更改ASP.Net会话ID以确保安全 [英] Changing ASP.Net Session ID for security

查看:63
本文介绍了更改ASP.Net会话ID以确保安全的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,
我正在测试一个ASP.Net网站.它有一个登录页面,除了当前会话外,还有一个额外的cookie,它被创建并合并到当前会话中,如下所示.
Cookie:ASP.NET_SessionId = 3laha5reksqkgmbmbwdqlgy1ug; .ASPXAUTH = 5D3DE2317816858DB5B141E7665A7D038EE901FC138EFE0D7574D2868C4100907CA632D0716A4EAEE3593E094A53BAE7BC727D75003CAD02D4D1F2F2CE ; host.gov.in = rLgtm12IyBO;

现在此附加Cookie的值"host.gov.in"已被添加;在每次登录时更改为
Cookie:ASP.NET_SessionId = 05robcycvc0xew55l1to10rd; .ASPXAUTH = 072687F2D54CC2AC7775D59763902BCBEA2FDB9957F66AFBC14290901B03F7A53C5BCCB244E15120E131B3554621FB15AC4B18BE271EC018834E0AF187B254D96861BF9F2F56A245; host.gov.in = gpzRJOZOk0K


但是在页面的每个请求中,它都没有改变,这导致用户登录时产生嗅探攻击.

是否有可能这个额外的cookie值会随着来自Web服务器的页面的每个请求而改变?该网站能正常工作吗?请帮忙吗?

谢谢
问候
Anoop

Hello,
         I am testing a ASP.Net website. It has a login page, in which in addition to the current session, there is an extra cookie , which is created and incorporated in the current session similiar to like this below

Cookie: ASP.NET_SessionId=3laha5reksqkgmbwdqlgy1ug; .ASPXAUTH=5D3DE2317816858DB5B141E7665A7D038EE901FC138EFE0D7574D2868C4100907CA632D0716A4EAEE3593E094A53BAE7BC727D75003CAD02D4D1F2F2CEACA482B61B29F1169DE627; ;host.gov.in=rLgtm12IyBO;

now this value of additional cookie "host.gov.in" changes at each login as,

Cookie: ASP.NET_SessionId=05robcycvc0xew55l1to10rd; .ASPXAUTH=072687F2D54CC2AC7775D59763902BCBEA2FDB9957F66AFBC14290901B03F7A53C5BCCB244E15120E131B3554621FB15AC4B18BE271EC018834E0AF187B254D96861BF9F2F56A245 ; host.gov.in=gpzRJOZOk0K


but at each request of the page, it is not changing which results in sniffing attacks when the user is logged in.

Is it possible that this additional cookie value can change with each request of the page from web server? Will the website work? Please Help?

Thank you
Regards
Anoop

推荐答案

Thank you for your post!  I would suggest posting your question in one of the Home ›

ASP.NET论坛


这篇关于更改ASP.Net会话ID以确保安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆