I am using forms authentication in an ASP.NET application and I realised that I

Question

0

Asked: May 12, 20262026-05-12T07:19:51+00:00 2026-05-12T07:19:51+00:00

I am using forms authentication in an ASP.NET application and I realised that I

0

I am using forms authentication in an ASP.NET application and I realised that I can copy the authentication cookie content after I’ve already logged in, manually create the cookie in another instance of another browser and, after that, the application logs in automatically from the second browser.

I’d like to know if there’s a way to prevent this (I don’t know… something like making the authentication ticket somehow liked to the browser instance) as, as it is now, someone can steal the cookie and use it in a different computer to access the same account with no need of login or password.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T07:19:51+00:00

Editorial Team

2026-05-12T07:19:51+00:00Added an answer on May 12, 2026 at 7:19 am

There’s not a great deal you can do. Jeff Prosise has an interesting article here where he tries creating an HttpModule.

However you can see this isn’t that effective:

…User-Agent headers are the last
line of defense. And User-Agent
headers are easily spoofed by someone
aware that User-Agent headers are
being used to validate session IDs.

Personally I wouldn’t lose any sleep over it.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am using forms authentication in an ASP.NET application and I realised that I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply