Home/ Questions/Q 304981
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T07:19:51+00:00

I am using forms authentication in an ASP.NET application and I realised that I

  • 0

I am using forms authentication in an ASP.NET application and I realised that I can copy the authentication cookie content after I’ve already logged in, manually create the cookie in another instance of another browser and, after that, the application logs in automatically from the second browser.

I’d like to know if there’s a way to prevent this (I don’t know… something like making the authentication ticket somehow liked to the browser instance) as, as it is now, someone can steal the cookie and use it in a different computer to access the same account with no need of login or password.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There’s not a great deal you can do. Jeff Prosise has an interesting article here where he tries creating an HttpModule.

    However you can see this isn’t that effective:

    …User-Agent headers are the last
    line of defense. And User-Agent
    headers are easily spoofed by someone
    aware that User-Agent headers are
    being used to validate session IDs.

    Personally I wouldn’t lose any sleep over it.

    • 0