5
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by jwenting
0

No cookies are stored in client's machine and since they are not a secure enough to hold confidential information so they do not contain password. However as a text you can put password in cookies but you shouldn't do so. Password once validated should not be stored in any medium like cookies or session.

0

Cookies should never contain passwords. You can have a cookie contain a session id. The session id can then point to a user in a database. From the database you can easily cross reference the user's password. By doing it this way you can have the session expire in the database after a few hours/days and also have the cookie to do the same.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.