Anytime you send something out to the client, there is a possibility of
compromise. While it is slim, you should consider it. In general, I create a
user object and use it to store reused variables. It can be placed in
session. I would not put the password, as you should not need it agani.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
************************************************** ********************
Think Outside the Box!
************************************************** ********************
"Jason" <an*******@discussions.microsoft.com> wrote in message
news:05****************************@phx.gbl...
I have a .net application with forms authentication. I
need to store the password entered at the login screen for
later use. I can either store it in a session object or in
the forms authentication ticket. I think the ticket is the
right place because the password is a property of the
user, and therefore part of the identity. I know it will
be encrypted before it is written to the cookie but is
this the right answer? How safe is the password?