By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,963 Members | 1,863 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,963 IT Pros & Developers. It's quick & easy.

a few questions about cookies

P: n/a
I am creating a cookie based on a referral id like
www.mydomain.com/refid=3444

I call the cookie 'refidbymber' in the javascript that saves the 3444 to be
viewed on the web page.

1. Is it possible for another web page to create a cookie called
'refidnumber' and overwrite my cookie that I placed on the persons pc?

2. Is there a way to hide the javascript in the url? you can see exactly
the code to create, retrieve the cookie info.
Isnt this dangerous?

Thanks in advance
Jul 23 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
In article <0T*****************@newsread1.news.pas.earthlink. net>,
je***@mindspring.com says...
I am creating a cookie based on a referral id like
www.mydomain.com/refid=3444

I call the cookie 'refidbymber' in the javascript that saves the 3444 to be
viewed on the web page.

1. Is it possible for another web page to create a cookie called
'refidnumber' and overwrite my cookie that I placed on the persons pc?
Yes, as long as it's on the same domain.
2. Is there a way to hide the javascript in the url? you can see exactly
the code to create, retrieve the cookie info.
Generate it server-side and encrypt it. Decrypt is server-side too.

Isnt this dangerous?


Possibly.

--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php
Jul 23 '05 #2

P: n/a

"Hywel Jenkins" <hy**********@hotmail.com> wrote in message
news:MP************************@news.individual.ne t...
In article <0T*****************@newsread1.news.pas.earthlink. net>,
je***@mindspring.com says...
I am creating a cookie based on a referral id like
www.mydomain.com/refid=3444

I call the cookie 'refidbymber' in the javascript that saves the 3444 to be viewed on the web page.

1. Is it possible for another web page to create a cookie called
'refidnumber' and overwrite my cookie that I placed on the persons pc?


Yes, as long as it's on the same domain.
2. Is there a way to hide the javascript in the url? you can see exactly the code to create, retrieve the cookie info.


Generate it server-side and encrypt it. Decrypt is server-side too.

Isnt this dangerous?


Possibly.

--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php


Thanks for your response

what do you mean if it is on the same domain?

How can I generate server - side and encrypt it or decrypt it?
Sorry about the questions, I am new to javascript.

Thanks
Jul 23 '05 #3

P: n/a
In article <2e*****************@newsread1.news.pas.earthlink. net>,
je***@mindspring.com says...

"Hywel Jenkins" <hy**********@hotmail.com> wrote in message
news:MP************************@news.individual.ne t...
In article <0T*****************@newsread1.news.pas.earthlink. net>,
je***@mindspring.com says...
I am creating a cookie based on a referral id like
www.mydomain.com/refid=3444

I call the cookie 'refidbymber' in the javascript that saves the 3444 to be viewed on the web page.

1. Is it possible for another web page to create a cookie called
'refidnumber' and overwrite my cookie that I placed on the persons pc?
Yes, as long as it's on the same domain.
2. Is there a way to hide the javascript in the url? you can see exactly the code to create, retrieve the cookie info.


Generate it server-side and encrypt it. Decrypt is server-side too.

Isnt this dangerous?


Possibly.

Thanks for your response

what do you mean if it is on the same domain?

How can I generate server - side and encrypt it or decrypt it?


Depends on your scripting language. Most server-side languages either
have built-in cookie functions or libraries that handle them for you.
Encryption - RC4 is nice and simple.
Sorry about the questions, I am new to javascript.


That's not a problem. Using JavaScript for this may be, though. If you
want encryption that's secure it may be the wrong technology: if CS
JavaScript needs to decrypt a string, the encryption key will also need
to be client-side.

--
Hywel I do not eat quiche
http://kibo.org.uk/
http://kibo.org.uk/mfaq.php
Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.