IT:AD:Cookies
Summary
`
Notes
Never use the cookie to round trip:
- the int/guid id to a database record.
- Role names or identifiers
- identity characteristics
- preferences
Make the contents of a cookie small. Very small. An int or a guid is ok.
note: a cookie that is expired is not sent back to the server.