locked
Cookie RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-189004138 posted

    I have asp.net mvc 5 application and I have used Identity framework. I have used below code for Auth on startup.

    app.UseCookieAuthentication(new CookieAuthenticationOptions()
    {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    ExpireTimeSpan = TimeSpan.FromMinutes(20),
    CookieHttpOnly=true
    });

    How I can avoid to stolen this cookie. If someone got this cookie detail with ASP.NET_sessionId , someone can login easily. Can anyone help me to avoid this

    Thanks

    Thursday, September 27, 2018 5:08 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-821857111 posted

    Make sure that your application runs under HTTPS. Protect against XSS and CSRF attacks, too.

    Thursday, September 27, 2018 9:06 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-189004138 posted

    Yes I have that. I also have CSRF added and XSS. but how would I avoid session stolen

    Thursday, September 27, 2018 9:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-821857111 posted

    The first step is in understanding how sessions can be hijacked: https://www.hackingloops.com/cookies/. Once you have read that, you will understand that you have already shut the door on the 3 most common methods. 

    Thursday, September 27, 2018 2:49 PM