Solved

Cookie format has changed

Posted on 2011-09-08
11
275 Views
Last Modified: 2012-05-12
It used to be that IE cookies were stored in the users cookies folder (c:\users\username\cookies or c:\documents and settings\username\cookies) in the form: username@domainname e.g. admin@bbc.co[1].txt
Something has changed in the last few months so that the cookies are now stored in what appears to be a random letter and number format e.g. F6F3N6DQ.txt
There is no way of telling which cookie is which without opening each text file and inspecting the contents - and even then it's not obvious.
There now appears to be a new entry type in the temporary internet files cache folder e.g. cookie: admin@bbc.co.uk/
This is linked in some way to the relevant file in the cookies folder. For instance if you delete 'cookie: admin@bbc.co.uk' from temporary internet files folder it deletes F6F3N6DQ.txt in the cookies folder.
Therefore, the entire way IE stores cookies has been changed at some point - this has severely impacted several of our applications which rely on deleting cookies programatically (I am still having problems redesigning the apps to delete from the new locations - it appears you cannot now delete directly using the file system!)
Does anyone know when this change came about, the reasons behind it and whether it is possible to revert back to the previous system?
0
Comment
Question by:jamesrbourne
  • 6
  • 4
11 Comments
 
LVL 14

Expert Comment

by:binaryevo
ID: 36502315
How exactly is your application deleting cookies ( IE: paste the code )?   If you can give me some more technical details on the "how's" i can possibly help you minimize the impact of the changes that you would have to make.
0
 

Author Comment

by:jamesrbourne
ID: 36502488
Sample code to delete previous style cookies:

fs = CreateObject("Scripting.FileSystemObject")
ucl = ""
uclok = True
ucl = My.Computer.Registry.GetValue _                     ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Cookies", Nothing)
'Strip trailing slash if present
If Right(ucl, 1) = "\" Then
     ucl = Left(ucl, Len(ucl) - 1)
End If
fs1 = ucl & "\*@bbc*.txt"
fs.DeleteFile(fs1)
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36505063
"This is linked in some way to the relevant file in the cookies folder. For instance if you delete 'cookie: admin@bbc.co.uk' from temporary internet files folder it deletes F6F3N6DQ.txt in the cookies folder."

FYI, "%userprofile%\local settings\temporary internet files" folder doesn't contain anything. It is a "Special" Shell Folder, which combines data from %userprofile%\cookies, and "Shell:cache\content.ie5" (just paste the paths into a RUN dialog)... The content.ie5 folder is hidden, and is not visible in the Folder Listing from the Temporary Internet Files folder contents. You have to add that in the Address bar, or type it directly.

Hence explaining why when you deleted it from the TIF folder, you really deleted it from the cookies folder...

And in Windows 7, it is "%userprofile%\AppData\Roaming\Microsoft\Windows\Cookies"
0
 

Author Comment

by:jamesrbourne
ID: 36505895
In reply to johnb6767:
Thanks, yes that explains the link but where is the reference ''cookie: admin@bbc.co.uk' being stored and how do you access it and match it to the actual cookie file.
As you say TIF is empty when read by the file system object so you seem to not be able to delete in the traditional manner. Any idea?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36507722
In your script above you already have the location.....

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Cookies"

I still dont have an explanation as to the cookie formats changing... The only guess I can offer, is perhaps from either InPrivate Filtering, or from sites visited with Protected Mode enabled....
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:jamesrbourne
ID: 36508695
Thanks, johnb6767

This occurs without InPrivate filtering and occurs on XP as well as Win 7 - protected mode only available on Vista and above so it's nothing to do with that either.

I have a case open with MS regarding this and will post back any results but i'm surprised I cannot find more info regarding this change of cookie storage behaviour - anyone else please?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36520635
I wish I had more for you.....
0
 

Author Comment

by:jamesrbourne
ID: 36548083
Microsoft have come back to me. The change in behaviour took place with cumulative security update MS11-057 released on 9 August 2011 see: http://support.microsoft.com/kb/2559049
This blog explains the cookie behaviour change: http://blogs.msdn.com/b/ieinternals/archive/2011/08/12/internet-explorer-9.0.2-update-changes-file-protocol-and-cookie-naming.aspx
Scroll down to 'Cookie Filenames are Randomized'
This has done wonders for my sanity!
So, it looks like you can no longer use filesystemobject to easily delete cookies, according to a filter, from the cookies folder- you can delete from the cache manually by going to the Temporary Internet Files. To programatically delete cookies they are recommending the WinInet functiions:
http://msdn.microsoft.com/en-us/library/aa452092.aspx
I'll be taking at look at this and will post if successful.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36553240
Excellent to know.....

Heres another method that can be used for cookie cleaning.....

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2

0
 

Accepted Solution

by:
jamesrbourne earned 0 total points
ID: 36902149
Wininet is definitely the way to go with this - pretty complex and not for the faint hearted. As well as the MS article above these may be useful to anyone attempting to programme it:
http://msdn.microsoft.com/en-US/library/aa385134%28v=VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa385134%28v=vs.85%29.aspx
http://www.vbforums.com/showthread.php?t=588995
0
 

Author Closing Comment

by:jamesrbourne
ID: 36935090
MSDN support call opened with Microsoft which helped in explaining and solving this problem.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now