473,386 Members | 1,668 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > how secure are session(" ") ?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

how secure are Session(" ") ?

Hi ive seen alot of communites that use the session("") cookie to assaign
the userid after the login
Since this is a cookie, isnt it easy to modifie it and become which user you
want at the current community ?
Jul 19 '05 #1
2 2308
nope... unless you write it to the users drive (by setting a .Expires) it's
in memory..
Not easy to "hack"....

--
----------------------------------------------------------
Curt Christianson (Software_AT_Darkfalz.Com)
Owner/Lead Designer, DF-Software
http://www.Darkfalz.com
---------------------------------------------------------
...Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"Gurra" <Gu****@telia.com> wrote in message
news:O5**************@TK2MSFTNGP09.phx.gbl...
Hi ive seen alot of communites that use the session("") cookie to assaign
the userid after the login
Since this is a cookie, isnt it easy to modifie it and become which user you want at the current community ?

Jul 19 '05 #2
An ASP Session cookie only contains the ASPSessionID. The server keeps all
the data in the server's memory. The browser returns the ASPSessionID, and
the server uses that to lookup the user's data.

So, it's not "hackable" in the sense that the data isn't stored anywhere on
the client's machine, or transmitted between the client and the server.
However, if someone could guess your ASPSessionID (either by luck, or by
sniffing traffic between you and the server), then they could launch a
session-hijacking type attack.

Cheers
Ken

"Gurra" <Gu****@telia.com> wrote in message
news:O5**************@TK2MSFTNGP09.phx.gbl...
: Hi ive seen alot of communites that use the session("") cookie to assaign
: the userid after the login
: Since this is a cookie, isnt it easy to modifie it and become which user
you
: want at the current community ?
:
:
Jul 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
C# Session("USERID") = "NAME";
by: TWACS | last post by:
How do I add and get session defined variables? when I do this Session("USERID") = "NAME"; I get System.Web.UI.Page.Session' denotes a 'property' where a 'method' was expected Thanks,
ASP / Active Server Pages
9
session("var")= rs.getRows()
by: bajopalabra | last post by:
hi session("myVar") = rs.getRows( ) don't work when number of records is greater than 10 does anybody know WHY ??? is it a Session object limitation ??? thanks
ASP / Active Server Pages
1
Which is faster? Dim dv As New DataView(session("myDataTable")) or CType(session("myDataTable"))
by: Andreas Klemt | last post by:
Hello, let's say my session("myDataTable") is type of DataTable Now what is faster? a) Dim dv As New DataView(session("myDataTable")) b) Dim dv As New DataView(CType(session("myDataTable"),...
ASP.NET
3
Session State - What does it take to establish one single ASP.NET session per "browser session"
by: Jeff Smythe | last post by:
I simply want to execute some code once when a new session of my ASP.NET application is started (I'm not using session state for anything else - just writing some data to a database). I thought...
ASP.NET
13
Session("passed") = Session("passed") + 1 error
by: dee | last post by:
Hi My code complies the following line: Session("passed") = 1 but puts wiggly error line under the second Session("passed") in the following expression: Session("passed") = Session("passed") +...
ASP.NET
10
Difference between Session["var"] and Session("var")
by: thomson | last post by:
Hi, i create a session variable in C# as follows Session , but iam not able to access the variable in VB.net like intmode=Session("var"); Why is that ? Regards
ASP.NET
4
"Profile" and "Session" not accessible in ASP.NET app
by: R.A.M. | last post by:
Hello, I am writing ASP.NET application in which I need to use User Profiles and Session mechanisms. Here I include part of my source code (Admin.cs): using System; using System.Data; using...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!