9 Years
Discussion Span
Last Post by jwenting

No cookies are stored in client's machine and since they are not a secure enough to hold confidential information so they do not contain password. However as a text you can put password in cookies but you shouldn't do so. Password once validated should not be stored in any medium like cookies or session.


Cookies should never contain passwords. You can have a cookie contain a session id. The session id can then point to a user in a database. From the database you can easily cross reference the user's password. By doing it this way you can have the session expire in the database after a few hours/days and also have the cookie to do the same.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.