473,387 Members | 1,540 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > preventing session id replay attack

Join Bytes to post your question to a community of 473,387 software developers and data experts.

preventing Session ID replay attack

Hello,
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login and also Close the current
Session after User closes the Window or gets logged out of the Website. So
that every time user logs in into the website, Session ID will be unique.

Thank you.
Apr 16 '07 #1
2 5171
=?Utf-8?B?YW5vb3A=?= wrote on 16 apr 2007 in
microsoft.public.inetserver.asp.general:
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login
You cnnot, simply because changing the session.id would end the session per
definition.
and also Close the
current Session after User closes the Window or gets logged out of the
Website.
Use session.abandon if you have to, or empty the
session("login") value if so designed.

.... however you cannot reliably trust the closing of window to be reported.
It depends on the browser used, the closing of the computer, or if someone
trips over the mains connection or internet connection.
So that every time user logs in into the website, Session ID
will be unique.
The session.id is unique as delivered by the system, better than once in a
lifetime at least.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Apr 16 '07 #2
to release all used sessions
session.abandon()
http://msdn.microsoft.com/library/de...b92ebbbc31.asp
but this wont reset the session id ... (as far as i know)

On Apr 16, 10:09 am, "Evertjan." <exjxw.hannivo...@interxnl.net>
wrote:
=?Utf-8?B?YW5vb3A=?= wrote on 16 apr 2007 in
microsoft.public.inetserver.asp.general:
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login

You cnnot, simply because changing the session.id would end the session per
definition.
and also Close the
current Session after User closes the Window or gets logged out of the
Website.

Use session.abandon if you have to, or empty the
session("login") value if so designed.

... however you cannot reliably trust the closing of window to be reported.
It depends on the browser used, the closing of the computer, or if someone
trips over the mains connection or internet connection.
So that every time user logs in into the website, Session ID
will be unique.

The session.id is unique as delivered by the system, better than once in a
lifetime at least.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Apr 17 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Clients Losing Session
by: JIsenstadt | last post by:
I would appreciate it if anybody can help with a issue I am having in an ASP.NET application that is timing out before a process has been completed. The scenario ASP.NET application under IIS 5...
ASP.NET
10
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
ASP / Active Server Pages
3
Replay Attacks in Webservice
by: Baheri | last post by:
Does any one have a sample on how can replay attacks be prevented in a webservice?
.NET Framework
6
preventing session variables from going null
by: javelin | last post by:
In ASP classic pages, I want to know if it's possible to prevent session variables from becoming zero length strings? I have tried setting the Session.Timeout to a large value, but alwas, after 20...
ASP / Active Server Pages
9
Format of session id and $_SERVER['REMOTE_ADDR']
by: Markus | last post by:
Hi In cases where I need to store the session id and/or the remote host in a database I used to choose tinytext fields so far. Anyway the usual values for session ids are of 32 characters...
PHP
0
Session IDs in ASP.Net and Password encryption in ASP.Net 2.0
by: =?Utf-8?B?YW5vb3A=?= | last post by:
Hello, I am developing a Website in ASP.Net 2.0 with Login Control as a Starting page. I have already implemented Membership for login control. Now I want to know 1. How do I implement unique...
ASP.NET
8
Session variable, security, SSL, I'm confused
by: YYZ | last post by:
I'm using asp, not asp.net. I've got some open ended questions that I was really hoping someone in here could answer, or direct me to some resources that will help me answer them on my own. ...
ASP / Active Server Pages
3
keeping session data across two domains
by: laredotornado | last post by:
Hi, I'm using PHP 4.4.4. I have two domains -- www.mydomain1.com and www.mydomain2.com. Both point to the same IP address. I have two pages on that IP -- first.php <?php session_start();...
PHP
9
Session handling, login across all subdomains
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
PHP
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!