Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Using ASP.net MVC v2.0, Any way to change the name of the __RequestVerificationToken cookie? In an effort to conceal our underlying technology stack, I’d like to rename the cookie to something that can’t be traced back to ASP.Net MVC.
More info on this at Steve Sanderson’s blog.
Looking at the MVC 2 source code I dont think it’s possible to change the cookie name. The AntiForgeryData class starts:
and to get the cookie name it just calls:
in the HtmlHelper class. It takes the application path and converts it to base 64 and appends it onto the end of __RequestVerificationToken which is what you see when you view the source.
If you really need to change the name I’d recommend downloading the MVC 2 source code from codeplex and look at creating your own html helper and anti forgery token using the source code as a reference. But in doing this you could always introduce your own bugs…