Last post Sep 27, 2018 02:49 PM by Mikesdotnetting
Sep 27, 2018 05:08 AM|KeyurN|LINK
I have asp.net mvc 5 application and I have used Identity framework. I have used below code for Auth on startup.
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(20),
How I can avoid to stolen this cookie. If someone got this cookie detail with ASP.NET_sessionId , someone can login easily. Can anyone help me to avoid this
Sep 27, 2018 09:06 AM|Mikesdotnetting|LINK
Make sure that your application runs under HTTPS. Protect against XSS and CSRF attacks, too.
Sep 27, 2018 09:54 AM|KeyurN|LINK
Yes I have that. I also have CSRF added and XSS. but how would I avoid session stolen
Sep 27, 2018 02:49 PM|Mikesdotnetting|LINK
The first step is in understanding how sessions can be hijacked: https://www.hackingloops.com/cookies/. Once you have read that, you will understand that you have already shut
the door on the 3 most common methods.