Armin
Reputation: 78
Forms authentication ticket is storing password in a cookie?
It's recommended that we should never store passwords in cookies. By using and storing .net forms authentication tickets in cookies aren't we doing just that?
Upvotes: 0
Views: 290
Answers (1)
Evk
Reputation: 101443
No, because:
- Ticket does not contain password. It contains just information about user it was created for (user name), date when it was created, date when it expires.
- Information above is encrypted and can only be decrypted by server.
Upvotes: 1
Related Questions
- Forms Authentication Cookie is not setting?
- Forms Authentication Cookie Not Being Recognized
- ASP.Net Forms Authentication cookie is passed across sessions
- Authentication Cookie in asp.net
- Form authentication cookie vulnerability
- Forms Authentication Cookie value vulnerability in asp.net
- Cookie and Authentication -ASP.net
- Cookie-based Forms Authentication with Cookies disabled
- How ASP.NET form authentication works: recognising cookies from request
- ASP.NET Forms Authentication Ticket Timeout