Can't find cookie in cookie directory ... where could it be?

H

HorseGeek

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.

I've included code below so you can see what I'm doing.

THANKS!
R

The cookie is first written by a login script.

Response.Cookies('sSecurity') = sSecurity;
// Set the cookie's path
sCOOKIEPATH = fSetCookiePath(); //See code at end

//Sets the cookie's expiration time to one hour in the future
sDate = fSetCookieTime('HOURS',1);


Each time the user navigates to a new screen, their authorization is
checked.
if (sSecurity == ''){
Response.Redirect('/client/login.asp)
}
else{
sDate = fSetCookieTime('HOURS',1);
}
var cookie_path = "";
cookie_path = fSetCookiePath();


function fSetCookiePath() {

var path_variable = Request.ServerVariables.Item('HTTP_REFERER');
var get_loc = 0;
var path_start = 0;
var cookie_path = "";
var path_len = 0;


path_variable = new String( path_variable);
path_start = path_variable.indexOf('//');
cookie_path = path_variable.substr(path_start + 2);
path_start = cookie_path.indexOf('/');
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(path_start, path_len);
path_len = cookie_path.length - 1;
cookie_path = cookie_path.substr(0, path_len);

//If there is more than one "/" remove any data following the second
// "/"
get_loc = cookie_path.indexOf("/", 1)
if (get_loc > 0) {
cookie_path = cookie_path.substr(0, get_loc);
}

//If a path is created, then set the path
if (cookie_path > "") {
Response.Cookies('stoken').Path = cookie_path;
}
return cookie_path;
}
 
M

Michael Winter

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

You do realise that the cookie location has nothing to do with the Path
field in said cookie, don't you. The code you presented doesn't do
anything to help diagnose the problem.

There are only two things that I can think of at the moment that determine
whether you'll be able to find a cookie in the browser's cookie directory:

1) Are cookies accepted by the browser?
2) Is the cookie a session cookie, or a persistent cookie?

You attempt to set the expiry date for the cookie, so I'd assume the
cookie is persistent, but as you don't post the relevant code, there's no
way to tell if it functions correctly. If you are certain that the expiry
date is set correctly, this is a browser question and not a JavaScript
one. In that case, you'll have to ask a group that deals with the browser
you're using.

Mike
 
K

kaeli

I can't find a cookie that my code is writing. The behavior of my
webpages indicates that the cookie IS being written SOMEPLACE.
However, I can't find it.

It depends on your browser and your settings in said browser.
The place the cookie goes on the client has absolutely nothing to do
with your path data in the cookie, BTW. That is not what that is for.
The path data applies to the server.
Cookies are written on the client.
My client does not want the code going into production unless they can
actually see where the cookie is being written. They are concerned
that the cookie may stay around after they leave the screen and grant
authorization to other users to get to web pages that they are now
allowed to access.

Using cookies for security is a Bad Idea(tm).
Use a server-side method with HTTPS if you're really concerned.
Otherwise use .htaccess/Apache or IIS protection with session data that
expires when the browser is closed or the page is left.
Since it looks like you're using ASP, I'd use IIS built-ins to do
security. This is not the group to go into that, but I'm sure there's
plenty to find out at the microsoft groups.

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,836
Latest member
BuyBlissBitesCBD

Latest Threads

Top