What's wrong with cookies today?

[Wavebourn]

Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

Cookie: bbuserid=79148; bbpassword=b200 [...]

I am getting such errors again and again; when I think I deleted all cookies related to diyaudio.com one more error message pops up...

What happened?

[Geek]

I was just cleaning my cookies and found personally identifiable information in cookies that did NOT belong to diyAudio, but their Google Analytics (the "__utmz:" cookie).

My email and my username were in that cookie!

I deleted it, came back here and the __utmz: cookie regenerated sans the personally identifiable information.

It seems to scalp info upon login and the __utmz is NOT needed for the functioning of your login.

Of all the "__utmz:" I cleaned (about 50), diyAudio was the only one passing on personally identifiable information.

This needs to be fixed.


Cheers!

[Cal Weldon]

I've moved this over to troubleshooting and will alert the webmaster.

[Jason]

Quote:

Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

Cookie: bbuserid=79148; bbpassword=b200 [...]

I am getting such errors again and again; when I think I deleted all cookies related to diyaudio.com one more error message pops up...

What happened?

Neither I nor Dan know what might be causing this, and we haven't seen the error ourselves (other than generally the server having a small hissy fit, unrelated to cookies). What browser are you using, and what happens if you clean out your cookies?

Quote:

Originally Posted by Geek

I was just cleaning my cookies and found personally identifiable information in cookies that did NOT belong to diyAudio, but their Google Analytics (the "__utmz:" cookie).

My email and my username were in that cookie!

I deleted it, came back here and the __utmz: cookie regenerated sans the personally identifiable information.

It seems to scalp info upon login and the __utmz is NOT needed for the functioning of your login.

Of all the "__utmz:" I cleaned (about 50), diyAudio was the only one passing on personally identifiable information.

This needs to be fixed.


Cheers!

Hi Geek,

Last week we tested the OpenX market out to serve some ads in the footer. I was not very happy with the quality of the ads, they were very junky and I don't think they did our members any service. I also have some questions potentially about the sanity of the ads (whether there was any malicious JS in them, etc, based on what I read yesterday in the OpenX market forums). After a few days I turned it off.

I'd be interested if this occurred during that period or not. Let me know if it happens again.

I just looked at my cookies, and there is no login information in there. Can you PM me what you had in your cookie.

[Geek]

Hi Jason,

I nuked the cookie with the info already

I was going to screencap it when I came back here and I discovered that the identifiable info didn't show up again.

I went like this though:

Code:

__utmz:[numbers]utmcsr=([my email address])|utmccn=([my username])|utmcmd=([jibberish string])

But if it happens again, you bet I'll get you the info!

Cheers!

[Jason]

I don't pretend to know how vBulletin or Google store their cookies, other than that any personally identifiable information should be stored in hashes, and not clear text, to prevent XSS.

[ostripper]

Quote:

I don't pretend to know how vBulletin or Google store their cookies, other than that any personally identifiable information should be stored in hashes, and not clear text, to prevent XSS.

I do ...
Your site is very safe , your cookies are anonymous , except to diya itself...(the hash change after login)
I "exposed" what diya does - cookie/communication wise here :
diyaudio.com - An unsafe site?? (my last 2 posts)
chrome and IE "agree"... same cookies , same requests
BTW , very good work .. I really like the site now that I have figured it out
WOW , we even have our own "home pages", cool beans...

OS

[Wavebourn]

Quote:

Originally Posted by Jason

Neither I nor Dan know what might be causing this, and we haven't seen the error ourselves (other than generally the server having a small hissy fit, unrelated to cookies). What browser are you using, and what happens if you clean out your cookies?

Never mind, it happened during transition. Your new server did not want cookies stored by an old one.

[Hearinspace]

Quote:

Originally Posted by Geek

Hi Jason,

I nuked the cookie with the info already

I was going to screencap it when I came back here and I discovered that the identifiable info didn't show up again.

I went like this though:

Code:

__utmz:[numbers]utmcsr=([my email address])|utmccn=([my username])|utmcmd=([jibberish string])

But if it happens again, you bet I'll get you the info!

Cheers!

Reading your post I checked mine. Same thing. Deleted, same result.

[imix500]

I had this error intermittently as well until I cleared all my cookies. Running Firefox 3.5.3 on a mac book pro.