Cookies are a useful way to keep user-specific information available, but you must use them securely because they are stored on the user's computer, and are vulnerable to spoofing or other malicious use.
Follow these guidelines:
o Do not store any critical information in cookies. For example, do not store a user's password in a cookie, even temporarily.
o Do not keep anything in a cookie that, if spoofed, can compromise your application. Instead, keep a reference in the cookie to a location on the server where the information is.
o Set expiration dates on cookies to the shortest practical time you can. Avoid permanent cookies if possible.
o Consider encrypting information in cookies.