storing`passwords in cookies

  • Thread starter Thread starter Jason
  • Start date Start date
J

Jason

I have a .net application with forms authentication. I
need to store the password entered at the login screen for
later use. I can either store it in a session object or in
the forms authentication ticket. I think the ticket is the
right place because the password is a property of the
user, and therefore part of the identity. I know it will
be encrypted before it is written to the cookie but is
this the right answer? How safe is the password?
 
Anytime you send something out to the client, there is a possibility of
compromise. While it is slim, you should consider it. In general, I create a
user object and use it to store reused variables. It can be placed in
session. I would not put the password, as you should not need it agani.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 
Back
Top