Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1570 Views
- I also Faced
- E-Mail Answers
Answer Posted / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
Explain some of the major built-in objects in asp.net
What is Pre-Render event in ASP.NET?
Why mvc is better than asp.net? : Asp.Net MVC
Explain about asp.net caching?
Mention the execution process for managed code?
Explain the namespace classes used in asp.net mvc? : asp.net mvc
Contrast oop and soa. What are tenets of each16. How does the xmlserializer work? What acl permissions does a process using it require?
Explain difference between friend and protected friend?
What are the asp.net server side objects?
Explain what is postback in asp. Net?
9. Why should we hire you over the others waiting to be interviewed?
How does viewstate work?
Give a few examples of page life cycle events.
Explain what benefit does your code receive if you decorate it with attributes demanding specific security permissions?
In asp.net, how can you validate drop down box?
