Click here to Skip to main content
11,639,305 members (67,537 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET
Dear programmers. I am new to secure programming in ASP.NET. I have one doubt.

What is persistent cookie? And what is the relation between the ticket and cookie? And why some times we will encrypt the cookie.

var ticket = new FormsAuthenticationTicket(txtUsername.Text,true,10);
        var encryptedTicket = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
        {
            HttpOnly = true,
            Secure = FormsAuthentication.RequireSSL,
            Path = FormsAuthentication.FormsCookiePath,
            Domain = FormsAuthentication.CookieDomain
        };
        Response.AppendCookie(cookie);
        Response.Redirect("~/homepage.aspx");


What will be the background processes when i execute the above code.
Posted 8-Aug-12 18:31pm
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

The non persistent cookie will live in user browser. the moment user will close the browser the cookie will be deleted. This is the normal way we use with authentication cookies.

persistent cookie on the other hand get saved on the user hard disk. this is typically done when we want to implement "remember me" type of lo-gin functionality. since the cookie will be saved on user computer, next time when the user access the page that cookie will serve as authentication ticket and the user will be logged in.

As for why is it encrypted, if we don't encrypt it then we are potentially sending user credential related sensitive information over the internet. It can be eavesdropped and then user maliciously by someone else (perhaps a hacker or hacker wannabe)

Note: You can refer to following article for details on custom forms authentication: Understanding and Implementing ASP.NET Custom Forms Authentication[^]
  Permalink  
v2
Comments
AshishChaudha at 9-Aug-12 8:29am
   
my +5
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Check this LINK.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I am using the following code......

 tkt = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now,
      DateTime.Now.AddMinutes(30), false, "Under the trees");
 
            cookiestr = FormsAuthentication.Encrypt(tkt);
            ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
 
            if (tkt.IsPersistent)
            {
                ck.Expires = tkt.Expiration;
            }
            ck.Path = FormsAuthentication.FormsCookiePath;
            Response.Cookies.Add(ck);
 
            Response.Redirect("index.aspx");
  Permalink  
Comments
Rahul Rajat Singh at 9-Aug-12 1:41am
   
Why is this posted as solution? This is not a solution. Please use improve question to add such things.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Suvendu Shekhar Giri 320
1 Sergey Alexandrovich Kryukov 283
2 Richard Deeming 200
3 CPallini 187
4 PIEBALDconsult 175
0 OriginalGriff 9,081
1 Sergey Alexandrovich Kryukov 8,812
2 Mika Wendelius 7,027
3 Suvendu Shekhar Giri 2,600
4 F-ES Sitecore 2,548


Advertise | Privacy | Mobile
Web02 | 2.8.150728.1 | Last Updated 9 Aug 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100