Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Cookie problem in VB.Net

Reply
Thread Tools

Cookie problem in VB.Net

 
 
anoop
Guest
Posts: n/a
 
      11-18-2007
hello,
I am writing the Following coding for preventing Session Fixation
attack in ASP.Net website, but I could not retrieve the cookie added and the
value of

cookie_value remains blank.

----------------------------------------------------------

Imports System.Web.UI.WebControls
Imports System.Web.HttpResponse
Imports System.Security.Cryptography


Public Class AntiFixation
Inherits System.Web.UI.Page


#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox

'NOTE: The following placeholder declaration is required by the Web Form
Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Private Function RandomString(ByVal l)
Dim value, i, r
Randomize()
For i = 0 To l
r = Int(Rnd * 62)
If r < 10 Then
r = r + 48
ElseIf r < 36 Then
r = (r - 10) + 65
Else
r = (r - 10 - 26) + 97
End If
value = value & Chr(r)
Next
RandomString = value
End Function

' This routine should be called after the user has been authenticated.
' It is expected that the session has been invalidated prior to this call.
Public Sub AntiFixationInit()

Dim value
value = RandomString(10)

Dim cookie1 As HttpCookie


cookie1 = New HttpCookie("CLoginSessionID", value)

cookie1.Path = "http://demotemp259.nic.in/"

cookie1.Value = value

HttpContext.Current.Response.Cookies.Add(cookie1)

Session("LoginSessionID") = value

End Sub



Public Sub AntiFixationVerify(ByVal LoginPage)
Dim session_value
Dim cookie_value as HttpCookie

If (Not (cookie_value Is Nothing)) Then
cookie_value =
HttpContext.Current.Request.Cookies("CLoginSession ID")
Session("cooki") = cookie_value.values
Dim val
If (Not (cookie_value Is Nothing)) Then
val = cookie_value
End If

End If
session_value = Session("LoginSessionID")

If (Not (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is
Nothing)) Then

If Trim(cookie_value) <> Trim(session_value) Then
HttpContext.Current.Response.Redirect(LoginPage)
End If

End If
End Sub


End Class


Please help me , how to get the value of cookie - cookie_value

Thank you

 
Reply With Quote
 
 
 
 
Riki
Guest
Posts: n/a
 
      11-19-2007
The cookie path is the path on the client, so
cookie1.Path = "http://demotemp259.nic.in/"
will not work.

Riki

anoop wrote:
> hello,
> I am writing the Following coding for preventing Session
> Fixation attack in ASP.Net website, but I could not retrieve the
> cookie added and the value of
>
> cookie_value remains blank.
>
> ----------------------------------------------------------
>
> Imports System.Web.UI.WebControls
> Imports System.Web.HttpResponse
> Imports System.Security.Cryptography
>
>
> Public Class AntiFixation
> Inherits System.Web.UI.Page
>
>
> #Region " Web Form Designer Generated Code "
>
> 'This call is required by the Web Form Designer.
> <System.Diagnostics.DebuggerStepThrough()> Private Sub
> InitializeComponent()
>
> End Sub
> Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
>
> 'NOTE: The following placeholder declaration is required by the
> Web Form Designer.
> 'Do not delete or move it.
> Private designerPlaceholderDeclaration As System.Object
>
> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Init
> 'CODEGEN: This method call is required by the Web Form Designer
> 'Do not modify it using the code editor.
> InitializeComponent()
> End Sub
>
> #End Region
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> 'Put user code to initialize the page here
> End Sub
> Private Function RandomString(ByVal l)
> Dim value, i, r
> Randomize()
> For i = 0 To l
> r = Int(Rnd * 62)
> If r < 10 Then
> r = r + 48
> ElseIf r < 36 Then
> r = (r - 10) + 65
> Else
> r = (r - 10 - 26) + 97
> End If
> value = value & Chr(r)
> Next
> RandomString = value
> End Function
>
> ' This routine should be called after the user has been
> authenticated. ' It is expected that the session has been
> invalidated prior to this call. Public Sub AntiFixationInit()
>
> Dim value
> value = RandomString(10)
>
> Dim cookie1 As HttpCookie
>
>
> cookie1 = New HttpCookie("CLoginSessionID", value)
>
> cookie1.Path = "http://demotemp259.nic.in/"
>
> cookie1.Value = value
>
> HttpContext.Current.Response.Cookies.Add(cookie1)
>
> Session("LoginSessionID") = value
>
> End Sub
>
>
>
> Public Sub AntiFixationVerify(ByVal LoginPage)
> Dim session_value
> Dim cookie_value as HttpCookie
>
> If (Not (cookie_value Is Nothing)) Then
> cookie_value =
> HttpContext.Current.Request.Cookies("CLoginSession ID")
> Session("cooki") = cookie_value.values
> Dim val
> If (Not (cookie_value Is Nothing)) Then
> val = cookie_value
> End If
>
> End If
> session_value = Session("LoginSessionID")
>
> If (Not
> (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
> Then
>
> If Trim(cookie_value) <> Trim(session_value) Then
> HttpContext.Current.Response.Redirect(LoginPage)
> End If
>
> End If
> End Sub
>
>
> End Class
>
>
> Please help me , how to get the value of cookie - cookie_value
>
> Thank you


--
Riki


 
Reply With Quote
 
 
 
 
anoop
Guest
Posts: n/a
 
      11-19-2007

Hello,
After changing the Path, will the code work?
thank you
"Riki" wrote:

> The cookie path is the path on the client, so
> cookie1.Path = "http://demotemp259.nic.in/"
> will not work.
>
> Riki
>
> anoop wrote:
> > hello,
> > I am writing the Following coding for preventing Session
> > Fixation attack in ASP.Net website, but I could not retrieve the
> > cookie added and the value of
> >
> > cookie_value remains blank.
> >
> > ----------------------------------------------------------
> >
> > Imports System.Web.UI.WebControls
> > Imports System.Web.HttpResponse
> > Imports System.Security.Cryptography
> >
> >
> > Public Class AntiFixation
> > Inherits System.Web.UI.Page
> >
> >
> > #Region " Web Form Designer Generated Code "
> >
> > 'This call is required by the Web Form Designer.
> > <System.Diagnostics.DebuggerStepThrough()> Private Sub
> > InitializeComponent()
> >
> > End Sub
> > Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
> >
> > 'NOTE: The following placeholder declaration is required by the
> > Web Form Designer.
> > 'Do not delete or move it.
> > Private designerPlaceholderDeclaration As System.Object
> >
> > Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles MyBase.Init
> > 'CODEGEN: This method call is required by the Web Form Designer
> > 'Do not modify it using the code editor.
> > InitializeComponent()
> > End Sub
> >
> > #End Region
> >
> > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles MyBase.Load
> > 'Put user code to initialize the page here
> > End Sub
> > Private Function RandomString(ByVal l)
> > Dim value, i, r
> > Randomize()
> > For i = 0 To l
> > r = Int(Rnd * 62)
> > If r < 10 Then
> > r = r + 48
> > ElseIf r < 36 Then
> > r = (r - 10) + 65
> > Else
> > r = (r - 10 - 26) + 97
> > End If
> > value = value & Chr(r)
> > Next
> > RandomString = value
> > End Function
> >
> > ' This routine should be called after the user has been
> > authenticated. ' It is expected that the session has been
> > invalidated prior to this call. Public Sub AntiFixationInit()
> >
> > Dim value
> > value = RandomString(10)
> >
> > Dim cookie1 As HttpCookie
> >
> >
> > cookie1 = New HttpCookie("CLoginSessionID", value)
> >
> > cookie1.Path = "http://demotemp259.nic.in/"
> >
> > cookie1.Value = value
> >
> > HttpContext.Current.Response.Cookies.Add(cookie1)
> >
> > Session("LoginSessionID") = value
> >
> > End Sub
> >
> >
> >
> > Public Sub AntiFixationVerify(ByVal LoginPage)
> > Dim session_value
> > Dim cookie_value as HttpCookie
> >
> > If (Not (cookie_value Is Nothing)) Then
> > cookie_value =
> > HttpContext.Current.Request.Cookies("CLoginSession ID")
> > Session("cooki") = cookie_value.values
> > Dim val
> > If (Not (cookie_value Is Nothing)) Then
> > val = cookie_value
> > End If
> >
> > End If
> > session_value = Session("LoginSessionID")
> >
> > If (Not
> > (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
> > Then
> >
> > If Trim(cookie_value) <> Trim(session_value) Then
> > HttpContext.Current.Response.Redirect(LoginPage)
> > End If
> >
> > End If
> > End Sub
> >
> >
> > End Class
> >
> >
> > Please help me , how to get the value of cookie - cookie_value
> >
> > Thank you

>
> --
> Riki
>
>
>

 
Reply With Quote
 
Riki
Guest
Posts: n/a
 
      11-19-2007
anoop wrote:
> Hello,
> After changing the Path, will the code work?
> thank you


Why don't you try it and let us know?
We can't do the testing for you.

I suggest not setting the path at all, let ASP.NET do it for you.

Riki

> "Riki" wrote:
>
>> The cookie path is the path on the client, so
>> cookie1.Path = "http://demotemp259.nic.in/"
>> will not work.
>>
>> Riki
>>
>> anoop wrote:
>>> hello,
>>> I am writing the Following coding for preventing Session
>>> Fixation attack in ASP.Net website, but I could not retrieve the
>>> cookie added and the value of
>>>
>>> cookie_value remains blank.
>>>
>>> ----------------------------------------------------------
>>>
>>> Imports System.Web.UI.WebControls
>>> Imports System.Web.HttpResponse
>>> Imports System.Security.Cryptography
>>>
>>>
>>> Public Class AntiFixation
>>> Inherits System.Web.UI.Page
>>>
>>>
>>> #Region " Web Form Designer Generated Code "
>>>
>>> 'This call is required by the Web Form Designer.
>>> <System.Diagnostics.DebuggerStepThrough()> Private Sub
>>> InitializeComponent()
>>>
>>> End Sub
>>> Protected WithEvents TextBox1 As
>>> System.Web.UI.WebControls.TextBox
>>>
>>> 'NOTE: The following placeholder declaration is required by the
>>> Web Form Designer.
>>> 'Do not delete or move it.
>>> Private designerPlaceholderDeclaration As System.Object
>>>
>>> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
>>> System.EventArgs) Handles MyBase.Init
>>> 'CODEGEN: This method call is required by the Web Form
>>> Designer 'Do not modify it using the code editor.
>>> InitializeComponent()
>>> End Sub
>>>
>>> #End Region
>>>
>>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>>> System.EventArgs) Handles MyBase.Load
>>> 'Put user code to initialize the page here
>>> End Sub
>>> Private Function RandomString(ByVal l)
>>> Dim value, i, r
>>> Randomize()
>>> For i = 0 To l
>>> r = Int(Rnd * 62)
>>> If r < 10 Then
>>> r = r + 48
>>> ElseIf r < 36 Then
>>> r = (r - 10) + 65
>>> Else
>>> r = (r - 10 - 26) + 97
>>> End If
>>> value = value & Chr(r)
>>> Next
>>> RandomString = value
>>> End Function
>>>
>>> ' This routine should be called after the user has been
>>> authenticated. ' It is expected that the session has been
>>> invalidated prior to this call. Public Sub AntiFixationInit()
>>>
>>> Dim value
>>> value = RandomString(10)
>>>
>>> Dim cookie1 As HttpCookie
>>>
>>>
>>> cookie1 = New HttpCookie("CLoginSessionID", value)
>>>
>>> cookie1.Path = "http://demotemp259.nic.in/"
>>>
>>> cookie1.Value = value
>>>
>>> HttpContext.Current.Response.Cookies.Add(cookie1)
>>>
>>> Session("LoginSessionID") = value
>>>
>>> End Sub
>>>
>>>
>>>
>>> Public Sub AntiFixationVerify(ByVal LoginPage)
>>> Dim session_value
>>> Dim cookie_value as HttpCookie
>>>
>>> If (Not (cookie_value Is Nothing)) Then
>>> cookie_value =
>>> HttpContext.Current.Request.Cookies("CLoginSession ID")
>>> Session("cooki") = cookie_value.values
>>> Dim val
>>> If (Not (cookie_value Is Nothing)) Then
>>> val = cookie_value
>>> End If
>>>
>>> End If
>>> session_value = Session("LoginSessionID")
>>>
>>> If (Not
>>> (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
>>> Then
>>>
>>> If Trim(cookie_value) <> Trim(session_value) Then
>>> HttpContext.Current.Response.Redirect(LoginPage)
>>> End If
>>>
>>> End If
>>> End Sub
>>>
>>>
>>> End Class
>>>
>>>
>>> Please help me , how to get the value of cookie - cookie_value
>>>
>>> Thank you

>>
>> --
>> Riki


--
Riki


 
Reply With Quote
 
anoop
Guest
Posts: n/a
 
      11-19-2007
Thank you

"Riki" wrote:

> anoop wrote:
> > Hello,
> > After changing the Path, will the code work?
> > thank you

>
> Why don't you try it and let us know?
> We can't do the testing for you.
>
> I suggest not setting the path at all, let ASP.NET do it for you.
>
> Riki
>
> > "Riki" wrote:
> >
> >> The cookie path is the path on the client, so
> >> cookie1.Path = "http://demotemp259.nic.in/"
> >> will not work.
> >>
> >> Riki
> >>
> >> anoop wrote:
> >>> hello,
> >>> I am writing the Following coding for preventing Session
> >>> Fixation attack in ASP.Net website, but I could not retrieve the
> >>> cookie added and the value of
> >>>
> >>> cookie_value remains blank.
> >>>
> >>> ----------------------------------------------------------
> >>>
> >>> Imports System.Web.UI.WebControls
> >>> Imports System.Web.HttpResponse
> >>> Imports System.Security.Cryptography
> >>>
> >>>
> >>> Public Class AntiFixation
> >>> Inherits System.Web.UI.Page
> >>>
> >>>
> >>> #Region " Web Form Designer Generated Code "
> >>>
> >>> 'This call is required by the Web Form Designer.
> >>> <System.Diagnostics.DebuggerStepThrough()> Private Sub
> >>> InitializeComponent()
> >>>
> >>> End Sub
> >>> Protected WithEvents TextBox1 As
> >>> System.Web.UI.WebControls.TextBox
> >>>
> >>> 'NOTE: The following placeholder declaration is required by the
> >>> Web Form Designer.
> >>> 'Do not delete or move it.
> >>> Private designerPlaceholderDeclaration As System.Object
> >>>
> >>> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> >>> System.EventArgs) Handles MyBase.Init
> >>> 'CODEGEN: This method call is required by the Web Form
> >>> Designer 'Do not modify it using the code editor.
> >>> InitializeComponent()
> >>> End Sub
> >>>
> >>> #End Region
> >>>
> >>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> >>> System.EventArgs) Handles MyBase.Load
> >>> 'Put user code to initialize the page here
> >>> End Sub
> >>> Private Function RandomString(ByVal l)
> >>> Dim value, i, r
> >>> Randomize()
> >>> For i = 0 To l
> >>> r = Int(Rnd * 62)
> >>> If r < 10 Then
> >>> r = r + 48
> >>> ElseIf r < 36 Then
> >>> r = (r - 10) + 65
> >>> Else
> >>> r = (r - 10 - 26) + 97
> >>> End If
> >>> value = value & Chr(r)
> >>> Next
> >>> RandomString = value
> >>> End Function
> >>>
> >>> ' This routine should be called after the user has been
> >>> authenticated. ' It is expected that the session has been
> >>> invalidated prior to this call. Public Sub AntiFixationInit()
> >>>
> >>> Dim value
> >>> value = RandomString(10)
> >>>
> >>> Dim cookie1 As HttpCookie
> >>>
> >>>
> >>> cookie1 = New HttpCookie("CLoginSessionID", value)
> >>>
> >>> cookie1.Path = "http://demotemp259.nic.in/"
> >>>
> >>> cookie1.Value = value
> >>>
> >>> HttpContext.Current.Response.Cookies.Add(cookie1)
> >>>
> >>> Session("LoginSessionID") = value
> >>>
> >>> End Sub
> >>>
> >>>
> >>>
> >>> Public Sub AntiFixationVerify(ByVal LoginPage)
> >>> Dim session_value
> >>> Dim cookie_value as HttpCookie
> >>>
> >>> If (Not (cookie_value Is Nothing)) Then
> >>> cookie_value =
> >>> HttpContext.Current.Request.Cookies("CLoginSession ID")
> >>> Session("cooki") = cookie_value.values
> >>> Dim val
> >>> If (Not (cookie_value Is Nothing)) Then
> >>> val = cookie_value
> >>> End If
> >>>
> >>> End If
> >>> session_value = Session("LoginSessionID")
> >>>
> >>> If (Not
> >>> (HttpContext.Current.Request.Cookies("CLoginSessio nID") Is Nothing))
> >>> Then
> >>>
> >>> If Trim(cookie_value) <> Trim(session_value) Then
> >>> HttpContext.Current.Response.Redirect(LoginPage)
> >>> End If
> >>>
> >>> End If
> >>> End Sub
> >>>
> >>>
> >>> End Class
> >>>
> >>>
> >>> Please help me , how to get the value of cookie - cookie_value
> >>>
> >>> Thank you
> >>
> >> --
> >> Riki

>
> --
> Riki
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is different between Request.Cookie and Response.Cookie ad ASP .Net 2 01-27-2006 12:54 PM
Cookie Question (IP as domain and cookie file location) =?Utf-8?B?UGF1bA==?= ASP .Net 1 01-10-2006 08:37 PM
Any downsides to cookie assignment inside custom class using HttpContext.Current? ASP.NET 2.0 cookie fix? ASP .Net 2 08-17-2005 06:43 AM
Cookie and Session Cookie Questions. Shapper ASP .Net 1 04-27-2005 11:20 AM
Session cookie? Browser instance cookie? Ben ASP .Net 3 06-03-2004 03:41 AM



Advertisments