Reputation: 597
is it possible to edit the cookie value
I am using a cookie based authentication technique for web service authentication. I setting a cookie value using the encryption technique in client's machine. And that cookie value i am using in the web service method for authentication purpose. My doubt is, Is it possible to edit the cookie value by any of the third party extension tools in any browsers ?
Upvotes: 1
Views: 270
Answers (1)
Reputation: 770
Yes, this is indeed easy. One example is the "Edit Cookies" plugin for the Firefox browser (https://addons.mozilla.org/de/firefox/addon/edit-cookies/).
In your scenario you are worried about plugins, hence none of the cross-site-scripting or cross-site-cooking protection mechanisms will work. These protection mechansims are only meant for web content (e.g. AJAX calls). But because plugin/extensions have more access to the client's environment they can easily interact with the cookie store.
Upvotes: 2
Related Questions
- how to remove/update a cookie in cookie container c#?
- How to tamper cookie
- Change a cookie value of a cookie that already exists
- Read a Cookie in a web service
- How can I change a cookie value from a WebMethod?
- Modifying a Cookie's Value in a HttpHandler
- Is there any way to access cookie values from a WCF Web Service method?
- Add values to existing cookie in ASP.NET
- Passing existing cookie to Web service
- Editing local cookie values