Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

Explain the procedure to handle the process request using mhpm events fired? : asp.net mvc

0 Answers  

Difference between asp and asp.net?

4 Answers   Accenture,

What is an il?

0 Answers  

What is a user developed application?

0 Answers  

What is cookieless session id explain in brief?

0 Answers  

In Crystal Report Refresh Button is not working. when I click on it it givesh error like "missing parameter values " I have used propery of Crystal Viewer like ReuseParameterValuesOnRefresh="True" but this also not working. Plz give me any solution.

1 Answers  

Is overloading possible in web services?

3 Answers   Microsoft,

Explain the difference between or and orelse?

0 Answers  

Why asp.net mvc is better than asp.net? : Asp.Net MVC

0 Answers  

What are the advantages of using Master Pages?

0 Answers   MCN Solutions,

How does session work in asp net?

0 Answers  

Describe the application event handlers in ASP.NET?

0 Answers   HCL,

For more ASP.NET Interview Questions Click Here
Categories