Is storing just username in a cookie bad practice

Question

In the App we are passing UserName value to a Internal API.

Before making a Ajax call to API, I am calling a function named GetUserName() like below. This function basically stores username in a cookie. I don't want to always make Ajax calls to server to get the UserName.

Code:

function GetUserName()
{

//TODO

1. If UserName Cookie exist, return it.
2. If UserName Cookie doesn't exist, then make Ajax call to server to Get 
   UserName and set the Cookie.

}

As said here storing username and password in client side is bad practice.

But would like to know is it bad practice to store just username in a cookie for this scenario ? Or should I encrypt the UserName ?

Any help would be great.

Since username is (usually) a _**public**_ info, I don't see any reason against — hindmost, Feb 14 '19 at 09:10

score 0 · Answer 1 · answered Feb 15 '19 at 09:54

Well the user can (and will) edit the cookie and use another user's username eventually. If that GetUserName function is purely cosmetic go ahead, but if you use it for something session-related you are asking for trouble See OWASP section of session IDs and security on cookies if you plan to do that.

Is storing just username in a cookie bad practice

1 Answers1