Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
Answer / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
Is This Answer Correct ? | 0 Yes | 0 No |
What are the different types of proxy patterns?
What are the difference between ASP and ASP.Net?
Describe the difference between inline and code behind?
What is binding in web service ?
Can you nest updatepanel within each other?
What is application variable?
Hi! Could any 1 please suggest me a free practice online exam for asp.net exams.. thanks
can u debug application programatically? if yes how?
How do you create a master page?
Describe the diffeerence between inline and code behind?
Explain what does mvc represent in asp.net? : asp.net mvc
Where the cookie value is stored?