Security cookies ASP.NET
Question
I've a code to persist information in cookies about users like UserName and password.
Question is:
Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash string would be too long for it.
Is there any solutions?
1 answers
solution1
7 ACCPTED 2010-08-08 17:25:24
You never should store Passwords in plain text, and even a hashed password can be vulnerable to reverse-lookup unless it is salted correctly. ASP.NET Forms Authentication already lets you create a Persistent authentication cookie that will allow the user to stay logged in, so you should use that instead. See the Timeout, expires, and IsPersistant properties when Creating the Forms Authentication Cookies .
Alternatively you could setup a token based authentication system, by which users get a security token after they enter their login information and this token is valid for a specified amount of time. This is how Live ID and Google Accounts work, and they usually store the tolken in a cookie that is valid for weeks at a time.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.