Is it secure to store passwords in cookies?

by

It’s NOT secure to store passwords in cookies because they are available as plain text.

A good place to find some answers about cookies is Cookie Central. For membership usually is used a cookie with a long string called ‘token’ that is issued from the website when you provide your user name and password. More about the process you can find in this article.
When using forms authentication in ASP.NET you can set the authentication cookie like this:

FormsAuthentication.SetAuthCookie(userName, isPersistanceCookie);

The second parameter is used for “Remember Me” functionality – if true it will create persistent cookies that will last after you leave the site. You can also programatically manipulate the cookie like this:

HttpCookie authCookie =
  HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

More Related Contents:

  1. c# asp.net delete last comma [closed]
  2. Sharing sessions across applications using the ASP.NET Session State Service
  3. Making a Simple Ajax call to controller in asp.net mvc
  4. How do I do pagination in ASP.NET MVC?
  5. How do I export to Excel?
  6. MVC which submit button has been pressed
  7. Difference between MVC 5 Project and Web Api Project
  8. Passing object in RedirectToAction
  9. How do I dispose my filestream when implementing a file download in ASP.NET?
  10. Visual Studio 2015 not syntax highlighting razor nor Intellisense
  11. Get error message if ModelState.IsValid fails?
  12. An error occurred during report processing. -RLDC reporting in ASP.NET MVC
  13. How do I log a user out when they close their browser or tab in ASP.NET MVC?
  14. Does FileStreamResult close Stream?
  15. Display custom error page when file upload exceeds allowed size in ASP.NET MVC
  16. Child actions are not allowed to perform redirect actions, after setting the site on HTTPS [duplicate]
  17. Why is Asp.Net Identity IdentityDbContext a Black-Box?
  18. TempData null in asp.net core
  19. Update multiple records at once in asp.net mvc
  20. ASP.NET Identity – Multiple object sets per type are not supported
  21. How can I secure passwords stored inside web.config?
  22. onchange event for html.dropdownlist
  23. How to add Web API to an existing ASP.NET MVC (5) Web Application project?
  24. Storing more information using FormsAuthentication.SetAuthCookie
  25. System.web.mvc missing
  26. How to route EVERYTHING other than Web API to /index.html
  27. MVC4 – Bundling does not work when optimizations are set to true
  28. Dealing with large file uploads on ASP.NET Core 1.0
  29. Specify Date format in MVC5 (dd/MM/yyyy)
  30. LINQ to Entities does not recognize the method ‘System.String ToString()’ method in MVC 4

Leave a Comment