Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

unauthorized cookies?

Status
Not open for further replies.
scroce

scroce

MIS
Nov 30, 2000
780
US
I built and maintain a website hosted on IIS. I have one user who is very particular about security. Yesterday he logged on to the site from home on a brand new PC, and he tells me that (either his browser or firewall, unclear which) alerted him that the site was trying to download cookies to his machine. He said there were > 10 cookies in all trying to be put on his machine. He didn't accept the cookies.

Now, this website doesn't employ cookies. It is an ASP site, and it seems that ASP will use a temporary cookie to store session information and the like, which is then deleted after the session is over. IE will flag this by design if you have your security options set that way.

However, it doesn't seem to be likely (from what he tells me) that his system was warning him about this kind of cookie.

Is it possible that some type of unknown, unauthorized, or malicious third party is somehow involved in this?

If so, what can I look for? I've noticed no odd behaviour on the webserver, and this user is the only one who has complained.

In an attempt to replicate this behaviour on my machine, I also tried maximizing my security options in IE, making it prompt for everything in Tools>Security, while simulatneously deleting all my cookies.

I cannot get this behaviour to replicate so far.

Any ideas?





I am a nobody, and nobody is perfect; therefore, I am perfect.
 
Sort by date Sort by votes

IE will warn about all types of cookies - including session cookies. This warning can be modified or turned off completely in the IE settings.

Hope this helps,
Dan


[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]
[banghead]

 
Upvote 0 Downvote
do you think there is any possiblity of a third party (spyware or somesuch) somehow latching on to our web server and trying to deliver cookies?

I've never heard of this happening, and i've seen no evidence of it, but as you know malware/spyware people are clever.

I think it was probably the session cookie, but I'm just checking out what you here at tek-tips think.

I am a nobody, and nobody is perfect; therefore, I am perfect.
 
Upvote 0 Downvote

As someone who has enabled all cookie warnings, I would pretty much guarantee that it is the session cookie (the amount of times IIS sends these just for browsing a simple site is staggering - and annoying, too).

Dan



[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]
[banghead]

 
Upvote 0 Downvote
yeah that's pretty much what i thought.

much obliged for the discussion!

I am a nobody, and nobody is perfect; therefore, I am perfect.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

1DMF
  • Locked
  • Question
IE9 Won't accept cookies
Replies
3
Views
144
1DMF
1DMF
royp555
  • Locked
  • Question
How to move IE8 cookies/favourites without using export
Replies
1
Views
112
noveyron
noveyron
mib147
  • Locked
  • Question
Export Cookies with a Script
Replies
0
Views
53
mib147
mib147
csudougie
  • Locked
  • Question
Need to prevent deleting of cookies and TIFs
Replies
3
Views
63
cmeagan656
cmeagan656
flaviooooo
  • Locked
  • Question
Cookies keep getting deleted
Replies
0
Views
61
flaviooooo
flaviooooo

Part and Inventory Search

Sponsor

Back
Top