是否安全密码储存在饼干？ [英] Is it secure to store passwords in cookies?

问题描述

我的Web应用程序的主页上有一个与rememberMe 复选框。如果用户检查吧，我预订购在Cookie中存储电子邮件的ID和密码。这是我的code：

My web application's home page has a RememberMe checkbox. If the user checks it, I willl store email-id and password in cookies. This is my code:

if (this.ChkRememberme != null && this.ChkRememberme.Checked == true)
   {
     HttpCookie cookie = new HttpCookie(TxtUserName.Text, TxtPassword.Text);
     cookie.Expires.AddYears(1);
     Response.Cookies.Add(cookie);
   }

我想知道的是：

• 是否安全密码储存在饼干？


• 什么是做同样的正确方法？


• 什么是设置时间的cookie的最佳实践？

推荐答案

这不是固定密码储存在饼干，因为它们可为纯文本。

It's NOT secure to store passwords in cookies because they are available as plain text.

一个很好的地方找到关于cookies的一些答案是 Cookie的中央。获得会员资格通常使用的cookie与长所谓串是从网站上公布了记号，当您提供您的用户名和密码。更多关于您可以在此文章发现的过程。
当使用ASP.NET窗体身份验证可以设置身份验证cookie是这样的：

A good place to find some answers about cookies is Cookie Central. For membership usually is used a cookie with a long string called 'token' that is issued from the website when you provide your user name and password. More about the process you can find in this article. When using forms authentication in ASP.NET you can set the authentication cookie like this:

FormsAuthentication.SetAuthCookie(userName, isPersistanceCookie);

第二个参数用于记住我的功能 - 如果为true，将创建将最后你离开网站后持久的cookie。您也可以通过编程操纵的cookie是这样的：

The second parameter is used for "Remember Me" functionality - if true it will create persistent cookies that will last after you leave the site. You can also programatically manipulate the cookie like this:

HttpCookie authCookie =
  HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

这篇关于是否安全密码储存在饼干？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！