Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Somewhere, but I can’t remember where, I read that when storing sensitive information in cookies, you should encrypt or at least encode the data.
I’m only using one cookie so far and its only for a remember my email feature on the login page. Encrypting seems to be a bit overkill but I was wondering if its good practice to at least encode an email address stored in a cookie?
Thanks for any advice.
My answer: It doesn’t hurt
Honestly, if they are putting their email into a web form, I wouldn’t care too much to encrypt it. I would probably base64 encode it, more or less so I don’t have to worry about unicode characters. But full-out encrypt it? Probably not necessary for the average website.
But, like I said, it doesn’t hurt. Although I don’t think it’s necessary, if you are uncomfortable leaving people’s email in the cookie, a simple crypt call can give you some peace of mind.
Any type of session hijacking cannot be done by email address alone, but it is a privacy concern to have someone be able to associate their email with your website.