Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

wt is repeater control and wt is datalist control and wt defferences these two? i want some code in datalist?

1 Answers  

What are sql notifications and sql invalidations?

0 Answers  

How to display Alert in ASP.NET

0 Answers   HCL,

what is use of doctype tag in asp.net

1 Answers   TCS, Wipro,

Where is the session stored?

0 Answers  

If you are using components in your application, how can you handle exceptions raised in a component?

0 Answers   Accenture,

what is view state

5 Answers   Microsoft, Siebel Systems,

Do I need to have the latest version of windows media player installed?

0 Answers  

Why do I get error message "could not load type" whenever I browse to my asp.net web site?

0 Answers  

How to migrate from sqlserver 2005 to sql server 2000 (every one know reverse process of that )

2 Answers   Cap Gemini,

What is base class of .net?

0 Answers  

I have a component with 3 parameter and deployed to client side now i changed my dll method which takes 4 parameter.How can i deploy this without affecting the clent?s code ?

1 Answers   Microsoft, Satyam, Wipro,

For more ASP.NET Interview Questions Click Here
Categories