Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m looking to put SSL into place to prevent cookie replay attacks on our site.
The site is using .NET forms authentication. Do I just need to enable SSL for the login page or would it be every page behind the forms authentication that needs to be secure?
THanks
You would need to enable SSL for every page where the browser is instructed to send the authentication ticket cookie. By default, that would mean every page on your website, although when writing the cookie to the browser you can instruct it to only send it over HTTPS or to limit it to certain paths.
But in general it would mean SSL protecting every page on your site, not just your sign in page.