Forms authentication ticket is storing password in a cookie?
Question
It's recommended that we should never store passwords in cookies. By using and storing .net forms authentication tickets in cookies aren't we doing just that?
1 answers
solution1
1 2016-11-20 19:53:28
No, because:
- Ticket does not contain password. It contains just information about user it was created for (user name), date when it was created, date when it expires.
- Information above is encrypted and can only be decrypted by server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
MVC4 - Setting custom user data in forms authentication ticket causes the forms authentication cookie to not get set?
Is forms Authentication Ticket always Encrypted?
Storing a password in an encrypted cookie?
Deleting/invalidating server side authentication cookie/ticket
forms authentication cookie replacement
Forms Authentication Cookie is not setting?
Forms Authentication and authentication cookie not persisting
Reading forms authentication ticket w/firefox and chrome
Forms Authentication: Determine why ticket is invalid
Renewing forms authentication ticket - strange timing
Related Tags