Hello,
During Penetration testing of my ASP.Net web forms application, following issues has been reported:-.
1. ASP Sessions can be replayed.
I am using forms authentication with below mark-up
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~\Login.aspx" defaultUrl="~\Login.aspx" slidingExpiration="true" timeout="90" path="/" />
</authentication>
Can any-one pls help me how i can stop session replay (aspxauth session from some previous sessions has been reused). Thanks.