Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1641 Views
- I also Faced
- E-Mail Answers
Answer Posted / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
They mostly asked difference between versions of technologies
Explain about ASP.NET?
What is directive in asp net?
Differentiate between Server.Transfer and Response.Redirect with functionality? Why we can choose one over the other?
How does asp.net work?
What is Forms Authentication in ASP.NET?
Why session management is required?
Explain how do you validate the controls in an asp .net page?
How do you change the session time-out value?
What is the difference between cache and cookies?
What is server components?
What is the request flow used for asp.net mvc framework? : asp.net mvc
Explain what is viewstate?
What is the maximum number of classes that can be contained in one dll file?
How u refer webservices?
