[thelist] More ASP problems - Checking for cookie existance

Joshua Olson joshua at waetech.com
Fri Jan 31 09:35:32 CST 2003


----- Original Message -----
From: "Michele Foster" <michele at wordpro.on.ca>
Sent: Friday, January 31, 2003 10:22 AM


> Jumping in the middle here .. as this caught my attention.
>
> What I'm doing ..
>
> Once the user is validated against my user table, I
>
> Response.cookies ("var_ContactID")=Validate_RS("ContactID")
>
> Set the cookie based on their contact ID from the recordset.  Then, each
> page thereafter, I

Michelle,

One possible gotcha with this technique is that someone could log in
legitimately (and hence get a valid cookie) and then change the cookie to
someone else's var_ContactID.  One way around this would be encode the value
in some form or fashion.

-joshua




More information about the thelist mailing list