Solved

Can a cookie NOT be associated with a page?

Posted on 1999-01-06
9
149 Views
Last Modified: 2010-04-09
Suppose page1.htm creates (nad manages) a cookie by running a series of javascript functions, such as:
cookie()
_cookie_store()
_cookie_load()
_cookie_remove()
which are standard functions for cookies. The cookie stores the username and password of a user. I noticed that the created cookie becomes associated with the page that created it.  How can I access the cookie created by page1.htm from another page, say page2.htm to validate the identity of the user info stored in that cookie?
0
Comment
Question by:matala
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:martinag
ID: 1841373
It should work.
Are the pages on the same server? Same path?

Martin
0
 
LVL 4

Expert Comment

by:martinag
ID: 1841374
What's the source of those functions, by the way?

Martin
0
 

Author Comment

by:matala
ID: 1841375
Good question.  They are on the same server, but different path.  I put them both on the same path and they can actually look at the same cookie.  Thanks.
Now does that confirm that a cookie is not associated with a page?
0
 
LVL 8

Accepted Solution

by:
jhurst earned 50 total points
ID: 1841376
Cookies are associated with domains or sub-domains depending on how they are set.  If all pages are on the same server and the cookie setting code does not specify any sub-domain then they can be shared.  If however the sub-domain is set in the cookie then it is restricted to that.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 4

Expert Comment

by:martinag
ID: 1841377
If you post the cookie function I can modify it to include the path.

Martin
0
 

Author Comment

by:matala
ID: 1841378
Here the code that I am using.  Notice the domain is not passed when I call cookie().

function Cookie(document, name, hours, path, domain, secure)
{
      this.$document = document;
      this.$name = name;
      if (hours) this.$expiration = new Date((new Date()).getTime() + hours*3600000);
        else this.$expiration = null;

      if (path) this.$path = path; else this.$path = null;
      if (domain) this.$domain = domain; else this.$domain = null;
      if (secure) this.$secure = true; else this.$secure = false;
}

function _Cookie_store()
{
       var cookieval = "";
      for(var prop in this)
      {
              // Ignore properties with names that begin with '$' and also methods.
            if ((prop.charAt(0) == '$') || ((typeof this[prop]) == 'function')) continue;
            
            if (cookieval != "") cookieval += '&';

            cookieval += prop + ':' + escape(this[prop]);
      }

      var cookie = this.$name + '=' + cookieval;
      if (this.$expiration) cookie += '; expires=' + this.$expiration.toGMTString();
      if (this.$path) cookie += '; path=' + this.$path;
      if (this.$domain) cookie += '; domain=' + this.$domain;
      if (this.$secure) cookie += '; secure';

      this.$document.cookie = cookie;
}


function _Cookie_load()
{
      var allcookies = this.$document.cookie;
      if (allcookies == "") return false;

      var start = allcookies.indexOf(this.$name + '=');
      if (start == -1) return false;   // Cookie not defined for this page.
      
      start += this.$name.length + 1;  // Skip name and equals sign.
      
      var end = allcookies.indexOf(';', start);
      if (end == -1) end = allcookies.length;
      var cookieval = allcookies.substring(start, end);

      var a = cookieval.split('&');    // Break it into array of name/value pairs.
      for(var i=0; i < a.length; i++)  // Break each pair into an array.
            a[i] = a[i].split(':');

      for(var i = 0; i < a.length; i++) this[a[i][0]] = unescape(a[i][1]);

      return true;
}

function _Cookie_remove()
{
      var cookie;
      cookie = this.$name + '=';
      if (this.$path) cookie += '; path=' + this.$path;
      if (this.$domain) cookie += '; domain=' + this.$domain;
      cookie += '; expires=Fri, 02-Jan-1970 00:00:00 GMT';

      this.$document.cookie = cookie;
}

//***************************************************

new Cookie();
Cookie.prototype.store = _Cookie_store;
Cookie.prototype.load = _Cookie_load;
Cookie.prototype.remove = _Cookie_remove;

var visitordata = new Cookie(document, "name_password", 1);

0
 
LVL 4

Expert Comment

by:martinag
ID: 1841379
Ok, the path is included in the functions. Good...

Replace
  var visitordata = new Cookie(document, "name_password", 1);
with
  var visitordata = new Cookie(document, "name_password", 1, "/");

See that ending "/" I added? That's the path. This means that all documents under that path can access the cookie. You'll probably want to be more specific (espacially if you're at a web hotel or some other kind of server were multiple home pages resides), so give the longest possible path.
For example, if your documents are placed like this:
* /a/b/c/d/e/page1.htm
* /a/b/c/e/f/page2.htm
you could use the path "/a/b/c".

BTW, those functions are pretty nice. Where did you find them?

Martin
0
 
LVL 4

Expert Comment

by:martinag
ID: 1841380
matala, are you still there?

Martin
0
 

Author Comment

by:matala
ID: 1841381
Thanks martinag; I was away for a while.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Do you want to insert HTML5 video into your site? This is the tutorial how to do so. What are the main advantages of HTML5 video? 1) Have good compression, good image quality, and low decode processor use. 2) It is royalty-free 3) It is easi…
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now