Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
Answer / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
Is This Answer Correct ? | 0 Yes | 0 No |
What methods are fired during the page load?
What are web beacons used for?
Explain in what order a destructors is called.
Can you edit data in the Repeater control?
what is machine key error in asp.net? how to solve it?
Differentiate globalization and localization.
Explain the asp.net session state modes.
Which authentication uses a combination of windows and iis authentication?
What is the significance of finalize method in .net?
From the given paragraph of text, write a program to match the strings of format “Any number of numerals followed by an underscore followed by any number of alphabets" ex:123_abc (Note:using regular expressions)
Differentiate between Server.Transfer and Response.Redirect with functionality? Why we can choose one over the other?
What is the difference between page-level caching and fragment caching?