Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
While this is possible in C#: (User is a L2S class in this instance)
User user = // function to get user
Session["User"] = user;
why this is not possible?
User user = // function to get user
HttpCookie cookie = new HttpCookie();
cookie.Value = user;
and how can it be done? I don’t want to store the id of the user within the cookie and then do some validation.
Btw, if possible, is it secure to store an object within a cookie rather than only the ID ?
A cookie is just string data; the only way to do that would be to serialize it as a string (xml, json, base-64 of arbitrary binary, whatever), however, you shouldn’t really trust anything in a cookie if it relates to security information (“who am I?”) as a: it is easy for the end-user to change it, and b: you don’t want the overhead of anything biggish on every single request.
IMO, caching this as the server is the correct thing; don’t put this in a cookie.