Tampering, Stealing cookies protection in ASP.NET 2.0

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I need to know how to protect cookies from tampering or stealing.

I want to ensure the cookie is binded to a particular client only. Only the
requested client should have access to the cookie.

if the cookies is stolen & used on another machine for the same website, it
should not allow the cookie to be read

Any thoughts are welcome.
 
Use SSL to prevent stealing.

Encrypt the data in the cookie to prevent viewing.

MAC protect to prevent tampering.

Put an expiration date in the data in the cookie and check for expiration
in your code to ensure valid timeout.

-Brock
http://staff.develop.com/ballen
 
Back
Top