Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is ASP.NET Membership protected from Firesheep?

Tags:

asp.net

membership

I have the impression that ASP.NET Membership encrypts its cookie by default.

Is it relatively safe to assume that ASP.NET Membership protects against session hijacking (ala Firesheep)?

like image 557
Dave Clausen Avatar asked Jan 24 '26 06:01

Dave Clausen

2 Answers

ASP.NET membership uses the exact same mechanism as any other site and is absolutely vulnerable to Firesheep attack. The cookie itself cannot be encrypted in a way that keeps it from being hijacked. All communication with the server must be encrypted to protect from session hijacking, using SSL or WEP wireless encryption.

like image 108
Dave Swersky Avatar answered Jan 27 '26 01:01

Dave Swersky

The cookie is encrypted, but that doesn't stop someone who obtains the cookie itself from acting as you.

like image 36
Anders Fjeldstad Avatar answered Jan 27 '26 01:01

Anders Fjeldstad
Sign in to Comment

Related questions

How to change the SelectMethod of ObjectDataSource programatically?
Equation to change every other two rows
Repeater Loses it's data on PostBacks
How can I set the width of the Edit Button col in a GridView?
Content control not accessbile from content page?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!