N
Nils Magnus Englund
Hi!
I'm just curious about the use of cookies in forms authentication. The
username and roles are stored in the encrypted cookie, but if a user manages
to crack this cookie - will he be able to modify his own username and roles?
Why doesn't ASP.NET simply use an ordinary session, with nothing but a
session id to send to the client?
Sincerely,
Nils Magnus Englund
I'm just curious about the use of cookies in forms authentication. The
username and roles are stored in the encrypted cookie, but if a user manages
to crack this cookie - will he be able to modify his own username and roles?
Why doesn't ASP.NET simply use an ordinary session, with nothing but a
session id to send to the client?
Sincerely,
Nils Magnus Englund