Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1624 Views
- I also Faced
- E-Mail Answers
Answer Posted / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
What is the use of view state?
What is difference between cookies and cache?
How can you make sure that web api returns json data only?
What are session cookies?
How can we use Web API with ASP.NET Web Form?
Why do we need master page in asp.net?
Explain difference between friend and protected friend?
What is the use of global.asax file?
What is the difference between session and viewstate in asp.net?
What is the caspol.exe tool used for?
Explain the difference between an exe and a dll?
How can you dynamically add user controls to a page?
What is the significance of proxy user?
Explain the concept of View Model in MVC?
What types of data validation events are commonly seen in the client-side form validation?
