troubleshooting Question

Cookies and Security

Avatar of Bob Schneider
Bob SchneiderFlag for United States of America asked on
ASPSecurityVulnerabilities
7 Comments2 Solutions56 ViewsLast Modified:
I have begun to use cookies to create a "Remember Me" utility for logins on two of my sites.  I would like to check my  process to see if there are vulnerabilities in my process.  Apologies to Scott Fell who has been so helpful over the years if I should know this.  Here is my process...please let me know of any thing that needs to be done differently...and thanks in advance.

The site I will use as an example is www.gtraxc.com/.  If a registered user clicks the Remember Me checkbox when logging in, the following happens:

            If Request.Form.Item("remember-me") = "on" Then
                Response.Cookies("user")("gtraxc_id") = Session("gtraxc_id")
                Response.Cookies("user").Expires = Date + 180
            End If

In the future when they log in the following happens:
     Session("gtraxc_id") = Request.Cookies("user")("gtraxc_id")

If Len(Session("gtraxc_id")) > 0 Then
     'check for existence in the db and if found redirect to the appropriate page
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros