Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Prevent cookie from being sent to the server?

Status
Not open for further replies.
minnesotan

minnesotan

Programmer
Joined
Jun 12, 2006
Messages
2
Location
US
My webmail application uses public key encryption, and does all encryption/decryption in Java on the client's machine. Public and private keys are generated from the user's password so that a given password will always generate the same key pair. The password and private key never leave the user's machine so there is no possibility that a third party (myself included) could intercept and read the user's message.

I'd like to give the user the option to remember his password and key pair in a cookie. However, if this results in the password and private key being sent to the server, it defeats the purpose. What I need is a cookie that can be set and read from JavaScript but which never gets sent to the server.

I think I could to this by funneling all http requests through a Java applet which could filter out the offending cookies, but that would be very ugly.

Does anyone know of a way to do this?
 
Sort by date Sort by votes
Setting a client-side cookie in JS should have no bearing on the server - and no data from it would be sent unless you explicitly send it.

Hope this helps,
Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
 
Upvote 0 Downvote
Thanks for the quick reply.

Am I missing something? If I have an onSubmit function for my form like this:

function onSubmit(){
document.cookie = "private_key=123456;";
return true;
}

then when the form is submitted the server receives "private_key=123456" in the cookie header. I don't want that. I do want to be able to read the cookie from Javascript on the user's browser.

If I used document.cookie = "private_key=123456; secure;"

and didn't use https, that would give me what I want - the cookie exists on the browser but is never transmitted to the server. But I want to use https so that won't work.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question Question
Passing fields from (html-JavaScript) table to JavaScript Function
Replies
0
Views
1K
lexer
lexer
jomat
  • Locked
  • Question Question
JS to show the timer in html under title instead of in the status bar
Replies
2
Views
1K
xwb
xwb
Kennelbloke
  • Locked
  • Question Question
Can't Get Markers to show on Map
Replies
0
Views
1K
Kennelbloke
Kennelbloke
malpa
  • Locked
  • Question Question
Graph the selection of a html table row
Replies
0
Views
1K
malpa
malpa
coldbohemia
  • Locked
  • Question Question
jquery function always returns contents of the same table cell, no matter which table cell i click
Replies
0
Views
911
coldbohemia
coldbohemia

Part and Inventory Search

Sponsor

Back
Top