ASP.NET cookie replay fix without storing auth-tok

2019-08-05 00:22发布

问题:

I have introduced an audit table to store user login data (including auth-token) upon sign in/sign out and reading user status on each request to eliminate the asp.net cookie replay security issue.

This causes an increase in time taken for each request causing performance issues.

What are some other ways used to mitigate cookie replay attacks in asp.net?