Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1702 Views
- I also Faced
- E-Mail Answers
Answer / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Where is http session stored?
what is webservices. howit is use in our project .
List some of the important session state modes of asp.net.
Explain the difference between asp.net mvc and asp.net webforms? : asp.net mvc
what are the differences between windows services and web services?
What is asp net theme?
Why do we need Web Services?
How to use push notification?
What methods are fired during the page load? Init()
What is meant by asp.net?
How can I open ashx file in mobile?
Explain in what order a destructors is called.
-
Visual Basic (800) - C Sharp (3816)
- ASP.NET (3180)
- VB.NET (461)
- COM+ (79)
- ADO.NET (717)
- IIS (369)
- MTS (11)
- Crystal Reports (81)
- BizTalk (89)
- Dot Net (2435)
- Exchange Server (362)
- SharePoint (720)
- WCF (340)
- MS Office Microsoft (6963)
- LINQ Language-Integrated Query (317)
- WPF (371)
- TypeScript (144)
- Microsoft Related AllOther (311)
