0

ASP.Net Stores a session in a cookie.

My concern: Can any other user of the same client computer, access that cookie and steal my session?

And why?

I think this question is valid for PHP, Java and all the Web Techonologies that use a session...

Joshua
  • 40,822
  • 8
  • 72
  • 132
Miguel Domingos
  • 345
  • 1
  • 3
  • 17

1 Answers1

1

If the session is active then yes. But if you logged out of the site and the site properly disposed of the session then I don't think so, even if they stole your cookie. As the server also tracks users when logged in, it knows which session's are active, so if you log out the server should kill your session. if someone then steals your cookie and tries to hit the site, the server should ask them to log in. if however you are logged in and someone takes your cookie then i believe they would get in. hackers do this sometimes with CRSF attacks.

Paritosh
  • 4,243
  • 7
  • 47
  • 80