Cookie Munger

Results 1 to 2 of 2

Thread: Cookie Munger

  1. #1
    Join Date
    Dec 1969

    Default Cookie Munger

    Hey there,<BR><BR>I&#039;ve read that the cookie munger parses an html file looking for hyperlinks to append a session id to.<BR><BR>Lets say that I&#039;ve got one of these munged pages in my browser and I add the page to my favourites list.<BR><BR>Eventually, the session which was being tracked will time out and then later on, the ASP engine will allocate that ID to a different session with a different user.<BR><BR>Now, if the new user is in the middle of their session and, at the same time, I select the page which was stored in my favourites list, won&#039;t I then stumble into someone else&#039;s session? Surely this would be bad? Could this happen with a bookmarked page which had its session ID stored in a session cookie like normal?<BR><BR>Also, the cookie munger is frequently associated with bad performance because of all the parsing. However, surely it can&#039;t be that bad given the clearly seems to use a similar mechanism regardless of whether cookies are diabled or not?<BR><BR>Thanks,<BR><BR>I.

  2. #2
    Join Date
    Dec 1969

    Default RE: Cookie Munger

    Well the munger wouldn&#039;t ever reuse an ID. The ID is probably a GUID which is always unique. The guid also has the advantage of being hard to guess, so I couldn&#039;t hijack someone else&#039;s session by say just adding 1 to the id I see in my URL.<BR><BR>You shouldn&#039;t really compare amazon to any munger scenario you&#039;d be doing with ASP. Amazon does not use IIS or ASP. I&#039;m not saying your performance would necessarily be bad, but you have to ask yourself if it&#039;s worth it. <BR><BR>I&#039;ve never heard of anyone who actually used a munger with ASP, so I&#039;d be interested to hear comments from anyone who has.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts