1

For cookie what kind of encoding should be performed (converting a byte array to text) ?

Base64 ?
UrlEncode ?
...
Xaqron
  • 29,931
  • 42
  • 140
  • 205
  • I mean if I'm going to convert a byte array to string, is base64 enough for cookies or UrlEncoding should be done too ? – Xaqron Nov 17 '10 at 22:16

3 Answers3

0

Base64-encoded strings are not valid for URLs or cookies. There are a number of variations on base64 encoding that avoid the forbidden characters. In .NET, you can use HttpServerUtility.UrlTokenEncode() and .UrlTokenDecode().

See https://stackoverflow.com/a/1789179/24315

Community
  • 1
  • 1
Neil
  • 7,227
  • 5
  • 42
  • 43
0

You don't need any encoding. To prevent user tampering, the simplest solution is to use sessions (which typically uses ASP.NET_SessionId behind the scenes), rather than making custom cookies.

EDIT: If you really need to store an arbitrary byte array, base 64 will work. But you should explain why you want to do this.

Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
  • I just need to transfer some data from one server to another (both on subdomains of the same domain). I need to be sure I'm not gonna use invalid characters in cookie text. – Xaqron Nov 17 '10 at 22:37
  • @Xaqron, transferring it via cookies could be dangerous, because the user can tamper with it. – Matthew Flaschen Nov 17 '10 at 22:41
  • @ Mathew: I encrypt it and tamper-proof it with hash. That's why I need to know is any encoding is needed or not. – Xaqron Nov 17 '10 at 22:51
  • Base 64 uses characters that are not safe for cookies or URL's. – Neil Jan 13 '15 at 22:07
  • 1
    @NeilWhitaker, thanks. You're right, the = sign could be a problem (it has meanings in both base64 and cookies). I've struck that line. – Matthew Flaschen Jan 14 '15 at 01:45
0

I personally will MD5 encode an ID and store just about everything in a DB or if i can change the db use a GUID instead of a incrementing ID

MarkKGreenway
  • 8,494
  • 5
  • 34
  • 53