On choosing ASPX authentication cookie name

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Randall Parker <NOtechieSPAMpundit_please@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 04 Dec 2005 11:50:48 -0800

Looking at the fields for configuring a web site's security and I'm using Forms authentication. Saw the part about assigning a cookie name. I assume this is the cookie that gets set when a person logs in.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetarchitecture.asp

ASPXAUTH

<forms name=".ASPXAUTH">

Can one use a different cookie name? Does ASP.Net anywhere expect that name? Or is it totally overrideable?

If one uses a different cookie name does that make the work of malicious hackers any harder? .

Follow-Ups:
- Re: On choosing ASPX authentication cookie name
  - From: Ken Cox - Microsoft MVP

Prev by Date: Re: Can't call external DLL
Next by Date: ASP.NET 2.0 Can't download EXE files
Previous by thread: Localhost vs machine name
Next by thread: Re: On choosing ASPX authentication cookie name
Index(es):
- Date
- Thread

Relevant Pages

Re: CSS, CSS & let me give you some more CSS
... > Basically the general agreement is that cookie stealing via embedded code is ... > the most dangerous use for CSS and the most common. ... Their inherent security is similar too uid/pw: ... > cookie based authentication (Prime example older versions of Yet another ...
(Vuln-Dev)
[REVS] Cross Site Cooking
... Get your security news from a reliable source. ... On sites where authentication data is tied on a server to a session ID, ... Let's begin with a quick primer on cookie parsing: ... For security purposes, the browser ...
(Securiteam)
Re: authentication cookie vs session cookie
... Improving security in ASP.NET form authentication is a hot issue. ... information on the security of cookie authentication and on combining forms authentication with role-based URL ... session variables as it relies on the session cookie that ASP.NET sends to ...
(microsoft.public.dotnet.framework.aspnet.security)
[UNIX] PHPNuke Admin Password Can Be Stolen
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerabilities in PHPNuke expose the administrative password. ... To successfully exploit this vulnerability you will need to rely on two ... The administrator login/password pair is stored in a cookie like this: ...
(Securiteam)
Re: A technique to mitigate cookie-stealing XSS attacks
... I'd like to thank the "Microsoft Internet Explorer Team" for ... I'd like to point out that this security feature does not help ... This new HTTPOnly security feature would simply stop cookie hijacking ... > During the Windows Security Push in Feb/Mar 2002, the Microsoft Internet ...
(Bugtraq)