I am using a checkCookie function to see whether a username and password exists in cookie.I know using cookie is not a secure method but I am only using it on trial basis, so please be lenient.
On first execution, it will prompt the user for its username and password and will store it in document.cookie by using setCookie(); and on re-executing code, it will only ask the username and will check cookie to retrieve the corresponding password. Below is my checkCookiefunction JS:-
function checkCookie() {
var username = prompt("Please enter your name:", "");
var password;
if (flag == 0) { //flag=0 shows cookie is not set
password = prompt("Please enter your password:", "");
username += "!";
username += password;
alert("Username = " + username);
setCookie("username", username, 365); //save input in cookie
} else //if cookie is already set with some username+password
{
var n = getCookie("username", username); //this retrieves the password from Cookie
if (n) {
alert("FLAG= 1 The user's password is " + n);
} else
alert("FLAG= 1 User password doesnot exist ")
}
} //checkCookie function end
Now I have these questions regarding the above code.
1) I am trying to use a flag variable, whose value is initally 0, but whenever a username is stored in Cookie, flag value should bee 1. In C, we can do this by declaring a static variable flag, but how to achieve this in JS ?
2) Plus my plete Javascript is allowing me to get password corresponding to a username, how can I use it to auto-fill password field on lets say gmail webpage password field?
If i use getElementByID("password").innerHTML = password, will it auto-fill the document's password field ?
3) When I run the code on JSFiddle, the username cookie is saved. But when I refresh the JSFiddle, cookie values are reset! How can I make my cookie value persistent(fixed) on page reload?
Looking forward to some good suggestions. Thanks for reading
I am using a checkCookie function to see whether a username and password exists in cookie.I know using cookie is not a secure method but I am only using it on trial basis, so please be lenient.
On first execution, it will prompt the user for its username and password and will store it in document.cookie by using setCookie(); and on re-executing code, it will only ask the username and will check cookie to retrieve the corresponding password. Below is my checkCookiefunction JS:-
function checkCookie() {
var username = prompt("Please enter your name:", "");
var password;
if (flag == 0) { //flag=0 shows cookie is not set
password = prompt("Please enter your password:", "");
username += "!";
username += password;
alert("Username = " + username);
setCookie("username", username, 365); //save input in cookie
} else //if cookie is already set with some username+password
{
var n = getCookie("username", username); //this retrieves the password from Cookie
if (n) {
alert("FLAG= 1 The user's password is " + n);
} else
alert("FLAG= 1 User password doesnot exist ")
}
} //checkCookie function end
Now I have these questions regarding the above code.
1) I am trying to use a flag variable, whose value is initally 0, but whenever a username is stored in Cookie, flag value should bee 1. In C, we can do this by declaring a static variable flag, but how to achieve this in JS ?
2) Plus my plete Javascript is allowing me to get password corresponding to a username, how can I use it to auto-fill password field on lets say gmail. webpage password field?
If i use getElementByID("password").innerHTML = password, will it auto-fill the document's password field ?
3) When I run the code on JSFiddle, the username cookie is saved. But when I refresh the JSFiddle, cookie values are reset! How can I make my cookie value persistent(fixed) on page reload?
Looking forward to some good suggestions. Thanks for reading
Share Improve this question edited Dec 13, 2013 at 17:39 Saad Sarwar asked Dec 13, 2013 at 13:44 Saad SarwarSaad Sarwar 3232 gold badges5 silver badges12 bronze badges 3- What kind of backend do you have? It is better to let the session code handle passwords. – Tim Seguine Commented Dec 13, 2013 at 13:46
- 1 You shouldn't store usernames and passwords as cookies, this is bad practice. Instead you should create a login page which stores a session token in your database and sets that as the cookie, then when a user has your session token cookie all you need to do is pare that with your tokens table in your database. – James Donnelly Commented Dec 13, 2013 at 13:49
- I am trying to use this javascript with my Firefox extension, so that it can store passwords and can do auto-filling whenever the firefox extension button is pressed! my next goal would be to make a cross-browser auto-filling extension. – Saad Sarwar Commented Dec 13, 2013 at 13:51
2 Answers
Reset to default 9You should never store usernames and passwords as cookies, even if they're encrypted or hashed, this is bad practice as anyone could just e along and inspect the user's network traffic and steal their identity. Storing usernames and passwords as cookies essentially broadcasts them to anyone who may be looking in.
Instead you should create a login page which stores a session token and the user's IP in your database and sets that as the cookie, then when a user has your session token cookie all you need to do is pare that and the user's IP address with your tokens table in your database to check whether they are logged in or not.
If the same person es along and inspects the network traffic, all they'll get is the session token. Sure, they could potentially use this to steal the session, but they'd need the same IP address.
This is why websites should also always require a password to be re-entered when letting users modify account information.
See this Wikipedia article on Session Hijacking for further reading.
I'll skip the lecture and give you what you asked for:
document.getElementById("password").value = password;
seems to work (tested in jsfiddle)