Home/ Questions/Q 557135
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T11:59:38+00:00

My web application’s home page has a RememberMe checkbox. If the user checks it,

  • 0

My web application’s home page has a RememberMe checkbox. If the user checks it, I willl store email-id and password in cookies. This is my code:

if (this.ChkRememberme != null && this.ChkRememberme.Checked == true)
   {
     HttpCookie cookie = new HttpCookie(TxtUserName.Text, TxtPassword.Text);
     cookie.Expires.AddYears(1);
     Response.Cookies.Add(cookie);
   }

What I want to know is:

  • Is it secure to store passwords in cookies?
  • What is proper way of doing the same?
  • What are the best practices in setting time for a cookie?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s NOT secure to store passwords in cookies because they are available as plain text.

    A good place to find some answers about cookies is Cookie Central. For membership usually is used a cookie with a long string called ‘token’ that is issued from the website when you provide your user name and password. More about the process you can find in this article.
    When using forms authentication in ASP.NET you can set the authentication cookie like this:

    FormsAuthentication.SetAuthCookie(userName, isPersistanceCookie);

    The second parameter is used for "Remember Me" functionality – if true it will create persistent cookies that will last after you leave the site. You can also programatically manipulate the cookie like this:

    HttpCookie authCookie =
  HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
    • 0