cookie authentication security issue

Question

cookie authentication security issue

Yogeshkad opened this issue 4 years ago · comments

Yogesh Kadvekar commented 4 years ago

If i run the application which in this repository.

I created one user in the application

i login in application all works

i open different browser and open application url

and then in that browser if i copy past the old browser cookies
after that refresh
user getting access to application without login by just copying the cookies of other user

Brock Allen · Answer 1 · Wed Sep 02 2020 00:10:30 GMT+0800 (China Standard Time)

That's how cookies work.

dewelloper · Answer 2 · Wed Sep 02 2020 05:34:19 GMT+0800 (China Standard Time)

If you dont want to use cokie dont use it. Use local storage etc

Yogesh Kadvekar · Answer 3 · Wed Sep 02 2020 16:16:08 GMT+0800 (China Standard Time)

If you dont want to use cokie dont use it. Use local storage etc

ok do you any reference link or example for asp.net core web app

Dominick Baier · Answer 4 · Wed Sep 02 2020 17:58:46 GMT+0800 (China Standard Time)

If you dont want to use cokie dont use it. Use local storage etc

Which would result in the same behavior when copied to a different browser.

This discussion is not related to this library. closing.

github-actions · Answer 5 · Sat Feb 20 2021 08:37:46 GMT+0800 (China Standard Time)

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.