In a web application if a user check the Remember Me box I'm gonna create a cookie and save it in database and assign it to user (long-life cookie). On any page request (page_load) I check this cookie (if session is null) and ask DAL for user object.
If I use GUID it would be unique but the question is if a user can guess the pattern maybe he could cheat by sending a hand-made cookie.
What is the best practice (C# sample) for creating such a text to be random enough ?
views:
48answers:
1
+1
A:
You can use FormsAuthentication.SetAuthCookie method (even if you don't use Forms authentication). There's no point in reinventing the wheel ;-)
Jakub Konecki
2010-10-24 10:08:21
Then how to retrieve it and store it in database ?
Xaqron
2010-10-24 10:12:38
By calling FormsAuthentication.GetAuthCookie. Or better use ASP.NET session id (HttpContext.Current.Session.SessionID)
Jakub Konecki
2010-10-24 10:19:44