Where does IE8 store SSL cookies?

1

I was trying to carrying out some cookie tests with a web site my colleagues are maintaining. In Windows Vista/IE8, cookies should be stored in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders registry key which points to C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies

Visiting regular open sites will result in new cookies landing in that directory. However, this particular site is SSL-based, and I do not see the cookies saved here. Where do SSL cookies get stored?

UPDATE

To provide better understanding of the situation, the core "problem" is the cookies of concern are non-persistent cookies, rather than being SSL-based. This causes the cookies to only remain within the memory space of the browser and thus does not get persisted to disk.

icelava

Posted 2010-02-19T02:20:38.353

Reputation: 1 589

Are you able to disclose that site your are refering to? It could be the related cookie(s) might not be persistent and stored in the client browser memory. – o.k.w – 2010-02-19T02:40:28.210

yes there are two cookies used - one for app session (ASP.NET) and another for authentication (custom, not ASP.NET Forms authentication cookie). Both do not have expiry date set on them, which by default should mean they expire on browser close.

By your explanation, it means this kind of cookies NEVER get saved to disk? – icelava – 2010-02-19T02:46:53.083

I'm not sure whether it is an IE only behavior, and I do not have concrete proof. Just my hunch that it makes sense to be stored in memory than as a file. – o.k.w – 2010-02-19T02:58:29.643

Answers

2

I found a few articles on how non-persistent cookies are stored. In the memory it is.

Here's one of them: Back to Basics: Internet Cookies

Non-persistent cookies are stored in RAM and they get removed when the browser window instance is closed

Update:
I also did a test on accessing an SSL site after deleting all the site cookies. It does write to the same folder as you mentioned.

o.k.w

Posted 2010-02-19T02:20:38.353

Reputation: 608

thanks. do you know how to manipulate (rather, delete) cookies in memory? – icelava – 2010-02-19T03:13:11.953

How do you want to manipulate other than clearing it? It's kind of a security issue if you are able to, don't you think? – o.k.w – 2010-02-19T03:15:03.277

the thing is i want to delete only the session cookie, while keeping the auth cookie intact. – icelava – 2010-02-19T04:07:48.757

Well, I have yet to know of any cookie 'maniuplator' for in-memory cookies. You can give this cookie util a try but I doubt it lets you manage non-file-based cookies. http://www.nirsoft.net/utils/iecookies.html

– o.k.w – 2010-02-19T04:21:41.563

yes IECookiesView is based on the cookies folders :-/ – icelava – 2010-02-19T06:10:38.370

Asked: 2010-02-19T02:20:38.353

Viewed: 1 770 times

Active: 2010-02-19T06:25:12.000