Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Halpin Robert B Contr ACC/SCNF (KEI) (Rob.Halpinlangley.af.mil)
Date: Mon Aug 13 2001 - 07:58:46 CDT
I am not going to claim to be THE authority on this topic, nor will I claim
to have spent a lot of time researching it. I am basing my answer on
testing I did. I used IE5.5 (with persistent and non-persistent cookies set
to prompt) on a couple sets of pages I built. On the pages that actually
set a cookie, I was prompted to allow the computer drop the file on me. On
the pages that were using only session variables, I got no prompt for a
cookie and the session tracked me just fine.
I don't know if these are supposed to work that way, but they do.
From: Norman Cook [mailto:normancookonebox.com]
Sent: Thursday, August 09, 2001 5:54 PM
To: Halpin Robert B Contr ACC/SCNF (KEI)
Subject: RE: How do I set a non-persistent cookie ?
IMHO - Not true. If you disable cookie you disable cookies. Cookies are
just set:cookie headers in HTTP and the only difference between a cookie
thats stored to disk and a RAM cookie is an expiry date.
It sounds to me that a VB session variable is an API call to creating
a session token that is sent as a RAM cookie.
I am also curious of the cryptograhy behind that session token....
---- "Halpin Robert B Contr ACC/SCNF (KEI)" <Rob.Halpinlangley.af.mil>
> The simplest non-persistent cookie is the session variable.
> In ASP using VBscript it's as easy as Session("variableName")=value
> Session variables are not disabled/prevented by users turning off cookies
> their browsers because it does not store any files on their computers.
> default, session variables expire 15-20 mintes after the browser leaves
> site...of course, the safest way to make sure any session variable
> info is
> non-retrievable is to close the browser.
> -----Original Message-----
> From: vertigo [mailto:vertigopanix.com]
> Sent: Wednesday, August 08, 2001 12:48 PM
> To: Norman Cook
> Cc: www-mobile-codesecurityfocus.com
> Subject: Re: How do I set a non-persistent cookie ?
> Yep, that's the answer--no expiration.
> On Tue, 7 Aug 2001, Norman Cook wrote:
> > This maybe really obvious but I want to set a cookie that is
> > on the browser ie a RAm cookie. Is it as simple as not setting an
> > date or am I missing something obvious ?
> > __________________________________________________
> > FREE voicemail, email, and fax...all in one place.
> > Sign Up Now! http://www.onebox.com
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com