I have very specific problem.
I have web based application which set cookie after login. The same login details are used in desktop application which is connected to the web interface.
My idea was is it possible that when the user logins first in web app and it set cookie for him, then he downloads the application, install it on his PC and start it for first time somehow to get the user and password and auto fill the login fields in desktop application, so it won't be necessary to write them second time.
One of the ways is to save the login and password in a plaintext in cookie, which is very risky and then the desktop app gets this cookie from the browser (the app is written in c++).
I really don't have any clear idea at the moment how this could be done, but if there is a way I will be happy to red any of your suggestions.
The main issue I see is actually getting to the cookie. I can't see how you'd do that reliably with all the OSes / OS versions, browsers / browser versions out there. You could maybe include an encrypted resource file in the download containing the credentials. You can put that into the downloaded archive on the server side.
Is downloading without a login really not an option?
Edit: including a one-use token in the download, using which the client can fetch the username and password (via SSL, encrypted, somehow safe) looks like a good bet.