I wonder why asp.net mvc 5 Identity user uses string(GUID) as key not an int by default?
Are there any reason to do this? I know that it is possible to change the key to int, but is this change good practice at all?
May be this ids are kept somewhere in the cookie, or are used in OAUTH, and it is not recommended to do this?
Two things that come on top of my head are that int has a limitation where as GUID doesn't and that if I know my ID is 76, I can know the ids of at least 75 more users. This, more often doesn't prove to be problematic, but I can imagine cases where it could. Users Ids are not used (at least not directly) in cookies - user sessions are used and then bound to current users by their Id. So I guess the answer is a combination between 90% more secure and 10% unlimited user ids.