can some hacker steal the cookie from a user and login with that name on the web site ?

Posted by Aristos on Stack Overflow See other posts from Stack Overflow or by Aristos
Published on 2010-03-23T09:09:54Z Indexed on 2010/03/24 1:13 UTC
Read the original article Hit count: 391

Filed under:

ASP.NET

|

hacking

|

security

|

cookies

|

forms-authentication

Reading this question

different users get the same cookie value in aspxanonymous

and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator.

Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ?

Or do you know any other automatic defense mechanism ?

Thank you in advanced.

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about hacking

should i bother to block these- rather lame attempt at hacking my server

as seen on Server Fault - Search for 'Server Fault'
I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75… >>> More
The newbie's guide to hacking the Linux kernel

as seen on Internet.com - Search for 'Internet.com'
<b>TuxRadar: </b>"We asked prolific kernel hacker (and Linux Format reader!) Greg Kroah-Hartman to tell us what it takes for newbies to patch the Linux kernel - here's what he had to say." >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
community of linux hackers

as seen on Super User - Search for 'Super User'
Do you know of any community of linux hackers. People who are into hacking from network to workstations. Linux hacking windows pc's and other platforms. Please do only tell sites wherein beginners could join. But if you know of any site that gives a jump start for beginners into hacking. Also tell. >>> More