Last post Dec 07, 2017 10:45 AM by PaulZ
Dec 06, 2017 02:20 PM|PaulZ|LINK
I am setting up a site. A user has to log in and I want to store some persistent data for that specific user.
I can do that with cookies.
UserA logged in -> cookie ('UserA') is set with a value.
But what if UserB logges in on the same computer on the same site? cookie ('UserB') is set with a value.
But when UserB looks at all the cookies for this domain on that computer, he also sees the cookies set for UserA.
Of course, I encrypted all names and values, but can I prevent in any way that UserA sees UserB cookies???
Maybe it is not possible. In that case, I have to store all data in a database, but cookies is much easier now :D .
Dec 07, 2017 06:36 AM|Deepak Panchal|LINK
what kind of information you are storing in cookie?
is it very sensitive information? if yes, I suggest you to do not use the cookies to store this information inside cookies.
there is no any specific way available to protect the cookie on local machine.
you said you encrypted the data but what if someone delete the data from the folder.
so it is better to keep that information stored inside a database rather then cookies.
or you can find any other workaround to store this information somewhere else on local machine using different logic.
ASP.NET Cookies Overview
Dec 07, 2017 07:03 AM|ryanbesko|LINK
Use session variables and learn how to deal with the ups and downs of them. It's pretty easy to overcome. And any person should know to log out of personal things when they leave a shared computer. The log out process you write or use should include Session.Abandon().
Dec 07, 2017 07:52 AM|PaulZ|LINK
I want to remind the user every 90 days to check some personal settings.
I could log the last reminderdatetime that in the database, but wondered if that was possible with persistent cookies also :) ...
Reading all the answers I think I don't have any other way then to abandon the cookie solution ;) ...
Dec 07, 2017 08:46 AM|ryanbesko|LINK
You need to rethink all of that. There's a good chance a cookie won't be there after 90 days. Do you ever clear your browser history? This is not a reliable route to go down. What automation options do you have? SQL Server Agent? Windows Task Scheduler?
Dec 07, 2017 10:45 AM|PaulZ|LINK
Thanks :) .
I will store the info in my database and get it back after login. That's the only solution I think now.