locked
Overwriting cookie RRS feed

  • Question

  • User507956310 posted

    Dear .net Experts,

    I wrote a little script to overwrite one of my cookies and I noticed whatever I type as the domain it really doesnt matter, the domain is always shown in the cookie was my host + domain and not as the test domain I entered.

    Why is that? I was hoping I can play around with domain values.

    Many thanks for any hints.

    <%@ Page Language="C#" Debug="true" %>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <script runat="server">
        void Page_Load()
        {
            HttpCookie aCookie;
            string cookieName;
    
            //To variables to configure
            string cpath = "/";   //cogons cookie domain path
     
            //SSO Cookie 	
            //outdate the other cookies
            //outdate cookie SMSESSION
            colCookies.Add(Request.Cookies["SMSESSION"]);
    
            aCookie = new HttpCookie("SMSESSION");
            aCookie.Value = "LOGGEDOFF";
            //aCookie.Expires = DateTime.Now.AddDays(-1);
            aCookie.Domain = "yyyy"; //cdomainsm;
            aCookie.Path = cpath;
            //aCookie.Secure = true;  //only if smenvironment set secure flag
            Response.Cookies.Add(aCookie);
    
            aCookie = new HttpCookie("SMSESSION");
            aCookie.Value = "LOGGEDOFF";
            //aCookie.Expires = DateTime.Now.AddDays(-1);
            aCookie.Domain = "testtest"; //cdomain;
            aCookie.Path = cpath;
            //aCookie.Secure = true;  //only if smenvironment set secure flag
            Response.Cookies.Add(aCookie);
    
            int limit = Request.Cookies.Count;
            /*for (int i=0; i<limit; i++)
            {
                cookieName = Request.Cookies[i].Name;
                colCookies.Add(Request.Cookies[i]);
    
            }*/
    
            try
            {
                grdCookies.DataSource = colCookies;
                grdCookies.DataBind();
            }
            catch (Exception ex)
            {
                Response.Write("No valid Cookies avaliable");
            }
            finally
            {
                Response.Write("cookies outdated successfully");
            }
    
            Response.Redirect(url);
        }
        
    </script>
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head id="Head1" runat="server">
        <title>Outdate cookies</title>
    </head>
    <body>
        <form id="form1" runat="server">
            <div>
    
                <asp:GridView
                    ID="grdCookies"
                    runat="server" />
            </div>
        </form>
    </body>
    </html>
    Friday, November 24, 2017 8:22 AM

Answers

All replies

  • User-1838255255 posted

    Hi polynaux,

    According to your description, I tested your code in my side, I check the domain value of cookie, it like the follow screenshot:

    It seems is right, not as you say host + domain. So I hope you could debug your code step by step to check the domain value!

    Also if the above steps can not help you solve the problem, please post expected result and issue result in image format.

    Best Regards,

    Eric Du

    Monday, November 27, 2017 11:24 AM
  • User507956310 posted

    Hi Eric,

    very very interesting insight. Do you have an idea how I would debug this so I can see at which point "something" overwrites my testtest cookie value?

    Right now I have no idea what is causing that.

    Thanks.

    Tuesday, November 28, 2017 8:33 AM
  • User-1838255255 posted

    Hi polynaux,

    According to your description, please check the following tutorial about debug code:

    Using Breakpoints:

    https://msdn.microsoft.com/en-us/library/5557y8b4.aspx 

    Best Regards,

    Eric Du

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, November 29, 2017 10:08 AM