Link to home
Start Free TrialLog in
Avatar of Bob Schneider
Bob SchneiderFlag for United States of America

asked on

Cookies and Security

I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites.  I would like to check my  process to see if there are vulnerabilities in my process.  Apologies to Scott Fell who has been so helpful over the years if I should know this.  Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.

The site I will use as an example is www.gtraxc.com/.  If a registered user clicks the Remember Me checkbox when logging in, the following happens:

            If Request.Form.Item("remember-me") = "on" Then
                Response.Cookies("user")("gtraxc_id") = Session("gtraxc_id")
                Response.Cookies("user").Expires = Date + 180
            End If

Open in new window


In the future when they log in the following happens:
     Session("gtraxc_id") = Request.Cookies("user")("gtraxc_id")

If Len(Session("gtraxc_id")) > 0 Then
     'check for existence in the db and if found redirect to the appropriate page

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Zvonko
Zvonko
Flag of North Macedonia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bob Schneider
Bob Schneider
Flag of United States of America image

ASKER

Thanks but I replaced my set cookie snippet with yours and it did not appear to save the cookie...meaning that I still had to log back in each time.  What am I missing.  Apologies for my misunderstanding.
SOLUTION
Avatar of Zvonko
Zvonko
Flag of North Macedonia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bob Schneider
Bob Schneider
Flag of United States of America image

ASKER

I'm sorry but it still did not work.  I appreciate your help.
Avatar of Zvonko
Zvonko
Flag of North Macedonia image
Sorry Bob, can you send me the Cookie data as they where with your old method and with the new method?
You can see the cookie data when you press the F12 button and open the Developer Console.
The you can see in the Network trafic the requests and responses.
Look for one reponse after you assume that cookies where set and look for cookie data.
Like in this image:
User generated image

Avatar of Bob Schneider
Bob Schneider
Flag of United States of America image

ASKER

I'm having a hard time finding that data in Chrome.  I tried edge but I'm not finding it there either.  I opened the login page, pressed f12, selected network, logged in with "Remember Me" selected.  I apologize for being so dense.
Avatar of Zvonko
Zvonko
Flag of North Macedonia image
You have to open F12 Developer Consele before fetching your login page.
You see only records after console has started.

You can also add this snippet on your page and show me the complete string prompted in the prompt():
<script>
prompt("Cookies:",document.cookie);
</script>

Open in new window