I'm creating a bunch of cookies for a new website including username and password - both encrypted.
Normally I name these cookies with obscure names like '678768_cookie' but I just wondering if there really is any point to this.
Any one have any thoughts or naming conventions and the usage of obscure names?
Normally I name these cookies with obscure names like '678768_cookie' but I just wondering if there really is any point to this.
If someone is after the cookies from your site, he's likely to steal all the cookies found in the browser cookies file etc... Whatever the name is. So there is no point in using complex names, and the use of meaningful names is recommended (see this also).
I'm creating a bunch of cookies for a new website including username and password - both encrypted.
It is a good idea to encrypt the username and password, as it hides some possibly important information, but - even encrypted - if someone would be able to steal the raw cookies from your computer browser, they would work the same on her computer.
Short and meaningful. If you're cookies are encrypted it really doesn't matter if users can see the names, so you might as well make it easy to deal with for yourself and other developers working with your code.
I don't like using username and password in cookies (even encrypted), but since that is not the question we can skip that part.
Cookies should have useful/meaningful names and be identified: website_cookiename
For example: backOffice_sessionDetails