Forum Moderators: open
The original question was how to modify cookie data on the client.
As a reply, someone asked for a "valid" reason to tamper with the cookies, and there is (this is how I found this thread): I'm currently developing a Web application that needs to be rather secure since credit card information is stored with the users of the system.
Therefore, I *need* to try to hack that application before it goes into production because if I don't, somebody else will (and since I'm the developer, I'm in charge if that happens).
And in fact, it's quite simple to tamper with the cookies: with Mozilla 1.5, they are stored in a plaintext file named "cookies.txt" that can easily be changed. However, if your application stores any relevant information encrypted on the client (ASP.NET does by default), this probably won't help any hacker - and if somebody tries, you can find that out (unless he's lucky in the first attempt).
However, one solution to make this rather bullet-proof is asking for the login credentials again before any operations that have to do with the credit card (eBay does this extensively - which can be quite annoying, though).
I do agree that Ebay's way is some what annoying, but it is secure. Cookies as you see are really not that secure.
BTW welcome to WebmasterWorld!
