写敏感的Cookie最好加密
保存:
string secretData = "secret";
DateTime dt = DateTime.Now;
FormsAuthenticationTicket newTicket =
new FormsAuthenticationTicket(1, "ticketName", dt,
dt.AddDays(7), true, secretData);
HttpCookie newUserCookie = new HttpCookie("theCookie");
newUserCookie.Value = FormsAuthentication.Encrypt(newTicket);
newUserCookie.Expires.AddDays(7);
Response.Cookies.Add(newUserCookie);
string secretData = "secret";
DateTime dt = DateTime.Now;
FormsAuthenticationTicket newTicket =
new FormsAuthenticationTicket(1, "ticketName", dt,
dt.AddDays(7), true, secretData);
HttpCookie newUserCookie = new HttpCookie("theCookie");
newUserCookie.Value = FormsAuthentication.Encrypt(newTicket);
newUserCookie.Expires.AddDays(7);
Response.Cookies.Add(newUserCookie);
用法:
HttpCookie userCookie = Request.Cookies["theCookie"]; string secretData = null; if(userCookie != null) { FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(userCookie.Value); secretData = ticket.UserData; }
浙公网安备 33010602011771号