Answer Update on number of down votes casted for this post,
Properway of creating a cookie with user information as follows,
Cookie validation on page load of login page,
if (HttpContext.Current.User.Identity.IsAuthenticated)
Cookie creation during authenticated user Login,
FormsAuthentication.SetAuthCookie(txtUserName.Text.Trim(), true);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
txtUserName.Text.Trim(),
DateTime.Now,
(chkRemember.Checked) ? DateTime.Now.AddHours(6) : DateTime.Now.AddHours(2),// Specify timelimit as required
true,
string.Empty,
FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.Expires = (chkRemember.Checked) ? DateTime.Now.AddHours(6) : DateTime.Now.AddHours(2);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
Below is a Down voted answer - Reason adding an encrypted password in a cookie.
the other way of creating a cookie,
HttpCookie toolCookie = new HttpCookie("xyz");
toolCookie["UserName"] = userName;
toolCookie["Password"] = StringCipher.Encrypt(password, "#!");
toolCookie.Expires = DateTime.Now.AddMinutes(chkRemember.Checked ? 30 : -30);
Request.Cookies.Add(toolCookie);
Reference
Get the Existing cookie details
HttpCookie user = Request.Cookies["xyz"];
if(user != null)
{
string username = user["UserName"];
string password = user["Password"] != null ? StringCipher.Decrypt(user["Password"], "#!")
}
here Datasecurity is a static class.
Encrypt and Decrypt function Encrypt & Decrypt