Reputation: 3214
which information should be considered critical before attempting to save in a cookie?
In my site I am using cookie based authentication system where I save the login credentials like username and password in a browser cookie. Is it a bad practice ? if so how this can be a threat to the security ?
Upvotes: 0
Views: 104
Answers (1)
Reputation: 15121
This is definitely a bad practice. You should never save sensitive information in a cookie. This information is accessible on the user's machine in plain text and could be altered and sent back to the application with bad data. You should always store this on the server, either in session variables, or permanently in a database.
Anything that is sensitive or critical for your application to function properly you should avoid. You may store things to make the user experience better, like layout, colors, last viewed pages, etc. You may also store the user name to provide a 'Remember Me' kind of login as long as you authenticate on submission via passwords.
Upvotes: 1
Related Questions
- What information is OK to store in cookies?
- Entering new cookie to save(also understanding cookies)
- ASP.NET and cookies for remember functionality
- What type of data can be stored in cookies?
- How do Cookies Work in ASP.NET?
- Best way to save cookie in C# .NET?
- Cookies in ASP.Net
- What type of information should be saved in a Cookie (PHP)
- What information to save to a cookie for future account authentication?
- Cookies in ASP.NET