Interested to Buy Any Domain ? << Click Here >> for more details...
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
- 1 Answers
- 1700 Views
- I also Faced
- E-Mail Answers
Answer Posted / surendra singh
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.
| Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
How to Separate background image and front image from original picture....
Explain the overview of asp.net?
How do u deploy your asp.net application?
What is the difference between c# and .net?
Why do we use web config?
Why asp.net mvc is better than asp.net? : Asp.Net MVC
How Session outproc in Sqlserver stored?
i want to implement grid view value in paypal site. so how to create this code in asp.net with C#
How ViewstateMac works?
What is the purpose of session management?
Explain About WebService
A Web Service Can Only Be Written In .net. Is it True??
Name the two properties are on every validation control?
Any one can tell how we store tiff format images in database and retrive from the database(need for tiff format only)
Explain the difference between globalization and localization techniques
