vb.org Archive - How to control which cookies are used.

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)

- - How to control which cookies are used. (https://vborg.vbsupport.ru/showthread.php?t=300489)

Is there some way to eliminate the cookie header? I don't see the point of sending cookie values to the browser and that's the only place my password cookie shows, as the password value is blanked out when the form is submitted. I'm using YAHOO ajax for all my operations

I don't get what you're asking for...

Here's what I see in my dev tool for headers when I send an ajax request

Request URL:http://xxxxxxxxxx.net/filemanager/filemanager.php
Request Method:POST
Status Code:200 OK

Request Headers
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:175
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:bb_lastvisit=1373594455; bb_lastactivity=0; bb_userid=1; bb_password=6c70309c0fasihfoaishu7aedbbdfa34cf7; bb_fe8adc6d804a36; bb_cpsession=90088ef658flaasjhaeiswhfiuhtihae61571 6573ec05172c4fc8; bb_fmsession=e14eaa1506aiueihjfoaijuwhrfiaa6597ecd 9d4cd
Host:xxxxxxxxxxx.net
Origin:http://xxxxxxxxxxxxx.net
Referer:http://xxxxxxxxxxxxx.net/filemanager/filemanager.php
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36
X-Requested-With:XMLHttpRequest

Form Data
securitytoken:1374966662-571d23q5rtyqo3uiht70d396a2423a97095dc88b
adminhash:7981e222c687a5780tqfju3hp095rt8c1a39795f 21
do:findfiles
dir:/home/aaaaaaaaaaaaaa/forum/admincp

Response Headers
Cache-Control:private, post-check=0, pre-check=0, max-age=0
Connection:Close
Content-Type:text/xml; charset=windows-1252
Date:Sat, 27 Jul 2013 23:11:25 GMT
Expires:0
Pragma:no-cache
Server:Apache/stuff stuff stuff
Transfer-Encoding:chunked
X-Powered-By:PHP/5.3.18

Same kind of thing when you go to a page. All the cookies are listed in the request header

Well, stating the obvious, that is how cookies are supposed to work - they get sent when the domain and path of the request match. There is a "secure" attribute that is supposed to send the cookies only if you're on a secure server, so maybe if you set that it will work like you want (unless it also disallows JS access because the page wasn't loaded via a secure server).

Tried setting secure=true and it created a cookie but the JS can't read it.

There ought to be some way for a script to make a browser store something that is read only by JS and never by the server scripting, but I know only of cookies and passwords and they are interceptable.

why can't the server read it?

The server doesn't need it (but I suppose all cookies are read anyway). I want this stored on the browser and used only on the browser so it can't be intercepted.

I'll be the first to say I don't know much about all this but I would sure like to avoid having information that others can intercept.

I guess I just don't get it, its going to be sent to the server anyway.

You could try local storage available in modern browsers.

Seems to do it

Code:

var password = fetch_object('fm_login_password');

if(typeof localStorage == 'object'){

        window.onload = function(){                

                setTimeout("if(PassWord = localStorage.getItem('fmpassword')) {password.value = PassWord; password.focus();}", 100)

        }

        password.form.onsubmit = function() {

                localStorage.setItem('fmpassword', password.value);

        }

} else {

        password.value = '';

}

Thanks

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01472 seconds Memory Usage 1,730KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: