[thelist] More ASP problems - Checking for cookie existance
Joshua Olson
joshua at waetech.com
Fri Jan 31 09:35:32 CST 2003
----- Original Message -----
From: "Michele Foster" <michele at wordpro.on.ca>
Sent: Friday, January 31, 2003 10:22 AM
> Jumping in the middle here .. as this caught my attention.
>
> What I'm doing ..
>
> Once the user is validated against my user table, I
>
> Response.cookies ("var_ContactID")=Validate_RS("ContactID")
>
> Set the cookie based on their contact ID from the recordset. Then, each
> page thereafter, I
Michelle,
One possible gotcha with this technique is that someone could log in
legitimately (and hence get a valid cookie) and then change the cookie to
someone else's var_ContactID. One way around this would be encode the value
in some form or fashion.
-joshua
More information about the thelist
mailing list