I am using Session but it keeps on expiring before the time so user logs out after it. This is why i am using cookie. Does the machine key encrypt my cookie ?
By default yes, unless you configure your app to do otherwise. The default implementations will leverage the machinekey api. You can also manually call on the machinekey api and do it yourself (as I assumed you were doing from your original post). The machine
key will also be used for encrypting viewstate, etc.
When the going get's tough, the tough outsource and take a vacation... lol I wish :(
Yes machine key is a very secure api, especially the .net 4.5 version :) although YOUR machinekey might not be secure having posted it's value in a public forum lol. I'd suggest changing it for safety sake. But yes, machine key api is definitely secure.
I still wouldn't suggest storing any sensitive information in a cookie though, just in case.
When the going get's tough, the tough outsource and take a vacation... lol I wish :(
Harman Bajaj
Member
85 Points
68 Posts
What to Store in Cookie?
Nov 20, 2012 04:55 AM|LINK
I am storing user's emailid which works like primary key in Cookie. But I am encrypting it using machine Key:
<machineKey validationKey="02563BE791F7F0D2026A4BEC62A6F4062041796B48FB8105E28555E82834848D3C6D556C7B692AC71BB8F71FAACD6CE2E2435AC5D580645FEBEAEF6ABB6A34AB" decryptionKey="2509D534AB99251AB2E2FB01E67AC9CC11A476993D46AF67585206BEEF2930A6" validation="SHA1" decryption="AES"/>
I want to Know that is it insecure to store email in cookie using this machine key ?
Mikesdotnett...
All-Star
154957 Points
19873 Posts
Moderator
MVP
Re: What to Store in Cookie?
Nov 20, 2012 05:16 AM|LINK
You shouldn't generally use cookies for storing sensitive data. Use Session for that instead.
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
Harman Bajaj
Member
85 Points
68 Posts
Re: What to Store in Cookie?
Nov 20, 2012 05:22 AM|LINK
I am using Session but it keeps on expiring before the time so user logs out after it. This is why i am using cookie. Does the machine key encrypt my cookie ?
magicmike201...
Contributor
2021 Points
481 Posts
Re: What to Store in Cookie?
Nov 20, 2012 05:35 AM|LINK
By default yes, unless you configure your app to do otherwise. The default implementations will leverage the machinekey api. You can also manually call on the machinekey api and do it yourself (as I assumed you were doing from your original post). The machine key will also be used for encrypting viewstate, etc.
Harman Bajaj
Member
85 Points
68 Posts
Re: What to Store in Cookie?
Nov 20, 2012 05:43 AM|LINK
Like i am using machine key now and is it secure now ?
magicmike201...
Contributor
2021 Points
481 Posts
Re: What to Store in Cookie?
Nov 20, 2012 06:04 AM|LINK
Yes machine key is a very secure api, especially the .net 4.5 version :) although YOUR machinekey might not be secure having posted it's value in a public forum lol. I'd suggest changing it for safety sake. But yes, machine key api is definitely secure.
I still wouldn't suggest storing any sensitive information in a cookie though, just in case.
Naved Hasan ...
Participant
1005 Points
212 Posts
Re: What to Store in Cookie?
Nov 21, 2012 08:18 AM|LINK
You can increase the timeout of the session in the web.config. It will make you independent of thinking about cookies
RameshRajend...
Star
7983 Points
2099 Posts
Re: What to Store in Cookie?
Nov 21, 2012 10:39 AM|LINK
Please refer
http://msdn.microsoft.com/en-us/library/ms178194(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/78c837bd(v=vs.100).aspx
http://www.codeproject.com/Articles/244904/Cookies-in-ASP-NET