none
Session Replay in ASP.Net RRS feed

  • Question

  • Hello,

    During Penetration testing of my ASP.Net web forms application, following issues has been reported:-.

    1. ASP Sessions can be replayed.

    I am using forms authentication with below mark-up

    <authentication mode="Forms">
          <forms name=".ASPXAUTH" loginUrl="~\Login.aspx" defaultUrl="~\Login.aspx" slidingExpiration="true" timeout="90" path="/" />
        </authentication>

    Can any-one pls help me how i can stop session replay (aspxauth session from some previous sessions has been reused). Thanks.


    • Edited by dkhandelwal03 Monday, September 18, 2017 12:04 PM
    • Moved by 宝宝徐 Wednesday, September 27, 2017 2:06 AM
    Monday, September 18, 2017 10:47 AM

All replies

  • Hi,

    Welcome to MSDN forum.

    This forum is to talk about .net framework, your problem is related to asp.net, please open a new thread in asp.net forum to get professional support.

    Best regards,

    Joyce


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, September 19, 2017 2:14 AM