|
Home > Archive > Commerce Server General > August 2005 > Name of Test Cookies
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Name of Test Cookies
|
|
| Colin Bowern 2005-07-28, 5:52 pm |
| The CommerceAuthenticationModule inserts two cookies when it checks for
persistent and sesion cookie functionality. They are named
Commerce2002_TestPersistentCookie and Commerce2002_TestSessionCookie. Is
there any way to change the cookie names so that it doesn't say
Commerce2002?
Thanks,
Colin
| |
| David Messner [MSFT] 2005-07-29, 5:55 pm |
| Sorry, these are not configurable.
-djm
--
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2005 Microsoft Corporation. All rights
reserved.
--------------------
From: "Colin Bowern" <colin.bowern@nospam.officialcommunity.com>
Subject: Name of Test Cookies
Date: Thu, 28 Jul 2005 14:05:50 -0400
Lines: 10
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-RFC2646: Format=Flowed; Original
Message-ID: <O5Iz875kFHA.3656@TK2MSFTNGP09.phx.gbl>
Newsgroups: microsoft.public.commerceserver.general
NNTP-Posting-Host: mail.officialcommunity.net 207.188.77.211
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:3098
X-Tomcat-NG: microsoft.public.commerceserver.general
The CommerceAuthenticationModule inserts two cookies when it checks for
persistent and sesion cookie functionality. They are named
Commerce2002_TestPersistentCookie and Commerce2002_TestSessionCookie. Is
there any way to change the cookie names so that it doesn't say
Commerce2002?
Thanks,
Colin
| |
| Colin Bowern 2005-07-29, 5:55 pm |
| Hi David,
This is something that would be nice to see in the future from a security
perspective - the less information someone knows about my site's back-end
the better. I've noticed Staples.ca has managed to rename the cookies
(perhaps by writing their own authentication module) and thus the ask.
The other thing that would be nice to have removed is the
COMMERCE-SERVER-SOFTWARE header that is appended with the software version.
It serves no purpose other than to consume bandwidth and thus should be
configurable to turn off.
It would be great to log these and other suggestions to a place like MSDN
Feedback (http://lab.msdn.microsoft.com/productfeedback/) if the product
group was willing to read them.
Cheers,
Colin
"David Messner [MSFT]" <davidme@online.microsoft.com> wrote in message
news:jj21L1FlFHA.588@TK2MSFTNGXA01.phx.gbl...
> Sorry, these are not configurable.
>
> -djm
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> You assume all risk for your use. © 2005 Microsoft Corporation. All
> rights
> reserved.
>
> --------------------
> From: "Colin Bowern" <colin.bowern@nospam.officialcommunity.com>
> Subject: Name of Test Cookies
> Date: Thu, 28 Jul 2005 14:05:50 -0400
> Lines: 10
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> X-RFC2646: Format=Flowed; Original
> Message-ID: <O5Iz875kFHA.3656@TK2MSFTNGP09.phx.gbl>
> Newsgroups: microsoft.public.commerceserver.general
> NNTP-Posting-Host: mail.officialcommunity.net 207.188.77.211
> Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:3098
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> The CommerceAuthenticationModule inserts two cookies when it checks for
> persistent and sesion cookie functionality. They are named
> Commerce2002_TestPersistentCookie and Commerce2002_TestSessionCookie. Is
> there any way to change the cookie names so that it doesn't say
> Commerce2002?
>
> Thanks,
> Colin
>
>
>
| |
| David Messner [MSFT] 2005-08-05, 5:52 pm |
| Thanks for the suggestions. And yes, we're looking into the feedback
mechanism on MSDN that you mentioned.
One thing you should be aware of is that going forward we are
de-emphasizing Commerce Server authentication in favor of ASP.NET 2.0
authentication. Together with the new ADFS solution in Windows Server 2003
R2 and in Longhorn, that closes the gap between Commerce Server's
authentication capabilities and ASP.NET's. So we see this moving down into
the platform. Therefore, there will be minimal investment in the
AuthFilter and AuthManager capabilities in CS2006 and these may go away
altogether in a future release.
We've had the suggestion before to allow turning off the CS HTTP header -
I'll be sure this is in our bug database for consideration.
Regards
-djm
--
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2005 Microsoft Corporation. All rights
reserved.
--------------------
From: "Colin Bowern" <colin.bowern@nospam.officialcommunity.com>
Subject: Re: Name of Test Cookies
Date: Fri, 29 Jul 2005 17:52:17 -0400
Hi David,
This is something that would be nice to see in the future from a security
perspective - the less information someone knows about my site's back-end
the better. I've noticed Staples.ca has managed to rename the cookies
(perhaps by writing their own authentication module) and thus the ask.
The other thing that would be nice to have removed is the
COMMERCE-SERVER-SOFTWARE header that is appended with the software version.
It serves no purpose other than to consume bandwidth and thus should be
configurable to turn off.
It would be great to log these and other suggestions to a place like MSDN
Feedback (http://lab.msdn.microsoft.com/productfeedback/) if the product
group was willing to read them.
Cheers,
Colin
"David Messner [MSFT]" <davidme@online.microsoft.com> wrote in message
news:jj21L1FlFHA.588@TK2MSFTNGXA01.phx.gbl...
> Sorry, these are not configurable.
>
> -djm
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> You assume all risk for your use. © 2005 Microsoft Corporation. All
> rights
> reserved.
>
> --------------------
> From: "Colin Bowern" <colin.bowern@nospam.officialcommunity.com>
> Subject: Name of Test Cookies
> Date: Thu, 28 Jul 2005 14:05:50 -0400
> Lines: 10
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> X-RFC2646: Format=Flowed; Original
> Message-ID: <O5Iz875kFHA.3656@TK2MSFTNGP09.phx.gbl>
> Newsgroups: microsoft.public.commerceserver.general
> NNTP-Posting-Host: mail.officialcommunity.net 207.188.77.211
> Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:3098
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> The CommerceAuthenticationModule inserts two cookies when it checks for
> persistent and sesion cookie functionality. They are named
> Commerce2002_TestPersistentCookie and Commerce2002_TestSessionCookie. Is
> there any way to change the cookie names so that it doesn't say
> Commerce2002?
>
> Thanks,
> Colin
>
>
>
|
|
|
|
|