A
anoop
hello,
I am writing the Following coding for preventing Session Fixation
attack in ASP.Net website, but I could not retrieve the cookie added and the
value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the Web Form
Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been authenticated.
' It is expected that the session has been invalidated prior to this call.
Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessionID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not (HttpContext.Current.Request.Cookies("CLoginSessionID") Is
Nothing)) Then
If Trim(cookie_value) <> Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you
I am writing the Following coding for preventing Session Fixation
attack in ASP.Net website, but I could not retrieve the cookie added and the
value of
cookie_value remains blank.
----------------------------------------------------------
Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography
Public Class AntiFixation
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
'NOTE: The following placeholder declaration is required by the Web Form
Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function
' This routine should be called after the user has been authenticated.
' It is expected that the session has been invalidated prior to this call.
Public Sub AntiFixationInit()
Dim value
value = RandomString(10)
Dim cookie1 As HttpCookie
cookie1 = New HttpCookie("CLoginSessionID", value)
cookie1.Path = "http://demotemp259.nic.in/"
cookie1.Value = value
HttpContext.Current.Response.Cookies.Add(cookie1)
Session("LoginSessionID") = value
End Sub
Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie
If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSessionID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If
End If
session_value = Session("LoginSessionID")
If (Not (HttpContext.Current.Request.Cookies("CLoginSessionID") Is
Nothing)) Then
If Trim(cookie_value) <> Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If
End If
End Sub
End Class
Please help me , how to get the value of cookie - cookie_value
Thank you