Impossible Travel Detection & Session Risk Scoring in .NET
A stolen session cookie passes every auth check you have. The signal that something is wrong isn’t in the token — it’s in the pattern: a login from Brussels, then São Paulo, eight minutes later. Here’s how to catch it in .NET.