Bob Schneider
asked on
Cookies and Security
I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites. I would like to check my process to see if there are vulnerabilities in my process. Apologies to Scott Fell who has been so helpful over the years if I should know this. Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.
The site I will use as an example is www.gtraxc.com/. If a registered user clicks the Remember Me checkbox when logging in, the following happens:
In the future when they log in the following happens:
The site I will use as an example is www.gtraxc.com/. If a registered user clicks the Remember Me checkbox when logging in, the following happens:
If Request.Form.Item("remember-me") = "on" Then
Response.Cookies("user")("gtraxc_id") = Session("gtraxc_id")
Response.Cookies("user").Expires = Date + 180
End If
In the future when they log in the following happens:
Session("gtraxc_id") = Request.Cookies("user")("gtraxc_id")
If Len(Session("gtraxc_id")) > 0 Then
'check for existence in the db and if found redirect to the appropriate page
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm sorry but it still did not work. I appreciate your help.
Sorry Bob, can you send me the Cookie data as they where with your old method and with the new method?
You can see the cookie data when you press the F12 button and open the Developer Console.
The you can see in the Network trafic the requests and responses.
Look for one reponse after you assume that cookies where set and look for cookie data.
Like in this image:
You can see the cookie data when you press the F12 button and open the Developer Console.
The you can see in the Network trafic the requests and responses.
Look for one reponse after you assume that cookies where set and look for cookie data.
Like in this image:
ASKER
I'm having a hard time finding that data in Chrome. I tried edge but I'm not finding it there either. I opened the login page, pressed f12, selected network, logged in with "Remember Me" selected. I apologize for being so dense.
You have to open F12 Developer Consele before fetching your login page.
You see only records after console has started.
You can also add this snippet on your page and show me the complete string prompted in the prompt():
You see only records after console has started.
You can also add this snippet on your page and show me the complete string prompted in the prompt():
<script>
prompt("Cookies:",document.cookie);
</script>
ASKER