473,624 Members | 2,469 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Security issue / Session variable expiration?

I know you can make cookies expire, but how about session variables? I'm
basically using session for security, etc... One variable is
session("Logged On"). If a page sits idle for 30 minuts I want to make them
log back in order to see another page (ie turn "LoggedOn" = false).

Any ideas or suggestions?

Thanks!
Nov 18 '05 #1
1 2733
Session variables reside on the server and are held in the memory for a
duration set by web.config
The default duration is 20 mins after which all the resources are released.

As you know cookie can be set to expire after certain minutes. Or you can
set sliding expiration which means that if its used then the expiration time
is reset to a certain period in future. (You manually set that).

So if you anytime you access the resources in Session always check with
something like
if(Session["objectname "] != null)
{
// read the object and process
}

equivalent vb.net is something like
if Session["objectname "] in not null then

' do whatever needs to be done
end if

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"VB Programmer" <Do************ *****@jEmail.co m> wrote in message
news:ue******** ******@TK2MSFTN GP11.phx.gbl...
I know you can make cookies expire, but how about session variables? I'm
basically using session for security, etc... One variable is
session("Logged On"). If a page sits idle for 30 minuts I want to make them log back in order to see another page (ie turn "LoggedOn" = false).

Any ideas or suggestions?

Thanks!

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
12393
Session variable
by: Enoch Chan | last post by:
I would like to set a Session variable to a value. In Vbscript it should be Session("ZoomValue")=500 How can I set this session variable by using Javascript? Thanks
Javascript
2
1505
Security question
by: JamesB | last post by:
I am half way through making a site you can only do certain stuff if logged in to. So far, you are logged in if there is a session variable with your username, but I got thinking that presumably someone who worked this out could make a cookie file with this info in and pretend to be another user. So... what's the recommended way? I thought of storing an MD5 hash of the login time in the session and in the database too, then on each...
PHP
3
1637
Cross page data: Session, Viewstate or something else?
by: Zaccariah Kowalsky | last post by:
Hello, I have a webapp with on each page a "language" drop down list. Now, if I choose X, I want to initialise the drop down list to X. Easy to understand. But what is the best way to do this in ASP.NET? The obvious answer is, I think, the Session object. But one thing annoys me: a session can expire. It is difficult to guess the expiration time; 20 minutes, 40, 60? I just don't know. Is there a better way to pass data between pages? I...
ASP.NET
3
1895
Why my session expires? And will a sessionID survive...?
by: Welman Jordan | last post by:
Hello all, In Session_OnStart, I set a session variable: Session = DateTime.Now; and Session.Timeout = 15;
ASP.NET
2
4315
Session Variable vs Cookie
by: Wayne Wengert | last post by:
Are Session variables the same as a cookie? In reading a couple of pages I got from searches, I don't get the difference. Basically, I am currently using simple session variables (e.g. Session("UserName") = txtLastName.Text). I think they are expiring for some users (longer sessions?) and I need to be able to set the expiration to something like Now() plus 2 hours. What is the right way to do this? Wayne
ASP.NET
4
2012
Looking for general advice on security
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far with this I was wondering if anyone could perhaps offer advice or point me to any documents/web pages that could help with ensuring the security of the form/page and site. It is likely that the form will come under attack I expect. Even comments...
PHP
9
1577
sessions and security
by: dino d. | last post by:
Hi Everyone- I was reading a few posts about sessions and security, and it seems that the best way to address sessions security is to require authentication every time the user needs to get to sensitive data (or protect the session data with SSL). In other words, assume that the world can see your session data stored in cookies if you're not using SSL. So, I started looking for exceptions to this rule of thumb (requiring...
PHP
8
4188
Session variable, security, SSL, I'm confused
by: YYZ | last post by:
I'm using asp, not asp.net. I've got some open ended questions that I was really hoping someone in here could answer, or direct me to some resources that will help me answer them on my own. First, the session object. When a new user comes to my site, asp creates a session object, and a session id on that object. That session id is sent back to the client and stored as a cookie(?) that can be used to identify a single user across...
ASP / Active Server Pages
1
1834
oranoos3000
about expiration variable session
by: oranoos3000 | last post by:
hi do variable session expire after specific time from opening page? if answer yes ?how much is this time? else if variable session is set on server no expiration automatically how do expire this variable after specific time? do variable session expire with closing page that session in that page is set? thanks alot
Javascript
0
8240
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8680
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8625
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8336
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
6111
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5565
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4082
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4177
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
1487
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us