Jump to content

Cookies question


Don E
 Share

Recommended Posts

I was looking at some cookies from sites I've visited and I've noticed that much of the name=value(content) pairs are what appear to be encrypted or encoded in some way. Is this done intentionally or a way the browser/server handles certain cookies?

Link to comment
Share on other sites

This is what I have. It assigns two cookies. Ignore the commented out code because what I was trying to do there was alert out both cookies but I was having a hard time getting "color" for some reason. Anyhow, as you can see, I escape() and then decode it using unescape(). Is there something here that can encode the cookie name/value so that users are not able to go into the cookies in the browser and see sensitive data for example?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>JS Cookies</title><script type="text/javascript">function makeCookie(form){	var when = new Date();	when.setTime(when.getTime() + 24 * 60 * 60 * 1000);	// 24 hours from now	when.setFullYear(when.getFullYear() + 1);	// One year from now	yname = form.yourname.value;	favcolor = form.yourcolor.value;	document.cookie = escape("visitor")+"="+escape(yname)+";expires="+when.toGMTString();	document.cookie = escape("color")+"="+escape(favcolor)+";expires="+when.toGMTString();	alert(document.cookie); // to see what's in the cookie }function welcome(myForm){	//you = myForm.yourname.value;	var positionVisitor = document.cookie.indexOf("visitor=");	//var positionColor = document.cookie.indexOf("color=");	if ( positionVisitor != -1 /*&& positionColor !=-1*/ )	{		var beginVisit = positionVisitor + 8;		//var beginColor = positionColor + 6;		var endVisit = document.cookie.indexOf(";", beginVisit);		//var endColor = document.cookie.indexOf(";", beginColor); // problem here		if(endVisit == -1 /*&& endColor == -1*/)		{ 			endVisit = /*endColor =*/ document.cookie.length;		}		you = unescape(document.cookie.substring(beginVisit, endVisit));		//col = unescape(document.cookie.substring(beginColor, endColor));		alert("Welcome " + you /*+ ". Your favorite color is " + col*/);	}	else{ alert("No cookies today");}}</script></head><body onLoad="document.form1.reset()"><div align="center">	<h2>Got milk?</h2>        <form name="form1">        What is your name?        <br />        <input type="text" name="yourname" />        <br />        What is your favorite color?        <br />        <input type="text" name="yourcolor" />        <br />        <p>        <input type="button" value="Make cookie" onClick="makeCookie(this.form);" />        </p>        <p>        <input type="button" value="Get Cookie" onClick="welcome(this.form);" />        </p>        </form></div></body></html>

Run your cookie value through escape() and decode it using unescape(). Cookies are transmitted in HTTP headers, so they must be compatible with, like, everything.
Link to comment
Share on other sites

The obvious answer is not to store sensitive data in cookies. Other than that, look into various encryption schemes, there are a lot of them out there (the difficulty is that anyone viewing your code can also decrypt the cookies if your encryption is applied through Javascript; most people encrypting cookies do so through something like PHP).

Link to comment
Share on other sites

Setting and reading cookies in PHP is easier anyway, I find. You'd need to know how "sensitive" your data is before choosing an encryption scheme.Have you considered a simple database for all this? Even a flat file can handle a lot and be easily managed.

Link to comment
Share on other sites

Yeah, probably best bet. Thanks DD and JSG.

Setting and reading cookies in PHP is easier anyway, I find. You'd need to know how "sensitive" your data is before choosing an encryption scheme.Have you considered a simple database for all this? Even a flat file can handle a lot and be easily managed.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...