Avatar of Bob Schneider
Bob Schneider
Flag for United States of America

asked on 

Cookies and Security

I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites.  I would like to check my  process to see if there are vulnerabilities in my process.  Apologies to Scott Fell who has been so helpful over the years if I should know this.  Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.

The site I will use as an example is www.gtraxc.com/.  If a registered user clicks the Remember Me checkbox when logging in, the following happens:

            If Request.Form.Item("remember-me") = "on" Then
                Response.Cookies("user")("gtraxc_id") = Session("gtraxc_id")
                Response.Cookies("user").Expires = Date + 180
            End If

Open in new window

In the future when they log in the following happens:
     Session("gtraxc_id") = Request.Cookies("user")("gtraxc_id")

If Len(Session("gtraxc_id")) > 0 Then
     'check for existence in the db and if found redirect to the appropriate page

Open in new window


Avatar of undefined
Last Comment

8/22/2022 - Mon