ASP.NET webform cookie security

If client use cookie auto login for 30 days.hacker could login and change user information when get the client cookies. How to prevent this?

sorry for my bad english! tks in advanc开发者_开发百科e!

You should make sure cookies are only ever transmitted over an SSL connection. This is pretty much the only way to prevent cookie hijacking.

Other ways to help prevent (but none will work 100% effectively) is to make sure you use unique identifiers in your cookie that expire. IE, after every login, change their user ID which is stored into their cookie. This means if someone hijacks a cookie, or hijacks old cookies there is a good chance they should have expired.

by not storing any login information on the client pc. At least not automatically. If the user does so, it is up to her. But you should not encourage her to do such unsafe things.

Go here and start reading: The Definitive Guide To Website Authentication