Cookie Security
page 1 of 1
Published: 17 Oct 2003
Unedited - Community Contributed
Abstract
A short article on providing a bit of security for the cookies on your site.
by . .
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 18373/ 24

ASP Tip : Cookie Security

 

Introduction

If your site is going to use cookies to store things like usernames and passwords then you should apply some security to the cookie (even if the information is encrypted).

Why?

Take this scenario -

  • You store a username and password in a cookie that will remain on the user's computer.

  • Another website copies that cookie from the user's computer.

  • They can use that cookie to gain access to your site.

To protect yourself you can use Domain and Path settings.

How?

<%
Response.Cookies("uinfo") = "uname,password"

Response.Cookies("uinfo").Domain = "your-domain.com"
Response.Cookies("uinfo").Path = "/auth/secure"
%>

This means that the cookie can only be accessed from 'your-domain.com' in directory /auth/secure



User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2017 ASPAlliance.com  |  Page Processed at 2017-05-24 12:11:01 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search