troubleshooting Question

Cookies and Security

Avatar of Bob Schneider
Bob SchneiderFlag for United States of America asked on
7 Comments2 Solutions56 ViewsLast Modified:
I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites.  I would like to check my  process to see if there are vulnerabilities in my process.  Apologies to Scott Fell who has been so helpful over the years if I should know this.  Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.

The site I will use as an example is  If a registered user clicks the Remember Me checkbox when logging in, the following happens:

            If Request.Form.Item("remember-me") = "on" Then
                Response.Cookies("user")("gtraxc_id") = Session("gtraxc_id")
                Response.Cookies("user").Expires = Date + 180
            End If

Open in new window

In the future when they log in the following happens:
     Session("gtraxc_id") = Request.Cookies("user")("gtraxc_id")

If Len(Session("gtraxc_id")) > 0 Then
     'check for existence in the db and if found redirect to the appropriate page

Open in new window

Systems architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Top Expert 2006

The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.

Join our community to see this answer!
Unlock 2 Answers and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros