通过HTTPS在ASP.NET中安全会话Cookie [英] Secure session cookies in ASP.NET over HTTPS
问题描述
在阅读 this /后,我有点好奇。文章劫持HTTPS cookies。我跟踪了一下,一个很好的资源,我偶然发现列出了几种方法来保护cookie 此处。我必须使用adsutil,或者将在web.config的httpCookies部分中设置requireSSL,除了所有其他(在这里覆盖)?还有什么我应该考虑进一步加强会话吗?
I got a little curious after reading this /. article over hijacking HTTPS cookies. I tracked it down a bit, and a good resource I stumbled across lists a few ways to secure cookies here. Must I use adsutil, or will setting requireSSL in the httpCookies section of web.config cover session cookies in addition to all others (covered here)? Is there anything else I should be considering to harden sessions further?
推荐答案
https://www.isecpartners.com/media/12009/web-session-management.pdf
一份19页的使用Cookie为Web应用程序的安全会话管理白皮书
A 19 page white paper on "Secure Session Management with Cookies for Web Applications"
它们涉及许多安全问题我以前没有在一个地方看到过。这是值得一读的。
They cover lots of security issues that I haven't seen all in one spot before. It's worth a read.
这篇关于通过HTTPS在ASP.NET中安全会话Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!