this is a 'remember me' login page . the html code is as below:
<div>
<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
</div>
<div>
<asp:TextBox ID="txtPwd" TextMode="Password" runat="server"></asp:TextBox>
</div>
<div>
<asp:CheckBox ID="cbRememberMe" runat="server" Text="Remember Me" />
<asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="btnLogin_Click" />
<br />
<asp:Label ID="lblMsg" runat="server" ForeColor="Red" Text=""></asp:Label>
</div>
as the title says , i enable the 'RememberMe' when i login the system in the login page, and add the login information into the cookies.
HttpCookie cookie = new HttpCookie("USER_COOKIE");
if (this.cbRememberMe.Checked) {
cookie.Values.Add("Name", txtUserName.Text);
cookie.Values.Add("Pwd", txtPwd.Text);
cookie.Expires = System.DateTime.Now.AddDays(7.0);
HttpContext.Current.Response.Cookies.Add(cookie);
}
and then i bind the login information to the username textbox and the password textbox in the page_load event.
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
HttpCookie cookies = Request.Cookies["USER_COOKIE"];
if (cookies != null && cookies.HasKeys) {
txtUserName.Text = cookies["Name"];
txtPwd.Attributes.Add("value", cookies["Pwd"]);
this.cbRememberMe.Checked = true;
}
}
}
when I open the login page next time , then the values of the login name and password are both bind to the textbox controls .
Now the issue is :
when I open the login page next time , click the 'view source ' in the page with mouse right key ,
the password value shows in the textbox :
<div>
input name="txtPwd" type="password" id="txtPwd" value="124212" />
</div>
'124212' is the login password with test .
as you know , this is not safe in web system .
i try to init the textbox value with a temporary value in the page_load ,as the code :
if (cookies != null && cookies.HasKeys) {
txtUserName.Text = cookies["Name"];
txtPwd.Attributes.Add("value", "1234567890");
this.cbRememberMe.Checked = true;
}
then i continue to user the cookie object in other pages.
does anybody know the better method to deal with this ? thanks!