I have created code to create a cookie about a user when their login and when they tick a remember me box.
The problem is though the the data in the cookie is stored in plain text. Which means I can use firefox and it webdeveloper tool to look at the cookie and change the values.
My question is how do you encrpyt a cookie so it doesnt store the info in plain text?
When I set a cookie in global.asa in the sub session_onstart, even if I have "privacy" in IE 6.X set to "block all cookies" the cookie is still set, and I can get it on other pages.
I can't find an article that addresses this as a specific issue. Why does the browser get the cookie when it is set in the session_onstart event even when I have "block all cookies" set?
The problem is that the code for "change_school.asp" takes the user right to "portal.asp". I checked the code of "change_school.asp" and it does indeed set a cookie value for "school", but for some reason "default.asp" is still finding the old cookie stored and then redirecting...any ideas guys?
'code for change_school.asp...clears the cookie "school" and redirects to page (default.asp) where user can select a new school <% Response.Cookies("school")= "" Response.Redirect "default.asp" %>
'code for default.asp which allows user to select a new school, and if the cookie "school" has some value then they are redirected. <% If request.cookies("school") <> "" then Response.Redirect "portal.asp" end if %>
On this website i am building it has password protection on certain pages. So i have a "login" portion on the right side of the page, that is shown on every page. When someone logs in is it possible to change that little section to just say Welcome so and so? Instead of having the username and password form with submit button?? Or is this something that requires some java to hide it?
Part II When someone logs in i want them to recieve a cookie, in that cookie i want it to contain the person's name (wich i want the to be put next to the "welcome back on part I), email address, and up to four other numerical values. (some people will have greater access to sections of the site depending on who they are)
Is is possible to grab this information from the SQL database and put in the cookie? If so can anyone please show me, point me in right direction, ect?
I'm using FrontPage Database results wizards to retrieve data from Access. I have a cookie containing a number I'd like to insert in a custom query. Whenever the page opens, I want the query to run using the value in the cookie. I haven't been able to figure out how to transfer the cookie value into something the FP webbot will accept in the query.
What i am trying to do is this: I want to make a cookie. If someone comes back to a page (say after an hour after they left)i want them to get a specific popup. If someone comes back after than hour I want them to get a different popup, telling them something different.
I'm going to go down this route of Cookie detection
<%
If Request.Querystring("Check") = "" Then
Session("cookietest") = "True"
Response.Redirect("cookietest.asp?Check=True")
Else
If Session("cookietest") Then
<!-- Execute code if enabled -->
Else
<!-- Execute code if disabled -->
End If
End If
%>
I’m a little worried, do you know how spiders work with regards to this sort of thing? My site gets some traffic due to it being spidered by the likes of google and I don’t want to loose that flow.
If I use this at the entry point of my site to redirect browsers with cookies turned off to a page telling them to turn them on will that stop the spiders?
im trieng to delete it before the expired time has comed anyway i am trieng to delete it by setting the cookie to ""
like so: Response.Cookies("name") = "";
but its not working but...i found out that if i dont set the path it is being deleted but i have to set the path because from some reason without it i have issues where the cookie is not found in some pages.
I have a problem with a Cookie in an ASP page. Without any apparent reason, one of the Cookies disappears, but the others are ok.
I'm at Page1, a link goes to Page2. Page2 redirects to Page3 and Page3 redirects to Page1. When I'm back to Page1, sometime, one of the cookies don't exist anymore... But the others are there! The disappeared Cookie isn't always the same, in the 18 Cookies that I have.
The environment is composed of 4 clustered servers. Page1 is SSL, but not Page2 and Page3.
I don't have more than 4KB (1.86KB to be more precise) of data and I don't have more that 20 Cookies on the same domain.
I want to retrieve the value of a cookie to make a form a little more user friendly (our intranet is configured to set a cookie for User First Name, Last Name and Email when they log in)
Unfortunately I can't figure out how to retrieve the value of the cookie. I've been trying:
<% Response.write Request.Cookies(UserLName) %>
But it gives me an error - I used Checky to make sure the cookies are there and they do exist:
When I run the ASP page for the first time, I find out, that the Cookie file name contains some several special characters such as %5F, which are encoded with a URLEncode function. So, I have the following string (after convert): ....
Is there a way to store an array of information in a cookie? ie. a user can have a "x" long list of a variable stored in a cookie, so when they return to the site this information can be retrieved.
I need to revisit cookie testing. On the home page and every product page I write a cookie. I do this because some users enter by direct links to product pages.
<% Response.Cookies("cookietest") = ("49") Response.Cookies("cookietest").Expires = Date + 2 %>
On the cart page I test for the cookie...
<% If Request.Cookies("cookietest") <"49" Then Response.Redirect("err.asp?e=1") End If %>
I have a user that insists he has cookies enabled, yet he keeps getting redirected to my error page which suggests he does not have cookies enabled. What could cause this? Is the above too simple for all circumstances?
Is there more extensive code that I could setup on a hidden page where I can send users to get read out on how they actually have their browsers setup? i.e. Run a test on their browser and the results are emailed to me.
I have an asp page where i created cookies-for admin and for user. The aspx page reads these cookies. Everything seems to work fine but now i have to create a new cookie if cookie has expired or if cookie is null. Also, i am having problems with the expire because if the username belongs to the admin for example and then i want to change the username that belongs to a normal user the cookie recognises the first (admin) cookie. How do i solve this? .....
if (request.cookies("example") <> "" response.redirect("login.asp") response.end end if
(I will try to explain as easy i can), so in the login.asp using a .mdb i get the username and check with the password, and putting the username in the cookie in this case called example, but using some cookie poisoning i can be anybody logged in, even sb out of the table of users, i didn't use the session object, i wanted to use a cookie because i got curiosity and i didn't understand what is the difference, and actually i don't understand so much...anyways i got 2 questions, how i do sth for protect the cookie for cookie poisoning and what is the difference between the session and the cookie (from the little what i know is that the session is a predefined cookie that has some encrypting stuff and that so on and got some properties, methods right? and the cookie is just a information holder without any extra stuff as the session object has, am i right?)
well in session we got session.abandon and all the bad sessions gone... i need to delete cookies from users side, there is option for this in asp dot net but in classic asp how we can do it?
I've set my IE6.0 to prompt me for all cookies, which it does for all web pages I visit, but not for the above asp page which is hosted from IIS5.1 on my PC. I can see the cookie being created in my Cookies folder, but would like to be prompted first!
I''m having a problem with cookies that is driving me insane :). - If a user comes to http://domain.com and a cookie is set for them, then the user for whatever reason jumps to http://www.domain.com one of the 2 happens:
1) The cookie we set can not be read (expected), but then a new one can not be written ether (I looked at the server headers and although the cookie information is sent, IE ignores it).
2) The cookie from http://domain.com can be read, but you can not write to this cookie. Same here cookie is sent back from the server but IE ignores it.
Now, if its the other way around. If a user comes to http://www.domain.com, a cookie is set, then he/she jumps to http://domain.com:
The cookie can not be read (expected), but a new one can be written (as it should be).
So after driving my self insane, i whent out and tried it out in other servers to see if it was true. I tried 4 different sites which used cookies (for shopping carts). I did the same tests, (Go in via domain.com, add something to cart, then, jump to www.domain.com, cookie would not be overwritten. Then did the other way around, everything worked fine.)
I have always used this in ASP to test if the client is accepting cookies:
<%@language="VBScript"%> <% Session ("nc") = 1 If Len(Session("nc")) = 0 Then 'Cookies Off Else 'Cookies On End If %>
But I only ever tested it in Microsoft Internet Explorer 6 though not sure. Anyway with Microsoft Internet Explorer 5.5 SP2 Len(Session("nc")) <> 0 always whether cookies are on or off. Can anyone suggest a better cookie test that will work in most browsers?
am trying to create a login page for the first time, I have a login page, validate login page and if the password is correct it takes me to the first page.
I have customized this code someone else created,but what I have a problem with now is I need to log who submitted that data and that is why I am trying to read UserName cookie so I can later match that data.
This is the error I get which is telling me that it is reading the cookie since this is the UserName I am logging in with Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name 'boxhill'.
but I can't see what is wrong, and there is not much out there for this kind of error.
So I can login successfully but now i need to read and dispaly that cookie and then insert the value of the cookie but,but don't worry about that now, just trying to give you the full picture.
I'm writing an ASP validation script that uses a cookie that is created by a user validation page and has a single value. This site will be used only under Internet Explorer 5 and more recent.
My problem is that the page called after the cookie creation can't read the cookie unless I set the Cookie.Path attribute to "". All the documentation that I found about it is very brief, don't explain how it really works and if there's any kind of "side effects". An even stranger fact is that some people of my team can read the cookie without setting the Cookie.Path attribute.
Can anyone tell me how the Cookie.Path really works or witch browser settings make it needed (or not)?
Having just migrated to w2k from NT4, I've stumbled across an oddity with cookie handling - at least, that's what it appears to be. I (was) using response.buffer with .addheader to write two cookies into a the http header for a particular page . Worked fine for three years.
After the upgrade, I'm finding that two copies of the same cookie appear, one with blanks for values, the other with values filled in; this has the effect of logging the user into the page if the first copy isn't blank....
So, I changed the code to use response.cookie, which is fine, but the names/values get encoded, and unfortunately the software vendor uses dashes in the name part.
Is there any way to force .cookie to not encode the '-'?
or do I need to look at javascript to write the cookie?
I'm not really asking about "someone stole my credit card info through cookies".
Here's the deal:
I have 2 sites (different domain names) running from one server. One is SSL the other is not. The SSL site has a login and password, which return the user's unique id, which is stuck into a session cookie.
This cookie is then checked at every page because every page is built based on the user's id. If it is not present, the user is redirected to the login page. If the id is wrong, there will be no information shown on the page.
My question is this, can the other (non-SSL) web site see this cookie? The site has no asp or anything else, but if someone "broke into" the non-secure site, could they read the cookie from the other site?