...

View Full Version : Cookie values. Is this me, or it is a bit... weird?



Spudhead
04-24-2008, 06:59 PM
Err. Bit of an odd one.

So I'm doing some work on my site - adding in a xmlhttp request to pull in my rss feed and display it.

I'm working away, Firebug in the bottom of my screen, and I see the request fire off as the page loads. And I see the following sent as a cookie in the request headers:



sageamp=sageampNQNUQ363%7CsageampPWSPD536%7C; uts9.zid=93; __utmz=12146471.1207310707.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); p.med.r9Origin=LGW; CFID=8584114; smuid=22042008-0-87194123233303691208876454; __utma=12146471.974637617.1207310707.1207310707.1207310707.1; uts9.aid=963; CFTOKEN=21690652http%3A%2F%2Feconomist%2Eco%2Euk%2Fdisplaystory%2Ecfm%3Fstory%5Fid%3D9249262; CFMAGIC=8584114%3A21690652http%3A%2F%2Feconomist%2Eco%2Euk%2Fdisplaystory%2Ecfm%3Fstory%5Fid%3D92492 62; camp=sageampNQNUQ363%60%60Tue%2C%2022%20Apr%202008%2015%3A00%3A52%20GMT%7CsageampPWSPD536%60%60Tue%2 C%2022%20Apr%202008%2015%3A00%3A52%20GMT%7C; ASPSESSIONIDASDRSTCQ=BHBCNNGDNBGFMMNHKNIKKEKM; ASPSESSIONIDCQDRTSDR=NIDPBKDACCADHBJIAIOGMHBG


What the.... ? Why have I got "CFTOKEN" and "CFMAGIC" values being sent? And what on earth are they pointing at The Economist for?

This is a site on MY server. It's pullung an xml file on my server. It's a pure IIS windows box, it's not running Coldfusion. Where have those values come from, and why are they getting sent?

:confused::confused::confused:

-----------
Hmmm. This gets more and more suspicious. Googling "sageamp"... targetted advertising, partnerships with ISP's... it seems I'm being spied on....

Stooshie
04-25-2008, 10:56 AM
Does it happen on every site you go to, or just your own?

g_attrill
05-29-2008, 03:42 PM
I have been investigating this exact issue, and I think it might be either a bug in Firefox, either existing or fixed, where the cookies are left over.

I have several lines in my cookies.txt file (FF2) with the domain set to ".co.uk", which means those cookies are being sent to ALL .co.uk sites. I have read about an old bug where browsers would allow cookies to be set to this domain, but I am pretty sure that none of the cookies involved are that old.

For example I have these lines:

.co.uk TRUE / FALSE 2075208390 p2.med.r9Origin BWI
.co.uk TRUE / FALSE 2034845104 pk.med.r9Origin LON

I searched a few sites for flights from LON<>BWI recently, certainly no earlier than March time. I can't pinpoint which site it could have been (several let you search on LON as all London airports), but I use kayak mainly. Searching on "r9Origin" brings a couple of results with people reporting the same issue, and it's how I found this forum.

Also I have the line:

.co.uk TRUE / FALSE 1239854397 UndercoverUK LastVisit=4&#37;2F16%2F2008 [etc]

UndercoverUK is an ecommerce site that I may well have visited around that time - I was looking for wallets I think, interestingly it's a .com though.

I also have the sageamp/camp cookies set to .co.uk too.

I am busy right now but I'll do some digging later and see if I can reproduce it. edit: I should add, our ISP is Zen, and nothing to do with Phorm.

guest_account
03-28-2009, 03:52 PM
There was a long outstanding bug with Firefox, where a web site could set a cookie with .co.uk. as the domain:

https://bugzilla.mozilla.org/show_bug.cgi?id=385299

I think it was fixed in FF2 though.

Kayak is the site that sets the p2.med.r9Origin cookie when you click the search button. However, in a quick test it seems like they're setting it with the correct domain now:

Set-Cookie: cluster=2; Domain=.kayak.co.uk; Path=/
Set-Cookie: p2.med.r9Origin=LON; Domain=.kayak.co.uk; Expires=Fri, 26-Jun-2009 13:08:09 GMT; Path=/
Set-Cookie: p2.med.sc=1; Domain=.kayak.co.uk; Expires=Fri, 26-Jun-2009 13:08:09 GMT; Path=/

However, I just saw a request from a Firefox 3.0.2 client to a site I administer who has various cookies not set by my domain:

p2.med.r9Origin=EDI
AMOS_PREF=sac%3Dg1%252Ck48
camp
smuid
s_pers

I think most of the other cookies are from Sagemetrics, a metrics/tracking company. But again, I couldn't reproduce their site setting cookies on .co.uk.

Aaron

_Aerospace_Eng_
03-29-2009, 09:52 AM
FYI this thread is over a year old.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum