ASP.NET cookie replay fix without storing auth-tok

2019-08-04 23:34发布

I have introduced an audit table to store user login data (including auth-token) upon sign in/sign out and reading user status on each request to eliminate the asp.net cookie replay security issue.

This causes an increase in time taken for each request causing performance issues.

What are some other ways used to mitigate cookie replay attacks in asp.net?

0条回答
登录 后发表回答