Avoiding replay attacks
From: Todd Meynink (todd@ntf.com.au)
Date: 11/28/02
- Next message: Larry Hastings: "Re: WebControls error in an application running under an impersonate identity"
- Previous message: Alex Muntean: "Re: WebControls error in an application running under an impersonate identity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: todd@ntf.com.au (Todd Meynink) Date: 27 Nov 2002 17:01:44 -0800
Hi,
I'm trying to prevent my cookies being "hijacked" and used in a replay
attack.
I can do this by using SSL.
However, my site has both public and private pages. Once a user is
authenticated, if they view a public page over standard HTTP their
cookie can be stolen and re-used. How do I get ASP.NET to only send
cookies with the private pages?
One suggestion is to set the path attribute of the forms tag in the
web.config file to the directory containing the private pages.
Unforunately this doesn't work for me. Any ideas why?
Cheers,
Todd
- Next message: Larry Hastings: "Re: WebControls error in an application running under an impersonate identity"
- Previous message: Alex Muntean: "Re: WebControls error in an application running under an impersonate identity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
