Click here to Skip to main content
12,693,601 members (29,747 online)
Rate this:
Please Sign up or sign in to vote.
See more: C# ASP.NET
Dear programmers. I am new to secure programming in ASP.NET. I have one doubt.

What is persistent cookie? And what is the relation between the ticket and cookie? And why some times we will encrypt the cookie.

var ticket = new FormsAuthenticationTicket(txtUsername.Text,true,10);
        var encryptedTicket = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
            HttpOnly = true,
            Secure = FormsAuthentication.RequireSSL,
            Path = FormsAuthentication.FormsCookiePath,
            Domain = FormsAuthentication.CookieDomain

What will be the background processes when i execute the above code.
Posted 8-Aug-12 19:31pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 3

The non persistent cookie will live in user browser. the moment user will close the browser the cookie will be deleted. This is the normal way we use with authentication cookies.

persistent cookie on the other hand get saved on the user hard disk. this is typically done when we want to implement "remember me" type of lo-gin functionality. since the cookie will be saved on user computer, next time when the user access the page that cookie will serve as authentication ticket and the user will be logged in.

As for why is it encrypted, if we don't encrypt it then we are potentially sending user credential related sensitive information over the internet. It can be eavesdropped and then user maliciously by someone else (perhaps a hacker or hacker wannabe)

Note: You can refer to following article for details on custom forms authentication: Understanding and Implementing ASP.NET Custom Forms Authentication[^]
AshishChaudha 9-Aug-12 8:29am
my +5
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Check this LINK.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

I am using the following code......

tkt = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now,
      DateTime.Now.AddMinutes(30), false, "Under the trees");

            cookiestr = FormsAuthentication.Encrypt(tkt);
            ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);

            if (tkt.IsPersistent)
                ck.Expires = tkt.Expiration;
            ck.Path = FormsAuthentication.FormsCookiePath;

Rahul Rajat Singh 9-Aug-12 1:41am
Why is this posted as solution? This is not a solution. Please use improve question to add such things.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web01 | 2.8.170118.1 | Last Updated 9 Aug 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100