Owner

Bob Schneider

<div>
Thanks but I replaced my set cookie snippet with yours and it did not appear to save the cookie...meaning that I still had to log back in each time. &nbsp;What am I missing. &nbsp;Apologies for my misunderstanding.
</div>


<div>
I'm sorry but it still did not work. &nbsp;I appreciate your help.
</div>


<div>
Sorry Bob, can you send me the Cookie data as they where with your old method and with the new method?<br>You can see the cookie data when you press the F12 button and open the Developer Console.<br>The you can see in the Network trafic the requests and responses.<br>Look for one reponse after you assume that cookies where set and look for cookie data.<br>Like in this image:<br><a href="https://filedb.experts-exchange.com/incoming/2020/04_w15/1449459/1586447236280.png" rel="ugc"><img src="https://filedb.experts-exchange.com/incoming/2020/04_w15/1449459/1586447236280.png" class="fr-fic fr-dib"></a><br><br>
</div>


1586447129195.png

1586447030707.png

1586447236280.png

1586447200128.png

<div>
I'm having a hard time finding that data in Chrome. &nbsp;I tried edge but I'm not finding it there either. &nbsp;I opened the login page, pressed f12, selected network, logged in with &quot;Remember Me&quot; selected. &nbsp;I apologize for being so dense.
</div>


<div>
You have to open F12 Developer Consele before fetching your login page.<br>You see only records after console has started.<br><br>You can also add this snippet on your page and show me the complete string prompted in the prompt():<br><pre><code class="code-1 nolinks" id="code-20-43065098-1"><span>&lt;script&gt;</span>
<span>prompt("Cookies:",document.cookie);</span>
<span>&lt;/script&gt;</span>
</code></pre>
</div>


<div>
<div class="content wysiwyg-content">
I have begun to use cookies to create a &quot;Remember Me&quot; utility for logins on two of my sites. &nbsp;I would like to check my &nbsp;process to see if there are vulnerabilities in my process. &nbsp;Apologies to Scott Fell who has been so helpful over the years if I should know this. &nbsp;Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.<br />
<br />
The site I will use as an example is <a href="http://www.gtraxc.com/" rel="ugc">www.gtraxc.com/</a>. &nbsp;If a registered user clicks the Remember Me checkbox when logging in, the following happens:<br />
<br />

<pre><code class="code-1 nolinks" id="code-10-29178125-1"><span>            If Request.Form.Item(&quot;remember-me&quot;) = &quot;on&quot; Then</span>
<span>                Response.Cookies(&quot;user&quot;)(&quot;gtraxc_id&quot;) = Session(&quot;gtraxc_id&quot;)</span>
<span>                Response.Cookies(&quot;user&quot;).Expires = Date + 180</span>
<span>            End If</span>
</code></pre>
<br />
In the future when they log in the following happens:<br />

<pre><code class="code-1 nolinks" id="code-10-29178125-2"><span>     Session(&quot;gtraxc_id&quot;) = Request.Cookies(&quot;user&quot;)(&quot;gtraxc_id&quot;)</span>
<span></span>
<span>If Len(Session(&quot;gtraxc_id&quot;)) &gt; 0 Then</span>
<span>     'check for existence in the db and if found redirect to the appropriate page</span>
</code></pre>
</div>
</div>


I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites.  I would like to check my  process to see if there are vulnerabilities in my process.  Apologies to Scott Fell who has been so helpful over the years if I should know this.  Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.

The site I will use as an example is www.gtraxc.com/.  If a registered user clicks the Remember Me checkbox when logging in, the following happens:

(CODE)

In the future when they log in the following happens:
(CODE)

Cookies and Security

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.