Public ASPXAUTH cookie and security

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Bara on Stack Overflow See other posts from Stack Overflow or by Bara
Published on 2010-03-18T20:23:42Z Indexed on 2010/03/18 20:41 UTC
Read the original article Hit count: 344

Filed under:
|
|
|

Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx

I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this?

I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it?

Bara

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ASP.NET

Related posts about .aspxauth

  • Public ASPXAUTH cookie and security

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH… >>> More

  • F5 Load Balancer- ASPXAuth Cookie

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Can somebody explain what ASPXAuth cookie does? My website uses forms auth and I am trying to create a load balancer (hardware) rule which will keep track of sessions based on the aspxauth cookie. Is it safe assume that the value of the cookie is unique? Thanks. >>> More

  • Where is .ASPXAUTH cookie

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Hi In javascript alert(document.cookie); does not show the .ASPXAUTH Cookie although a sniffer is showing it, I need it because I have an AJAX Request to the server, the request should not take place when the user is already logged in, if I cannot check .ASPXAUTH for security reason, what I should… >>> More

  • vb.net .aspxauth

    as seen on Stack Overflow - Search for 'Stack Overflow'
    I am working with a large site trying to implement web parts for particular users in a particular subdirectory but I can't get the .ASPXAUTH cookie to be recognized. I've read dozens of tutorials and MS class library pages that tell me how it should work to no avail. I am brand new to Web parts, so… >>> More

  • ASPXAUTH cookie is not being saved.

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Hi, Im working on a web project in ASP .NET MVC 2. In this project we store some info inside an ecripted cookie (the ASPXAUTH cookie) to avoid the need to query the db for every request. The thing is the code for this part has suddenly stopped working. I reviewed the changes made to the code on… >>> More

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle