Tarlak
Reputation: 55
Session, cookies and Security
I got a problem.
I have a web app,where I do the following:
1)Login
2)later extract the cookie
3)Logout
4)Insert manually the cookie
and when I visit some page again, I'm logged. How can I fix it? I want the cookie expiration.
thanks for your response.
Upvotes: 1
Views: 123
Answers (2)
Hans Kesting
Reputation: 39274
What is in that cookie? Just a "loggedin = yes" value?
In that case you could change that to "loggedinsession = {current session ID}".
On logout, delete the cookie (set the value to empty, without expiry) and also .Abandon() the session (so a new request gets a new session ID).
The logged-in check then changes from "does the cookie exist" to "is the value the same as the current session ID".
Upvotes: 1
Related Questions
- asp.net secure cookies
- Security Concerns regarding session cookies
- Session and Cookies asp.net
- Login in ASP.NET
- ASP.NET How to Use SESSION and Cookies together?
- Cookies and session state in asp.net
- Questions about cookies and sessions in ASP.net application
- Cookies and session in asp.net
- session,cookies in asp.net c#
- Security cookies ASP.NET