ASP.Net MVC Cookies Best Practices -
I'm looking for some guidance regarding cookies in ASP.NET MVC (or simply cookie handling in general). . I am storing authorization information about users who are authenticated via a form login in a cookie. This is working very well, but now I need to store a bit more information in the cookie. This additional information is not really "authentication related", so I am not hesitant to store it in the certification ticket. Is there any better practice to keep additional information? Is it possible to set more than one cookie (and if so, a good / bad behavior)? Other things should I consider here?
Here is the current code that I am using to set up an authentication ticket and wrap it in a cookie:
GetAuthCookie (AuthToken authToken) for private HTTP { Var authTokenXml = Serialization Service Serialize (authToken); Var authCookieString = FormattingTranslation (New FormAuthenticationTicket (0, Key.UpdateToken, DateTime.Now, DateTime.Now Additional minutes (AppsSettingSessionTimeoutMinets), True, authTokenXml)); Var Cookies = New HTTP Cookie (FormsAuthentication.Formukis, Ethquecrusting) {Expired = Datetime. Now.AddDays (AppSettings.AuthCookieExpireDays)}; Return Cookie; } Rule of thumb: Store only the minimum (usually this user ID in the cookie).
If you know that there are too many questions with your datastore, then you can use the session or cache the results of your questions.
Comments
Post a Comment