Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts

    Cookie values. Is this me, or it is a bit... weird?

    Err. Bit of an odd one.

    So I'm doing some work on my site - adding in a xmlhttp request to pull in my rss feed and display it.

    I'm working away, Firebug in the bottom of my screen, and I see the request fire off as the page loads. And I see the following sent as a cookie in the request headers:

    sageamp=sageampNQNUQ363%7CsageampPWSPD536%7C; uts9.zid=93; __utmz=12146471.1207310707.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); p.med.r9Origin=LGW; CFID=8584114; smuid=22042008-0-87194123233303691208876454; __utma=12146471.974637617.1207310707.1207310707.1207310707.1; uts9.aid=963; CFTOKEN=21690652http%3A%2F%2Feconomist%2Eco%2Euk%2Fdisplaystory%2Ecfm%3Fstory%5Fid%3D9249262; CFMAGIC=8584114%3A21690652http%3A%2F%2Feconomist%2Eco%2Euk%2Fdisplaystory%2Ecfm%3Fstory%5Fid%3D92492 62; camp=sageampNQNUQ363%60%60Tue%2C%2022%20Apr%202008%2015%3A00%3A52%20GMT%7CsageampPWSPD536%60%60Tue%2 C%2022%20Apr%202008%2015%3A00%3A52%20GMT%7C; ASPSESSIONIDASDRSTCQ=BHBCNNGDNBGFMMNHKNIKKEKM; ASPSESSIONIDCQDRTSDR=NIDPBKDACCADHBJIAIOGMHBG
    What the.... ? Why have I got "CFTOKEN" and "CFMAGIC" values being sent? And what on earth are they pointing at The Economist for?

    This is a site on MY server. It's pullung an xml file on my server. It's a pure IIS windows box, it's not running Coldfusion. Where have those values come from, and why are they getting sent?



    -----------
    Hmmm. This gets more and more suspicious. Googling "sageamp"... targetted advertising, partnerships with ISP's... it seems I'm being spied on....

  • #2
    Regular Coder Stooshie's Avatar
    Join Date
    Mar 2008
    Location
    Dundee, Scotland
    Posts
    378
    Thanks
    9
    Thanked 39 Times in 39 Posts
    Does it happen on every site you go to, or just your own?
    Regards, Stooshie
    O

  • #3
    New to the CF scene
    Join Date
    May 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have been investigating this exact issue, and I think it might be either a bug in Firefox, either existing or fixed, where the cookies are left over.

    I have several lines in my cookies.txt file (FF2) with the domain set to ".co.uk", which means those cookies are being sent to ALL .co.uk sites. I have read about an old bug where browsers would allow cookies to be set to this domain, but I am pretty sure that none of the cookies involved are that old.

    For example I have these lines:

    .co.uk TRUE / FALSE 2075208390 p2.med.r9Origin BWI
    .co.uk TRUE / FALSE 2034845104 pk.med.r9Origin LON

    I searched a few sites for flights from LON<>BWI recently, certainly no earlier than March time. I can't pinpoint which site it could have been (several let you search on LON as all London airports), but I use kayak mainly. Searching on "r9Origin" brings a couple of results with people reporting the same issue, and it's how I found this forum.

    Also I have the line:

    .co.uk TRUE / FALSE 1239854397 UndercoverUK LastVisit=4&#37;2F16%2F2008 [etc]

    UndercoverUK is an ecommerce site that I may well have visited around that time - I was looking for wallets I think, interestingly it's a .com though.

    I also have the sageamp/camp cookies set to .co.uk too.

    I am busy right now but I'll do some digging later and see if I can reproduce it. edit: I should add, our ISP is Zen, and nothing to do with Phorm.

  • #4
    New to the CF scene
    Join Date
    Mar 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There was a long outstanding bug with Firefox, where a web site could set a cookie with .co.uk. as the domain:

    https://bugzilla.mozilla.org/show_bug.cgi?id=385299

    I think it was fixed in FF2 though.

    Kayak is the site that sets the p2.med.r9Origin cookie when you click the search button. However, in a quick test it seems like they're setting it with the correct domain now:

    Set-Cookie: cluster=2; Domain=.kayak.co.uk; Path=/
    Set-Cookie: p2.med.r9Origin=LON; Domain=.kayak.co.uk; Expires=Fri, 26-Jun-2009 13:08:09 GMT; Path=/
    Set-Cookie: p2.med.sc=1; Domain=.kayak.co.uk; Expires=Fri, 26-Jun-2009 13:08:09 GMT; Path=/

    However, I just saw a request from a Firefox 3.0.2 client to a site I administer who has various cookies not set by my domain:

    p2.med.r9Origin=EDI
    AMOS_PREF=sac%3Dg1%252Ck48
    camp
    smuid
    s_pers

    I think most of the other cookies are from Sagemetrics, a metrics/tracking company. But again, I couldn't reproduce their site setting cookies on .co.uk.

    Aaron

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    FYI this thread is over a year old.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •