ASP Tip : Cookie Security
Introduction
If your site is going to use
cookies to store things like usernames and passwords then you should apply
some security to the cookie (even if the information is encrypted).
Why?
Take this scenario -
-
You store a username and password in
a cookie that will remain on the user's computer.
-
Another website copies that cookie
from the user's computer.
-
They can use that cookie to gain
access to your site.
To protect yourself you can use
Domain and Path settings.
How?
<%
Response.Cookies("uinfo") = "uname,password"
Response.Cookies("uinfo").Domain = "your-domain.com"
Response.Cookies("uinfo").Path = "/auth/secure"
%> |
This means that the cookie can only be accessed
from 'your-domain.com' in directory /auth/secure