This content has been marked as final. Show 4 replies
You probably want to use local shared objects (which are similar to cookies, but for the Flash Player). There is more info here:
Be aware, though, that it's never recommended to store an actual password in an LSO or a cookie. Instead, use a session ID or something similar that can be used to lookup a user.
actually you should encrypt the whole cookie/shared obj / with username and password in it etc ... and then its ok to store it on client side and actually is better than session ID way. unencrypted session ID can still be hijacked.
Thanks for the quick reply!
encrypt sound good, how can I do that?
Any links or samples to check this functionality?
one way is : you can use for example "Blowfish/ECB/PKCS5Padding" algorythm create some randome String as the key to it , that only your server knows, and then you can safely ecrypt --> store --. retreive --> decrypt all on server side, and autologin user as well
even if someone stopes that entry from client machine they will not be able to decrypt it without the key string.