I am using asp.net mvc 2.0 and I am wondering how secure is it to put information in a cookie?
Like I put in my cookie a forms authentication ticket that is encrypted so can I put information that could be sensitive in there?
string encryptedTicket = FormsAuthentication.Encrypt(authTicket)
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
Like I am not storing the password or anything like that but I want to store the UserId because currently every time the user makes a request to my site I have to do a query and get that users Userid, since every table in my db requires you to use the userId to get the right row back.
So these start to add up fast so I rather have it that if a user is authenticated once then that's it till they need to be re-authenticated again. If I would store this userId I could save so many requests to the database.
Yet I don't want it floating around in clear text as potential someone could use it to try to get a row out of a database when they really should not be.
Show how good is this encryption that Authentication uses?
Cookies sent over HTTP (port 80) are not secure as the HTTP protocol is not encrypted. Cookies sent over HTTPS (port 443) are secure as HTTPS is encrypted. So, if Facebook sends/receives cookies via HTTP, they can be stolen and used nefariously.
Cookies are a great way to store data about a user on their machine, which you can retrieve whenever you want and perform some action on it. For example, you can use cookies to remember preferences from the user, displaying their name, or show the last time they visited the website.
Cookies can store a wide range of information, including personally identifiable information (such as your name, home address, email address, or telephone number).
The encryption is good enough, that's not the weak link.
The weak link is that the cookie value could be intercepted, and someone else could impersonate the user.
So, the information in the cookie is safe enough, but you can't protect the cookie itself.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With