Results 1 to 7 of 7
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    cookie weirdness

    I decided to try and use cookies to pass some info from a request string and have noticed a real oddness occurring as a result. I have the following code on a login page:
    <font face="Georgia">
    < %
    Response.Cookies("ReportNumber_BVS") = Request("ReportNumber")
    Response.Cookies("ComplainantID_BVS") = Request("ComplainantID")
    Response.Cookies("BVS_ID_BVS") = Request("BVS_ID")
    Response.Cookies("EmailNotice_BVS") = Request("EmailNotice_BVS")
    % >
    </font face=georgia>
    and the two fields with numbers (ComplainantID and BVS_ID) don't load UNLESS I refresh the page. The page is supposed to load after clicking on a hyperlink in an e-mail message.

    Any ideas here? At first I thought that the numbers should be converted to strings before loading into the cookie, and that seemed to work at first but once I noticed the refresh was working I took the Cstr out and the behaviour is the same.

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    Can you provide a bit more information about the page in question and the process?

    You mentioned that a user clicks a link from an email. It sounds like you have Querystring values attached to this link?
    Is the page you mentioned below the target of the link, or is there another page prior to this one?
    And what exactly are you trying to do at a higher level?

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    actually, since posting this I tried passing the values using session vars and that seems to have done the trick. and, yes, the vars are loading from a query string, which is assembled in a hyperlink in an e-mail generated via CDOSYS/CDONTS (I am going thru my code to convert everything to CDOSYS).

    On the subject of cookies/session vars, is there a "best practices" to observe? For example, on these small values, I elected to try session vars (with Session.Abandon() in a logical place); in some other pages, I use cookies to store potentially very long strings. My impression is cookies are intended for longer lasting storage but in neither case do I need to maintain data for very long -- just to pass from one page to others; but, given the potential size of some of the values I use cookies when the size is unknown (basically matched to NTEXT, so there's a lot of capacity).

    As for what I'm up to in this case, I am using e-mail to notify users that a report has been submitted on-line and the link in the e-mail points to a login page people need to use to access the actual information.

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    Glad you got it working.

    As for best practices, I'll have to defer to someone who still uses Classic ASP (I haven't used it for anything serious for almost 3 years...)

    Just be sure that anything stored in cookies (persistent or not) is not sensitive. If you do need to store something that's sensitive in a cookie, be sure it's encrypted. Keep in mind that there are a number of risks involved when using cookies, although the fact that you're targeting intranet users should mitigate many of them.

  5. #5
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    thanks. as for encryption, that's not really 'there' in ASP Classic, I presume. I believe .NET has tons of options. Unfortunately, my production enviornment doesn't have, and won't, as far as i know, have the framework installed so .NET is not an option at this time. One of our new hires is big into .NET and I've asked him to draft a paper on security issues in ASP Classic/NET, which may or may not help push things along.

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    No encryption components in ASP? I disagree...

    Well, I agree that there are no native VBScript or JavaScript components for this, but there are plenty of VB/COM components that can be used (just like ADO)...

    You'll find .NET has quite a bit of native components that make life MUCH easier! I'm sure the person writing your paper on security will find a wealth of reasons to promote .NET (especially version 2.0, which was released last month).

  7. #7
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: cookie weirdness

    no, i meant built in components. i'm certain there's a slew of third-party widgets to use, but I haven't done much (heck, ANY) work on that sort of thing. if it involves doing things to the enterprise webserver, I am greatly constrained... there may be things already installed that I could use, but currently i'm handling security with HTTPS and 'hidden' directories, passwords and the like.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •