Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is putting data in cookies secure?

Tags:

c#

.net

security

cryptography

encryption

I am using asp.net mvc 2.0 and I am wondering how secure is it to put information in a cookie?

Like I put in my cookie a forms authentication ticket that is encrypted so can I put information that could be sensitive in there?

string encryptedTicket = FormsAuthentication.Encrypt(authTicket)
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

Like I am not storing the password or anything like that but I want to store the UserId because currently every time the user makes a request to my site I have to do a query and get that users Userid, since every table in my db requires you to use the userId to get the right row back.

So these start to add up fast so I rather have it that if a user is authenticated once then that's it till they need to be re-authenticated again. If I would store this userId I could save so many requests to the database.

Yet I don't want it floating around in clear text as potential someone could use it to try to get a row out of a database when they really should not be.

Show how good is this encryption that Authentication uses?

like image 300
chobo2 Avatar asked Jul 08 '10 18:07

chobo2

People also ask

Are cookies secured?

Cookies sent over HTTP (port 80) are not secure as the HTTP protocol is not encrypted. Cookies sent over HTTPS (port 443) are secure as HTTPS is encrypted. So, if Facebook sends/receives cookies via HTTP, they can be stolen and used nefariously.

Should I store user data in cookie?

Cookies are a great way to store data about a user on their machine, which you can retrieve whenever you want and perform some action on it. For example, you can use cookies to remember preferences from the user, displaying their name, or show the last time they visited the website.

What data should be stored in cookies?

Cookies can store a wide range of information, including personally identifiable information (such as your name, home address, email address, or telephone number).

1 Answers

The encryption is good enough, that's not the weak link.

The weak link is that the cookie value could be intercepted, and someone else could impersonate the user.

So, the information in the cookie is safe enough, but you can't protect the cookie itself.

like image 56
Guffa Avatar answered Sep 24 '22 12:09

Guffa
Sign in to Comment

Related questions

Generic List to EntitySet Conversion
Unity application block 2.0 - The given assembly name or codebase was invalid
Connection timeout on query on large table
LINQ How to select more than 1 property in a lambda expression?
Way to fill collection with Unity
LINQ to find the closest number that is greater / less than an input
INSERT INTO if not exists SQL server
Cancel button in form
Entity Framework: Unable to create a constant value of type 'System.Collections.Generic.IList`1'
How can I hide a specific column form a dataGridView?
implementing default values in a Model
Making A Beep in C# WPF
I am trying to convert an Object to dynamic type but the conversion is failing with RunTimeBinder exception
IEnumerable<type> does not contain a definition of 'Contains'
Detecting Web.Config Authentication Mode
Is C++ .NET dying?
How to code Jon Skeet's Singleton in C++?
how to get the oldest file in a directory fast using .NET?
Comparing One Value To A Whole Array? (C#)
How can I make a single instance form (not application)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!