Is there any problem with security if I store userid ,username and other such kind information in cookie_问答_开发者

Is there any problem with security if I store userid ,username and other such kind information in cookie

开发者 https://www.devze.com 2023-01-18 14:30 出处：网络

Is there any problem with security if 开发者_开发技巧I store userid,profileId,username and other such kindinformation in cookie.Yes there will be an enormous security problem doing this. If you don\'t

Is there any problem with security if 开发者_开发技巧I store userid,profileId,username and other such kind information in cookie.

Yes there will be an enormous security problem doing this. If you don't encrypt the cookie anyone could replace the username you've stored with say for example Administrator (usually id=1) and send a request to the web server.

This information need very often,and instead of do Sql query every time I can one time get this information from Sql,store it in cookie(when user login) and then get it from cookie.I think it will be more efficient.

Yes, you can do that BUT ONLY IF IT IS NOT CRITICAL THAT THIS DATA BE CORRECT.

The user can edit his own cookie.

If he wants to change his display name to something else, or get a different background picture, probably no problem.

If he can impersonate other users, big problem.

So, to be on the safe side, better not go down this road.

If you need performance improvements, consider server-side caching solutions instead.