I wanna know from cookie,can anyone get the id and passwords out????Or it is totally different???and please tell me why is not it possible??If so....

Rok,
it depends as RR already said, first of all the cookie has to be the means used for that web applications to store the user name, password at least, second you have to have access to the cookie, that is the cookies file, or the cookie in memory, third that password needs to be either in a clear text,or in a formt that is easy to decrypt.

W.

please do give my answers..

Dude forget that servercrasher man,you are heating me because of him,I just want to ask cookie can giv id or password or it is totally different???I am not asking how to crack id and passwords from cookie??I want the difference between cookie and id-passwprds!!!that's it!!!

In most cases the cookies are used for preserving the session state. Therefore, it will not contain user id and password but just a session id unique to that session, unless there is a very poorly coded web app. Though, with the  cookie you can hijack a session and reset the password but I doubt you will be able to get the password.

Let's all step away from the keyboard for a minute. OK Rok, I am guessing you've some idea about what cookies are and that they can be used for authentication. Let's go back to basics.

A cookie is a name-value pair set by a web server when you visit a web site. Lots of web sites use this for tracking what a user does on the site. It works like this.

1) Web browser opens a web site and requests a web page
2) The page requested is returned to the browser, along with a message that it would like to set a cookie e.g. UserTracking=52485724
3) Each time the web browser sends to the web server from now on it will also send this cookie value back as well.

One very common use for cookies is authentication. Let's extend the last example.

1) A user logs into a web page with a username and password
2) The web server sends back a cookie with a unique string and remembers that this cookie value is for a user who has logged in.
3) Now when the web browser sends a request it also sends the cookie. The web server reads the cookie and checks to see if the cookie matches a logged in user.

The cookie value does not need to contain the username or password and in almost all cases it does not. Imagine going to a football game and using your credit card (username and password) to pay. You are given a ticket (a cookie) and you show this ticket to get into the game. You don't need to show your credit card to get in, the ticket is good enough.

The short answer is no, 99.9% of the time you can't take a cookie and get a username and password from it.

Jimbob