Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

What is difference between viewstate and session state in javascript?

0 Answers  

what is the dllhell? why we use the dllhell?

4 Answers  

what is the difference between assemblyinfo and webconfig files?

1 Answers  

Does the following statement executes successfully: Response.Write(?value of i = ? + i);

4 Answers   TCS,

I am using ASP.Net 2.0. I added the following code in button_Click page. but 'PreviousPage' is not taking as a keyword. It throughs an error. Page Poster = this.PreviousPage; TextBox txtNewTest = (TextBox)Poster.FindControl("txtTest"); sDisplay = txtNewTest.Text; Response.Write(sDisplay); The following is the Error Message: 'controls_LoginMain' does not contain a definition for 'PreviousPage'

2 Answers  

Which method is used to enforce garbage collection in .net?

0 Answers  

When is an object collected by the Garbage Collector? [Four options were given]

1 Answers   ABC,

what cut off mark for po's,what questions they asked for interview?

0 Answers  

What are the security types in asp.net?

0 Answers  

Explain how can you debug your .net application?

0 Answers  

Which template must you provide, in order to display data in a Repeater control?

3 Answers  

What does the "EnableViewState" property do? Why would I want it on or off?

4 Answers  

For more ASP.NET Interview Questions Click Here
Categories