Broadband Tech > Security > Security > Something I don't understand about WebWasher

reply to Anon

Re: Something I don't understand about WebWasher

2 questions actually:

1)
Why aren't certain NEUTRAL cookies (not all, just certain ones) being set with my WW user defined expiration time when all other ones are being filtered appropriately and have their expiration times set correctly through the WW Filter? (in other words, why are they being set with the site's defined expiration time instead of what I have set in WW)

2) why aren't certain BAD cookies being filtered at all, when all the other BAD cookies are? (In other words, why am I finding certain BAD cookies on my system at all? How are they slipping by WW filter?)

Example:

paypal.com - neutral -
designated to expire in 24hours in WW filter -
CookieSpy shows it will expire in 20 years.

ebay.com - neutral -
designated to expire in 24 hours in WW filter -
CookieSpy shows it will expire in 5 years

www.paypal.com - BAD -
designated as BAD - should never be allowed to be set -
Cookie Spy shows it is set and will expire in 30 years.

All other cookies are being set, or not set at all, appropriately with correct expiration times, depending on their designation in the WW filter.

Zhen, what I am thinking is that these particular cookies are fooling the system (WW) somehow - how I would like to know!!

Does using a secure website - https - have anything to do with it? So - if the site has both and http and https within it, does WW work on both, or just the http unless you tell it to work on the https pages as well??

Interesting... if you are setting the paypal cookie to bad, then you shouldn't be able to log into the system at all since it wants to leave a cookie on your hard drive. Hmm... I have to test this when I get home.

AFAIK, any bad cookies I have set, are not coming down.

Well Zhen I may have spoken too soon, as I went back to eBay, and signed in under the http (instead of hhtps) and I still got a cookie set to expire in 5 years, not 24 hours, so the https may have nothing to do with it.

I am stumped. (Not that I know enough not to be stumped, it just shows how little I know about how these things work).

And also - I have my WW configured like yours except neutral cookies expire in 24 hours. Also I have disabled scripts from accessing cookies.
[text was edited by author 2001-05-22 16:18:12]

Switch the neutral setting and conduct the same test. What are your results?

Ok - I set my neutral to expire after finishing the browser session, and when I checked cookies for ebay.com at every page I went to (through CookieSpy, and I refresh the view of that folder each time by going to a different folder than coming back to the folder these cookies go into).

What I found was this:

As long as I stayed in the http portion of the site, NO COOKIE was set on my machine.

I signed out and resigned in (checking at each step along the way for a cookie from ebay.com) via https and low and behold the cookie with a 5 year expiration date appears on my system!!! So, with neutrals set to expire with the browser session, WW didn't keep out cookie from the https page !! ?? !!

I went to »www.paypal.com - did nothing, no cookie

went to »www.paypal.com - did nothing, cookie set and expires in 30 years. (I deleted it)

When I tried to repeat it with the https and paypal, it didn't set a cookie. (But it did that first time - which I promptly deleted.)

When I signed into PayPal, which is through the https, and is www.paypal.com, I get a cookie now which expires in 6 months.

more confused . . . .

reply to Zhen-Xjell
Ok Zhen,

Think I am narrowing this down a little - I went to costco.com - on my BAD list. No cookie set at the usual

http ://costco.com (had to put a space in there for the url to show up correctly?)

BUT when I went to

»costco.com

I got a cookie set that expires in 34 years!!

hmmmm

reply to Zhen-Xjell
Zhen same thing happened with sears.com

go to http and no cookie.

go to https and you get a cookie - this one for 24 years.

Not good . . . . .

reply to Anon
I just tried, first setting the url filter to »www.paypal.com. Two cookies were set. I deleted them, then tried again with the filter set to *.paypal.com, went to htts://www.paypal.com, and this time, no cookies were set at all.
--
we were just souless, bloodsucking demons-they're lawyers...

I am still learning how to use WW - so I should do a "*" in front of it?? hmmmm I'll go try that now!

Well - I still get the 6mth cookie when I log in at the https www.paypal.com and the cookie is from paypal.com, not www.paypal.com

I put a "*" in front of both too in their respective entries in the WW filter list.
[text was edited by author 2001-05-22 18:08:03]

Here is a site to help you Setup and use WW. »www.pacificnet.net/%7Ebbruce/workshop.htm

thanks for the link.
Do you guys have trouble with opening pop up windows when WW is not set to block them?»www.bhmotorsports.com/
That site uses pop ups for everything and with WW on I can't get any pop up at all.

Update never mind when I open WW first all is OK:)
[text was edited by author 2001-05-22 19:08:30]

reply to Vampirefo
Thank you vampirefo for the link - I had meant to get back there for a while now.

I didn't find anything to help me with this except that they have found that cookies from about.com can't be blocked by WW.