Re: Ram based Cookies
From: Mark (field027_at_idonotlikejunkmail.umn.edu)
Date: 04/28/04
- Next message: Mark: "ToolTip in a bound datagrid"
- Previous message: bruce barker: "Re: SSL"
- In reply to: Steve Drake: "Re: Ram based Cookies"
- Next in thread: Steve Drake: "Re: Ram based Cookies"
- Reply: Steve Drake: "Re: Ram based Cookies"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Apr 2004 12:51:55 -0500
Thanks Steve.
Correct me if I'm wrong but this essentially requires both the client and
the server to maintain this "value" that I'm passing in the cookie. To
regenerate the value on the server, and then compare it to the client
cookie, that means the server has to have a clue. :)
In my scenario, the whole point of passing the cookie is that I don't want
the server (session or otherwise) to have to regenerate the value. The
cookie maintains this information so the server doesn't have to.
Am I misreading your suggestion? Thanks again.
Mark
"Steve Drake" <Steve@NOSPAMDrakey.co.uk> wrote in message
news:u30AyUULEHA.1120@TK2MSFTNGP11.phx.gbl...
> You create a NEW cookie, base it on the vals from your non editable
cookie,
> this new cookie is a sort of encrypted version of the non editable cookie,
> in your server code, you REGEN this cookie from the non editable value, if
> it doesent match, you asume the cookie has change.
>
> This is sort of like a checksum.
>
> I dont have a code sample, yet, but I do need todo this sort of thing
soon.
>
>
> Steve
>
> you create a hash some sort of hash with some user info + the cookie name
+
> the cookie valiue
> "Mark" <field027@idonotlikejunkmail.umn.edu> wrote in message
> news:#bUWL3TLEHA.620@TK2MSFTNGP10.phx.gbl...
> > Great idea. A quick code sample, or pseduo code for both hashing and
> > unhashing would be deeply appreciated.
> >
> > Mark
> >
> > "Steve Drake" <Steve@NOSPAMDrakey.co.uk> wrote in message
> > news:OmRHo0TLEHA.3012@tk2msftngp13.phx.gbl...
> > > I would never assume it cannot be edit, cookie are sent in the HTTP
> > headers
> > > so you could intercept this and change the values.
> > >
> > > You could HASH the cookie.
> > >
> > > Steve
> > >
> > > Steve
> > > "Mark" <field027@idonotlikejunkmail.umn.edu> wrote in message
> > > news:ec4eswTLEHA.808@tk2msftngp13.phx.gbl...
> > > > We use cookies to maintain some state information about a users
> session.
> > > > They are not file based due to the fact that we don't specify a
> > expiration
> > > > date. They go away when the session ends. I know it's possible to
> > modify
> > > a
> > > > file based cookie. However, what would it take for a hacker that
did
> > not
> > > > have access to our web server to modify the value of a ram based
> client
> > > > cookie that we're creating below? I'm not concerned about someone
> > reading
> > > > what is in the cookie - I'm nervous about them being able to modify
> the
> > > > cookie value.
> > > >
> > > > Thanks in advance.
> > > > Mark
> > > >
> > > > HttpCookie ckCookie = Request.Cookies[strCookieName];
> > > > if (ckCookie == null)
> > > > {
> > > > ckCookie = new HttpCookie(strCookieName, strCookieValue);
> > > > Response.Cookies.Add(ckCookie);
> > > > }
> > > > else
> > > > {
> > > > Response.Cookies[strCookieName].Value = strCookieValue;
> > > > }
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Mark: "ToolTip in a bound datagrid"
- Previous message: bruce barker: "Re: SSL"
- In reply to: Steve Drake: "Re: Ram based Cookies"
- Next in thread: Steve Drake: "Re: Ram based Cookies"
- Reply: Steve Drake: "Re: Ram based Cookies"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
