Y
Hacker News
new
|
ask
|
show
|
jobs
by
mrkurt
5750 days ago
Besides what storm said: decrypting isn't the problem,
being able to encrypt a new cookie
is. If I can "bradhe" as my username in my own cookie, the default ASP.NET forms auth will consider me logged in as you.