I am writing a login page for my site. I was thinking, would generating a random 64bit number and store it in the DB along with a httpOnly cookie be a good way to store the data? then every time a user receives a page (theres a toolbar which says how many new msg he has) to check if the random cookie matches the random cookie + userId in the database.
Is this fine?
BTW using C# ASP.NET