Hi All,

I have an application that if a user incorrectly logs in, a cookie is set on their PC. If they make 3 failed attempts, my application reads this cookie and prevents further attempts. If this happens, the user emails/phones me, I reset their access on my application and talk them through deleting the cookie on their PC.

Has anyone got a script that I can email to the user which they run on their PC to hunt out and delete my specific cookie for them?

I found the following script on the net, but can't get it to work.

Any idea's?

Regards

Gary

=================================

'*************************
'StopGoogle.vbs
'Programmer: Steve Perkins
'08/09/2006
'Purpose: Deletes all Google cookies for logged-in user
'Usage: wscript StopGoogle.vbs
'*************************


Set wShell = CreateObject("WScript.Shell")
Set environment = wShell.Environment("Process")

Set fso = CreateObject("Scripting.FileSystemObject")

file_path = "C:\Documents and Settings\" & environment("USERNAME") & "." &
environment("COMPUTERNAME") & "\Cookies"
WScript.echo(file_path)
Set folder = fso.getFolder(file_path)

For Each objFile in folder.Files
If Instr(objFile.Name, "google") Then
fso.DeleteFile(objFile)
'WScript.echo("File deleted")
End If
Next


====================================

What's wrong with simply setting the cookie to an empty string, or indeed to any value other than the value that prompts your application to treat the user are a failed login? Why do you need to delete the file?

Hi Spudhead,

Just seemed like a good idea. Hadn't thought of simply changing the value. That sounds like a fair solution.

Regards

Gary

Yeah Gary, you're idea scares me, very unsecured.
I agree with Spudhead and changing the value. When you get the phone call you can send them a link where you get them to type in a secure password or code so they can't just bookmark the link.

I like this situation though, really makes you think of methods to stop users from brute forcing user names and passwords.