|
-
Jan 15th, 2008, 10:35 AM
#1
Thread Starter
Frenzied Member
username and password
Hello I stored my username and password in session and cookie, but once users log out, I initiated them to be "gone." or blank.
My question is, is this secure to do that? also, I have a link that acts like this : http://localhost?username=(whatever the username in the cookie)&password=(whatever in the cookie for pwd)
I would like to get a short version instead of long link like that, plus I would like to hide that username and password information too. Can anyone help or provide insights please?
-
Jan 15th, 2008, 11:54 AM
#2
Thread Starter
Frenzied Member
Re: username and password
Can someone help? at least I can hide the password? but dont know how
-
Jan 15th, 2008, 12:12 PM
#3
Re: username and password
What is the purpose of this? Why do you need the username and password in the querystring? You shouldn't actually be storing this information in the querystring or even cookie for that matter. User enters their details, you authenticate and give them a 'token'. Maybe a cookie, maybe a session variable... depends though, why do you need to put it in the URL?
-
Jan 15th, 2008, 02:38 PM
#4
Thread Starter
Frenzied Member
Re: username and password
because I want to pass those credentials to my another page that is on another server. My another server won't recognize the cookies/sessions from my another server.
-
Jan 15th, 2008, 02:41 PM
#5
Thread Starter
Frenzied Member
Re: username and password
by all means can I assign those username and password to be "tokens" then still able to pass those credentials to my other server?
-
Jan 16th, 2008, 05:33 AM
#6
Re: username and password
There are other ways to do this. For example, user logs in to Site1, you generate a unique ID for that session. You can make it a GUID. Store that in the DB1 for Site1 and DB2 for Site2. When you send the user to the other site, pass the GUID and get Site2 to look in DB2 for that GUID and then get the info. Make the GUID 'expire' after a while.
Another way is to do a POST to Site2's login page, so that you're at least passing the information via POST rather than GET and letting that website deal with the info passed.
-
Jan 16th, 2008, 12:13 PM
#7
Thread Starter
Frenzied Member
Re: username and password
Mendhak, I was thinking that too, but can ASP.net use POST without form? because when I added form runat, I got an error that I cannot have 2 forms at the same time, which I could not find where else I have the form.
-
Jan 17th, 2008, 06:03 AM
#8
Re: username and password
You cannot post without a form. You can set the form's action to be your target page if you want.
<form id="Form1" runat="server" method="POST" action="http://something.co..."...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
