Sign Up Login


  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

How Session outproc in Sqlserver stored?

0 Answers   CGI,

How you will handle session when deploying application in more than a server? Describe session handling in a webfarm, how does it work and what are the limits?

3 Answers   CoreObjects,

What is the difference between a page theme and a global theme?

0 Answers  

What is the recommended approach for asp.net mvc to globally intercept exceptions? What other functionality can be implemented with the approach? : Asp.Net MVC

0 Answers  

Given an ASP.NET Web Form called WebFrom1, what class does the WebForm1 class inherit from by default? a) System.Web.Form b) System.Web.GUI.Page c) System.Web.UI.Page d) System.Web.UI.Form

3 Answers   Syntax Softtech,

How can we create a website?

0 Answers  

What benefit does your code receive if you decorate it with attributes demanding specific Security permissions?

2 Answers  

Difference between mvc2 and mvc3 in asp.net?

4 Answers   Wipro,

What is the difference between web.config and machine.config in ASP.NET?

0 Answers   Amazon,

how can u create the blog in asp.net with C#?what is the data type u will use to store in sql server?

0 Answers   IBM,

Where you store Connection string in "Web.Config" file in ASP.NET?

0 Answers   Sans Pareil IT Services,

Any disadvantages in Dataset and in reflection ?

0 Answers   DELL, Digital GlobalSoft,

For more ASP.NET Interview Questions Click Here
Categories