Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?

Question Posted / surendra singh


Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for ..

Answer / surendra singh

No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More ASP.NET Interview Questions

How to retrieve the information from datatable citywise in c#?

2 Answers   HCL,

What is the difference between visual basic and asp.net?

0 Answers  

Explain how do you deploy your asp.net application?

0 Answers  

How does a content page differ from a master page?

0 Answers  

If 200 is for all successful operation then why do we have 201 response codes?

0 Answers  

How can you send an email message from an asp.net web page?

0 Answers  

Your manager has asked you to describe what you would use application variables for. What statement best describes the use of application variables? a) Application Variables are used to keep state for each connected user. b) Application Variables are used to keep state for the web site c) Application Variables are used to keep state for the application on the server d) Application Variables are used to keep state for all applications objects in the web site.

1 Answers   Syntax Softtech,

In ViewState How much lifespan items stored?

0 Answers   Siebel,

Difference between asp and asp.net ?

4 Answers   Accenture, BirlaSoft, TCS,

How we can bind textbox,listbox and datagrid to sql server database in asp.net using visualstudio.net language (vb.net)?

2 Answers   rocsearch,

What's the use of response.output.write()?

0 Answers  

What is a PostBack? What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState? Why is it either useful or evil?

3 Answers   TCS,

For more ASP.NET Interview Questions Click Here
Categories