Menu
I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or is it some debug thing?
494
I think you have run into some comments that have to do with Forms Authentication security. You can find more info here: http://visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspx
What it boils down to is that a clever hacker can discover the machine key used to encrypt the cookeis and create their own forged auth cookies.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
