See code at end

//Sets the cookie's expiration time to one hour in the future
sDate = fSetCookieTime('HOURS',1);
Each time the user navigates to a new screen, their authorization is
checked.
if (sSecurity == ''){
Response.Redirect('/client/login.asp)
}
else{
sDate = fSetCookieTime('HOURS',1);
}
var cookie_path = "";
cookie_path = fSetCookiePath();
function fSetCookiePath() {

var path_variable = Request.ServerVariables.Item('HTTP_REFERER');
var get_loc = 0;
var path_start = 0;
var cookie_path = "";
var path_len = 0;
path_variable = new String( path_variable);
path_start = path_variable.indexOf('//');
cookie_path = path_variable.substr(path_start + 2);
path_start = cookie_path.indexOf('/');
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(path_start, path_len);
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(0, path_len);

//If there is more than one "/" remove any data following the second
// "/"
get_loc = cookie_path.indexOf("/", 1)
if (get_loc > 0) {
cookie_path = cookie_path.substr(0, get_loc);
}

//If a path is created, then set the path
if (cookie_path > "") {
Response.Cookies('stoken').Path = cookie_path;
}
return cookie_path;
}
Jul 23 '05 #1
3 4150
On 5 Apr 2004 09:10:11 -0700, HorseGeek <ri**@harlandcomputer.com> wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.


You do realise that the cookie location has nothing to do with the Path
field in said cookie, don't you. The code you presented doesn't do
anything to help diagnose the problem.

There are only two things that I can think of at the moment that determine
whether you'll be able to find a cookie in the browser's cookie directory:

1) Are cookies accepted by the browser?
2) Is the cookie a session cookie, or a persistent cookie?

You attempt to set the expiry date for the cookie, so I'd assume the
cookie is persistent, but as you don't post the relevant code, there's no
way to tell if it functions correctly. If you are certain that the expiry
date is set correctly, this is a browser question and not a JavaScript
one. In that case, you'll have to ask a group that deals with the browser
you're using.

Mike

--
Michael Winter
M.******@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply)
Jul 23 '05 #2
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com (HorseGeek) wrote:
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

Try using Netscape 7.1. You can set Netscape up to display a
confirmation message every time a cookie is set and Netscape has a
cookie manager which allows you to examine all cookies.

I seem to recall that IE has a way of displaying cookies. You can find
the file or files where IE stores the cookie data. I didn't have any
luck with session cookies in IE. I had to set a short time value to get
cookies to work in IE.

You could include a logout button to clear the cookies. This would make
the client more comfortable.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


While I am not an expert on security from what I hear, security should
be based on the server side. I think one technique people use is to
send down a random number and send it back to the server. I'd use a
different random number for every request and not save it in a cookie.
I'd pass the random number between html files by the search parameter
(location.search).

Robert
Jul 23 '05 #3
In article <3b**************************@posting.google.com >,
ri**@harlandcomputer.com enlightened us with...
I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

It depends on your browser and your settings in said browser.
The place the cookie goes on the client has absolutely nothing to do
with your path data in the cookie, BTW. That is not what that is for.
The path data applies to the server.
Cookies are written on the client.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.


Using cookies for security is a Bad Idea(tm).
Use a server-side method with HTTPS if you're really concerned.
Otherwise use .htaccess/Apache or IIS protection with session data that
expires when the browser is closed or the page is left.
Since it looks like you're using ASP, I'd use IIS built-ins to do
security. This is not the group to go into that, but I'm sure there's
plenty to find out at the microsoft groups.

--
--
~kaeli~
If a book about failures doesn't sell, is it a success?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: fdsl ysnh | last post by:
--- python-list-request@python.orgд: > Send Python-list mailing list submissions to > python-list@python.org > > To subscribe or unsubscribe via the World Wide Web, > visit >...
2
by: bagsmode | last post by:
Hi, I'm trying to set a session cookie and then redirect, however I get the error: Status: 302 Moved Location: /index.cgi I thought I recall getting an error like this when I first tried...
0
by: Jaakko T Oksa | last post by:
suppose i have a script which sets a cookie in this manner: Response.Cookies("session_id") = '12345' Response.Cookies("session_id").Expires = <future date here>...
1
by: Sergio | last post by:
<HTML> <!- I need to write code that saves contents of the following form as MyForm.txt(only Last_Name,First_Name) into directory c:\MyPATH\MyForm.txt or into cookies directory. -->...
1
by: alain dhaene | last post by:
Hi, I get the follow problem. A page is locate in C:\Directory\files\pag1.php There I call the function setUrl. (all the functions are located in C:\Directory\includes function setUrl() {
12
by: Jason Shohet | last post by:
I've asked this on the asp ng, but couldn't get any advice, wondering if anyone here can help... GOAL: place a .NET cookie, in a user's cookie folder, containing the machinename of the current...
4
by: Alex | last post by:
hi, I have implemented forms authentication and it is woking well however I am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a...
1
by: Lu Wei | last post by:
Hello, I'm writing a script to send posts to a web forum. I find that MSXML2.XMLHTTP object could communicate with web server but I can't make it send cookie which is needed for post...
2
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/>...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
0
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
0
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
5
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
0
by: lllomh | last post by:
How does React native implement an English player?
0
by: Mushico | last post by:
How to calculate date of retirement from date of birth

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.