Try using the MOVE FOLDER button in IE SETTINGS (general tab) and point it to your RAMDRIVE - this way the registry will be changed for you...boot to dos, delete the temp internet folder completely (use deltree)...cold boot your pc and then do some surfing, your cookies should then only reside in the place you want.. Also set cookies to automatic in above and set disk space as low as possible (usually 1Mb) Hope this helps. Ian "Thomas C. Greene" <tcgreeneat_private> on 18/11/2001 11:35:34 To: "Bugtraq" <bugtraqat_private>, <focus-msat_private> cc: Subject: IE cookies assigned to RAM disk survive reboot I was playing with a Windows box running '98-SE, using a RAM disk for my temp & tmp dirs and browser cache for added security. I was quite surprised to find that my RAM drive 'remembered' all of my cookies between reboots, in spite of having gone into the registry to ensure, to the best of my ability, that the RAM disk would be my default cookie directory. Something's wrong. If you set your history option to zero days, nothing will be recorded. Fine, and that's an essential for security. But I can't prevent cookies from surviving boot to boot, and I've done more than just assign Temporary Internet Files to my RAM disk in IE setup. First, here's my autoexec.bat: @ECHO OFF XMSDSK 86352 G: /C1 /T /Y MD G:TEMP SET TMP=G:TEMP SET TEMP=G:TEMP And my swap file setup: PagingDrive=G: MinPagingFileSize=65536 MaxPagingFileSize=65536 I have IE set with the RAM disk [G:\] as my 'Temporary Internet Files' directory. But of course, there's a 'Cookies' subdirectory in the Windows directory, which retains them and which has to be dealt with. You'll find in the registry a key called Paths: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths Which, in spite of your IE setup, will include a value indicating that the cookie directory should be C:\Windows\Cookies. So of course I changed it to G:\Temporary Internet Files\Cookies. There is also a key called Special Paths: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths\Cookies With the Default Directory C:\Windows\Cookies Which, again, I changed to G:\Temporary Internet Files\Cookies. There is another key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ProfileReconcili ation\Cookies With the value: DefaultDir *windir\Cookies So changed DefaultDir to G:\Temporary Internet Files\Cookies as well. I deleted all cookies from C:\Windows\Cookies and G:\Temporary Internet Files\Cookies. I then booted into DOS and ran: del C:\Windows\Cookies\Index.dat. And then I started Windows and did some surfing. Then I rebooted. And when Windows started I found all the cookies from that surf session in the C:\Windows\Cookies directory *and* in the G:\Temporary Internet Files\Cookies RAM drive directory. I don't know how Windows is preserving these cookies. Any thoughts? ================ Thomas C. Greene Washington Bureau Chief "The Register" mailto:thomas.greeneat_private http://www.theregister.co.uk
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 15:00:24 PST