Hi All, Thanks in advance. I am familiar in normal cookies like how to add the information into Cookie and how to retrive data from cookie, but user/client can change his/her information which is stored in cookie, to over come this problem I have encrypt cookie information, could any one please tell me how we can achieve this if possible with example code or related sites. Do we have any limitation on cookie data like 20K some thing?
you might want to look explore how sites like amazon one click work.. simplistically, instead of putting direct sensitive data in the cookie, put a hashed unique client key.. in the code, grab the hashed client key, then look up the client's real information from the db using the client key
<a href="http://www.J2EETraining.com" target="_blank" rel="nofollow">J2EE Training / Java EE Training ... Learn Java EE </a>
Joined: Jan 02, 2007
Thanks for your reply. Could you please tell me the site address where I can get some example code or some useful information? Can we store cookie value in encrypted format or not?
Joined: Mar 22, 2005
Several points in no particular order:
Ben's question is a good one: why store encrypted data on the client? If you're using cookies anyway, why not make them session cookies, and keep the secret data in a session on the server?
The cookie spec specifies what number and size of cookies clients SHOULD support, but that's not guaranteed.
Sure you can store encrypted data in cookies. The standard Java API for en-/decryption is called JCE. Note that encrypted data is binary in nature; in order to store it in cookies you'll need to encode it with something like base-64.