SecureCookieHttpModule

  •        0

Secure your session cookie (and other session-based) cookies for replay attacks using this easy to use ASP.NET HttpModule.

http://securecookiehttpmodu.codeplex.com/

Tags
Implementation
License
Platform

   




Related Projects

Sholo.Web.Security


Sholo.Web.Security contains several tools to improve the security of ASP.NET applications. Make FormsAuthentication stateful, strengthen FormsAuthTicket validation, detect & prevent Padding Oracle exploit, kick/ban users & IP's, detect multiple logins from different IP's, etc.

Apache Shiro - Java Security Framework


Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any JVM-based application – from the smallest mobile applications to the largest web and enterprise applications.

Form State Keeper


Form State Keeper is a HttpModule that will keep the state of a web form, even if the the forms authentication times out and the user has to login again after clicking the submit button. Works with WebForms, Ajax and ASP.NET MVC.

mod_auth_cache


quot;mod_auth_cachequot; is an authentication caching module for Apache webservers, which uses session cookies to transparently cache a users authentication, which was initially done by a different module. Another aim is to allow single-signon in a domain.

SessionManager


An Apache / mod perl Session manager that will transparently supply a session ID from the client request. Creating one if neccessary useing cookies or munged URI's if cookies are off. It does not store session info - Use the excellent Apache::Session

session-domain-hell - Trying to get rails to do some nonstandard things with session cookies


Trying to get rails to do some nonstandard things with session cookies

dancer2-session-cookie - Dancer2 session storage in secure cookies


Dancer2 session storage in secure cookies

redis-session - A session using Redis without using cookies


A session using Redis without using cookies

Dancer-Session-Cookie - Dancer session engine based on encrypted cookies


Dancer session engine based on encrypted cookies

django-session-csrf - CSRF protection for Django without cookies.


django-session-csrf is an alternative implementation of Django's CSRF protection that does not use cookies. Instead, it maintains the CSRF token on the server using Django's session backend. The csrf token must still be included in all POST requests (either with csrfmiddlewaretoken in the form or with the X-CSRFTOKEN header).Make sure that's in something like your root urls.py so the patch gets applied before your views are imported.

ios-sdk - The new (for 2014) Spotify iOS SDK.


The library's headers are extensively documented, and it comes with an Xcodedocumentation set which can be indexed by Xcode itself and applications likeDash. This, along with the included demo projects, should give you everythingyou need to get going. The classes that'll get you started are:* `SPTAuth` contains methods of authenticating users. See the "Basic Auth" demo project for a working example of this. Be sure to to read the "Authentication and Scopes" and "Session Lifetime" sections belo

php-redis-session-abstract - A Redis-backed PHP session handler with optimistic locking


If any compression lib fails to compress the session data an error will be logged in system.log and the session will still be saved without compression. If you have suhosin.session.encrypt=on I would either recommend disabling it (unless you are on a shared host since Magento does it's own session validation already) or disable compression or at least don't use lzf with encryption enabled.Bots and crawlers typically do not use cookies which means you may be storing thousands of sessions that serve no purpose. Even worse, an attacker could use your limited session storage against you by flooding your backend, thereby causing your legitimate sessions to get evicted. However, you don't want to misidentify a user as a bot and kill their session unintentionally. This module uses both a regex as well as a counter on the number of writes against the session to determine the session lifetime.

Parichay


Parichay is a Small and Simple Asp.Net Social Network. Asp.Net MVC has been used as web application framework. NHibernate has been used as data persistence framework. For security Asp.net role based security has been used with additional security httpmodule.

Custom Basic Authentication for IIS


HTTP Module to allow HTTP Basic Authentication against non-Windows accounts in IIS

Exemplo-Blog-Windows-And-Forms-Auth-ASPNET


Esses dias eu tive que resolver um probleminha chato durante uma consultoria, e um que já tinha visto outras pessoas solicitando ajuda. Como após alguma pesquisa consegui montar um modelo legal, coloco aqui para ajudar quem vier a precisar de uma solução que funciona. O problema é o seguinte: preciso, dentro de uma mesma aplicação, autenticar com forms authentication e windows authentication. No meu cenário, se o usuário vem da intranet, ele está na rede interna, e autentica com windows authent

login_Sysphp - Basic login system using PHP and session cookies.


Basic login system using PHP and session cookies.

connect-nano - req.nano, which passes session cookies to CouchDB and back again.


req.nano, which passes session cookies to CouchDB and back again.

sessionGuard - My JS code to handle ATutor user session between multiple tabs using cookies.


My JS code to handle ATutor user session between multiple tabs using cookies.

encrypted_cookie - AES-128 encrypted session cookies for Rack (and Sinatra and other frameworks).


AES-128 encrypted session cookies for Rack (and Sinatra and other frameworks).

perl-CGI-Lite - CGI::Lite - process and decode WWW forms and cookies


CGI::Lite - process and decode WWW forms and cookies