Cookie eater... Problem with IE6 & ASP.

D

Derick Bailey

I have a development website running on Win2K Server, using ASP 3.0. I'm
using IE6 (all updates added).

I have a cookie that is set on a login page, which is an Encrypted password:
Response.Cookies("PWORD")=EncryptedPassword

I then redirect to a page:

Response.Redirect(GotoPage)

and on the page that is redirected, i look at the cookie:

Response.Write(Request.Cookies("PWORD"))

the problem is, when I do the request.cookies, it is NOT encrypted. The only
code that ever sets this cookie is the one line that I showed above, and one
line to set it to "" when the user hits the Logout button.

why is my cookie showing up unencrypted? and how do I fixe this? it seems to
be specific to my machine... but it just started happening last friday - and
i did not update anything, when this started happening. ... i was just
looking at pages on the site.
 
D

Derick Bailey

More Info:

When I do this:
Response.Write(Request.Servervariables("HTTP_COOKIE"))
the results show my cookie in the proper encrypted form.
 
M

MSFT

Hi Derick,

Is it possible for EncryptedPassword to return raw string without
Encryption? For example, there are some logical problem in the function? Is
there any some else code in your project which may change the cookie?
Additionally, if you clear the client cookie in IE and browse to the web
site again, will this fix the problem?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
D

Derick Bailey

there is no logic used when reading the cookie, just
Request.Cookies("PWORD")

deleting the cookie from my hard drive fixed it.

thanks.
 
M

MSFT

I suspect "response.cookies("PWORD")" was written directly in your code
without Encryption. So the client cookie save on client disk without
Encryption. You may check your code to see if it is posible.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with KMKfw libraries 1
cookie testing 1
Cookie issue(cant fix it with anyhting) 5
problem with write cookie 6
Cookie Problems 1
problem accessing cookie values 1
Security of a cookie 3
IE6/7 cookie stuff 1

Members online

No members online now.
Total: 59 (members: 0, guests: 59)
Robots: 405

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,812
Latest member
GracielaWa

Latest Threads

Top