Question

Issue with Anonymous access and cookie settings

1

I have come across an issue with an application that allows anonymous access. This app is designed to be accessed by the public, so we have no control over browser settings. If the user has Firefox (or other browser) configured to disallow cookies like this: and tries to access the application, they create a series of anonymous connections which increase in number continuously as shown below: As we cannot control the individual's browser settings, this is effectively creating a DoS attack on the server. Is there any way to catch and prevent this situation occuring?

asked 2013-09-09

David Sanders

2 answers

1

Sounds like it needs a bug report. I think there is a cookies-enabled check missing somewhere. If cookies are disabled, you should just get an error, since it would render the app completely useless since the app cannot track any state.

answered 2013-09-11

Michel Weststrate

Daniel Schilperoord · Accepted Answer · 2013-09-11

There should be a check so that an error is shown when cookies are disabled. This will be added in an upcoming release.

Below you can find a workaround which checks if cookies are enabled, and only then loads mxui.js which bootstraps the Mendix client. If cookies are not enabled, an error is shown. The script should replace the inclusion of mxui.js in the document.

<script type="text/javascript">
    dojo.require("dojo.cookie");

    if (dojo.cookie.isSupported()) {
        var script = document.createElement("script");
        script.type = "text/javascript";
        script.src = "mxclientsystem/mxui/mxui.js";
        document.body.appendChild(script);
    } else {
        alert("This application requires cookies to be enabled");
    }
</script>