Cookies loopholes

Results 1 to 3 of 3

Thread: Cookies loopholes

  1. #1
    Join Date
    Dec 1969

    Default Cookies loopholes

    Dear friends,<BR><BR>1. Assume there was a URL :<BR>2. Once userid and pasword has been entered in this page, Procced to<BR>and if he is invalid user alert him When users provided correct login<BR>details, we were setting a value to the cookies<BR>So that in each page after logged in, i will be checking if the value exist in cookie then the page will open. This is just to prevent invalid users to gain entry to the system directly by providing the URL bypassing the<BR><BR>I like to know any other ways available for any user to gain entry in to an ASP application which uses cookies.

  2. #2
    Join Date
    Dec 1969

    Default RE: Cookies loopholes

    If you&#039;re relying on cookies then there are many ways. As a cookie is a client-side text file, and is included in plain text in the http request/response, it&#039;s possible for anyone to fake the request and gain access.<BR><BR>Craig.

  3. #3
    Join Date
    Dec 1969

    Default I used to use session values

    but I read somewhere that these are cookies as well. What is the best method for this type of access controL?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts