Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

In C#.net application is run on linux michine

4 Answers  

What is Difference between Production Serves and Development Servers? And Suppose, m adding/deleting C# file in a project based on the Specific Requirement. These Files are Automatically updated in Production Servers? So Which tool is needed to do This One?

0 Answers  

If(dropdownlist1.selectedIndexChanged==true) { //code } else { //code } I am getting error in If condition, so can u pls give me a solution.

4 Answers  

How do you validate the controls in an ASP .NET page?

3 Answers  

In a Code-Behind class generally which type of code is found ?

3 Answers   Siebel,

Differentiate between structure and class.

0 Answers  

Explain difference between dataset and recordset?

0 Answers  

what is difference between User Control,Custom Contro1,Web server control and template controls

1 Answers  

What is a PostBack ?

1 Answers  

What is the lifespan for items stored in ViewState?

2 Answers   ISST,

code for "For every 5days system has to create 1text file with the corresponding date and it has to store in c-drive" by using web applications

0 Answers  

What is difference between masterpage and user control, what is the objective of master page when we had user control in .NET 1.1 version

3 Answers   DELL, Soham,

For more ASP.NET Interview Questions Click Here
Categories