Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET
Dear programmers. I am new to secure programming in ASP.NET. I have one doubt.
 
What is persistent cookie? And what is the relation between the ticket and cookie? And why some times we will encrypt the cookie.
 
var ticket = new FormsAuthenticationTicket(txtUsername.Text,true,10);
        var encryptedTicket = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
        {
            HttpOnly = true,
            Secure = FormsAuthentication.RequireSSL,
            Path = FormsAuthentication.FormsCookiePath,
            Domain = FormsAuthentication.CookieDomain
        };
        Response.AppendCookie(cookie);
        Response.Redirect("~/homepage.aspx");
 

What will be the background processes when i execute the above code.
Posted 8-Aug-12 18:31pm
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

The non persistent cookie will live in user browser. the moment user will close the browser the cookie will be deleted. This is the normal way we use with authentication cookies.
 
persistent cookie on the other hand get saved on the user hard disk. this is typically done when we want to implement "remember me" type of lo-gin functionality. since the cookie will be saved on user computer, next time when the user access the page that cookie will serve as authentication ticket and the user will be logged in.
 
As for why is it encrypted, if we don't encrypt it then we are potentially sending user credential related sensitive information over the internet. It can be eavesdropped and then user maliciously by someone else (perhaps a hacker or hacker wannabe)
 
Note: You can refer to following article for details on custom forms authentication: Understanding and Implementing ASP.NET Custom Forms Authentication[^]
  Permalink  
v2
Comments
AshishChaudha at 9-Aug-12 8:29am
   
my +5
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Check this LINK.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I am using the following code......
 
 tkt = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now,
      DateTime.Now.AddMinutes(30), false, "Under the trees");
 
            cookiestr = FormsAuthentication.Encrypt(tkt);
            ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
 
            if (tkt.IsPersistent)
            {
                ck.Expires = tkt.Expiration;
            }
            ck.Path = FormsAuthentication.FormsCookiePath;
            Response.Cookies.Add(ck);
 
            Response.Redirect("index.aspx");
  Permalink  
Comments
Rahul Rajat Singh at 9-Aug-12 1:41am
   
Why is this posted as solution? This is not a solution. Please use improve question to add such things.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 310
1 Sergey Alexandrovich Kryukov 176
2 PhilLenoir 164
3 Richard MacCutchan 160
4 Sharmanuj 146
0 Sergey Alexandrovich Kryukov 6,077
1 OriginalGriff 5,115
2 CPallini 2,473
3 Richard MacCutchan 1,597
4 Abhinav S 1,505


Advertise | Privacy | Mobile
Web01 | 2.8.140814.1 | Last Updated 9 Aug 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100