Securing Cookies

   

A Web application typically uses SessionID cookies to track information for specific Web browsers and user preferences. For example, if your application provides a shopping cart, the cookies track each user's selections. The cookie generally persists for the duration of the session. This means that every HTTP request with a matching cookie is assumed to originate from the same Web browser.

Each time the user's Web browser returns a SessionID cookie, there is some concern that intercepting a user's SessionID cookie can compromise a user’s information. If an ASP application contains private information (such as a credit card number), it's important to prevent access to the cookie information. You can prevent interception of SessionID cookies by encrypting the communication link between your Web server and the user's browser.

Note   In order to protect data on their workstation, some users might disable cookie support in their browser. If your application relies on cookies for information, this situation might cause your application to fail.

For More Information   For more information on securing cookies, search for "Securing an ASP Application" in MSDN Library Visual Studio 6.0. Also, Secured Communications and SSL, in this chapter, introduces Secured Socket Layers as a means to ensure secure communications between a Web server and clients.