Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have the impression that ASP.NET Membership encrypts its cookie by default.
Is it relatively safe to assume that ASP.NET Membership protects against session hijacking (ala Firesheep)?
ASP.NET membership uses the exact same mechanism as any other site and is absolutely vulnerable to Firesheep attack. The cookie itself cannot be encrypted in a way that keeps it from being hijacked. All communication with the server must be encrypted to protect from session hijacking, using SSL or WEP wireless encryption.