Looking at the fields for configuring a web site's security and I'm using Fo
rms
authentication. Saw the part about assigning a cookie name. I assume this is
the
cookie that gets set when a person logs in.
http://msdn.microsoft.com/library/d...rchitecture.asp
ASPXAUTH
<forms name=".ASPXAUTH">
Can one use a different cookie name? Does ASP.Net anywhere expect that name?
Or is it
totally overrideable?
If one uses a different cookie name does that make the work of malicious hac
kers any
harder?Hi Randall,
Yes, you can override the cookie name in the web.config file as shown here:
http://msdn2.microsoft.com/en-us/library/532aee0e.aspx
In most cases, ASP.NET issues the cookie as an "in-memory" cookie which
means it doesn't show up as a file.
Ken
"Randall Parker" < NOtechieSPAMpundit_please@.future_avoidju
nk_pundit.com>
wrote in message news:%23FcpGwQ%23FHA.2628@.TK2MSFTNGP11.phx.gbl...
> Looking at the fields for configuring a web site's security and I'm using
> Forms authentication. Saw the part about assigning a cookie name. I assume
> this is the cookie that gets set when a person logs in.
> http://msdn.microsoft.com/library/d...rchitecture.asp
> ASPXAUTH
> <forms name=".ASPXAUTH">
> Can one use a different cookie name? Does ASP.Net anywhere expect that
> name? Or is it totally overrideable?
> If one uses a different cookie name does that make the work of malicious
> hackers any harder?
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment