Tampering, Stealing cookies protection in ASP.NET 2.0

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I need to know how to protect cookies from tampering or stealing.

I want to ensure the cookie is binded to a particular client only. Only the
requested client should have access to the cookie.

if the cookies is stolen & used on another machine for the same website, it
should not allow the cookie to be read

Any thoughts are welcome.
 
Use SSL to prevent stealing.

Encrypt the data in the cookie to prevent viewing.

MAC protect to prevent tampering.

Put an expiration date in the data in the cookie and check for expiration
in your code to ensure valid timeout.

-Brock
http://staff.develop.com/ballen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RequireSSL set to true, some cookies not marked as secure 0
Asp.net 2.0 - Cookies 2
Multiple cookies created 3
create and retrieve cookie? 4
Me.Context.Request.Cookies value doesn't match what's in cookies file 1
Cookie not found after redirect from asp to asp.net 2.0 2
Events in ASP.Net Page request 4
Reading cookies in both ASP and ASP.NET pages 3

Back
Top