NopCommerce 3.80 uses forms based authentication which makes the application vulnerable to session hijacking

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Всего сообщений: 9
Карма: 45
Присоединился: 07.08.2019
Страна: India

Опубликовано: 4 года назад

We are currently working on the nopCommerce version 3.80 and came across a finding that the application framework uses the forms based authentication which makes it vulnerable to cookie hijacking. The ticket in the cookie can be misused as long as the the timeout is not expired. Kindly suggest best approach to handle this hijacking scenario.

Thanks in advance

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Остались вопросы или нужна помощь?

. Премиум-поддержка . Получите помощь от команды nopCommerce с гарантированным ответом в течение 24 часов.

. Онлайн-курсы для разработчиков . Научитесь разрабатывать и кастомизировать сайты на nopCommerce.