错误访问cookie时,当饼干没有名字的存在 [英] Error when accessing cookies when a cookies without a name exists
问题描述
在一些经典的ASP网站,我管理在过去的几天我一直在得到一些错误提示(没有错误号)始终显示在其中被请求的cookie值的行号的错误。
On a few of the Classic ASP websites I manage for the last few days I have been getting some error notifications (with no error number) that always show an error on a line number where a cookie value is being requested.
看着每个这些错误的要求,它们都具有不同寻常的饼干,看起来像某种黑客尝试。
Looking at the request for each of these errors, they all have unusual cookies, and look like some sort of hack attempt.
这指示为引起错误的线路都是这样的:
The lines that are indicated as causing the error are all like this:
strCookieCart = Request.Cookies("cart")
下面是几个饼干样本被送往(截断)...注意在 = TRUE (没有名字,只是一个值)。
Here's a couple of samples of the cookies being sent (truncated)... Note the =true (no name, just a value).
HTTP_COOKIE:=true; yuv=u97Yoe-o0UWp7ho_vaB2csT-xxaQ37gMWzhB1MARTSNk1QKpjJTXmZYMRQ095rM96MaNbhx1tEdJ
HTTP_COOKIE:pll_language=en; =true; yandexuid=6536735381437958890; st=6c9838994ffb
时的经典ASP无法处理这些?有什么办法,以避免这些错误,并忽略坏的价值观?这些总是容易被黑客攻击或莫不是没有cookie名称的合法请求?
Is Classic ASP incapable of handling these? Is there any way to avoid these errors and ignore the bad values? Are these always likely to be hack attempts or could there be legitimate requests without cookie names?
我想我可以检查这些看着 Request.ServerVariables(HTTP_COOKIE)手动解析或使用某种类型的正规前pression检查。没有任何其他人这样做呢?任何code分享?
I suppose I could check for these looking at Request.ServerVariables("HTTP_COOKIE") by manually parsing or using a regular expression check of some sort. Does anyone else do this? Any code to share?
推荐答案
一个第二个答案我自己的问题和解决方案,我现在已经实行的是以下code添加到我的公用包含文件中。
A second answer to my own question and the solution I have now implemented is to add the following code to my common include file.
它测试经典ASP是否可以读取cookie和使用错误捕获,如果检测到错误结束的响应。
It tests whether Classic ASP can read the cookies and, using error trapping, ends the response if an error is detected.
On Error Resume Next
Request.Cookies("test")
If Err.Number <> 0 Then Response.End
On Error Goto 0
这是一个更好的解决方案,以我的其他的答案中有产生什么尽快是一个更好的选择显然是某种因此结束脚本攻击的网页是没有意义的。
This is a better solution to my other answer as there is no point in generating a page for what is obviously an attack of some sort so ending the script as soon as possible is a better choice.
这篇关于错误访问cookie时,当饼干没有名字的存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
