Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1651 Views
- I also Faced
- E-Mail Answers
Answer Posted / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
Why should i prefer JSP over asp.net or any other web development language..??
What is the difference between the response.write() and response.output.write() methods?
What is the extension of master page in asp.net?
What is the difference between “Web.config” and “Machine.Config”?
Is it possible to write code in many languages in one asp.net project?
To wrap up a call to a Web service the standard used is..?
What should you do is you want to remove an existing component but would like to make some funtionalities?
What is a SESSION and APPLICATION object?
Explain why datareader is useful?
What is difference between or and orelse?
Explain what is an assembly?
Explain parts of assembly?
How can we create a website?
Which is the parent class of the web server control?
What is master page in dtp?
