Re: Forms Authentication and requireSSL, what's the recommended best practice

From: mikemad (maddoxm_at_comcast.net)
Date: 01/27/05 

Date: 26 Jan 2005 19:45:45 -0800

Anyone have any ideas? Since the Auth cookie is only passed when I'm
under SSL, what about the Session cookie. If I set a value in SESSION
to signify that I logged in, wouldn't that work? Am Imissing something??

Relevant Pages

  • RE: Pen testing SSL VPN appliances?
    ... most of these at their core are web applications that do SSL port ... forwarding...So any standard web application security auditing tools and ... techniques are relevant...Commercial tools like SpiDynamics Web Inspect, ... a session cookie only, or persistent? ...
    (Pen-Test)
  • Re: Is PHP session safe?
    ... the client and the server can intercept the data and use it for whatever ... packet will follow, the most likely places to intercept the packets is ... But then that's why SSL was invented. ... I could also guess a 8K-bit session cookie ...
    (comp.lang.php)
  • Advice on when to use SSL? esp. Session ID security
    ... I'm just trying to assess when/how much to use SSL encryption on an ASP.NET ... they could possibly forge a session cookie after the ... user logs on and returns to a standard HTTP connection. ... HTTPS for the login page ... ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Session Cookie over SSL
    ... Vikas wrote: ... Is there any way to send the session cookie ASP.Net_SessionId Over SSL. ... under SSL is a completely separate web site from the non-SSL of the same domain. ...
    (microsoft.public.dotnet.framework.aspnet)