Is there any problem with security if I store userid,profileId,username and other such kind information in cookie.
views:
41answers:
2Yes there will be an enormous security problem doing this. If you don't encrypt the cookie anyone could replace the username you've stored with say for example Administrator (usually id=1) and send a request to the web server.
This information need very often,and instead of do Sql query every time I can one time get this information from Sql,store it in cookie(when user login) and then get it from cookie.I think it will be more efficient.
Yes, you can do that BUT ONLY IF IT IS NOT CRITICAL THAT THIS DATA BE CORRECT.
The user can edit his own cookie.
If he wants to change his display name to something else, or get a different background picture, probably no problem.
If he can impersonate other users, big problem.
So, to be on the safe side, better not go down this road.
If you need performance improvements, consider server-side caching solutions instead.