473,327 Members | 1,920 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

Session Variable Security


Dear Group

Is there any information or your views on session variable security?
I'm using my own authentization, storing whether a user has access to a
page in a session variable being either set to true or false. I
evaluate the variable in the page load event and if false the user is
directed to the login page.

How secure are session variables? Is it possible for someone to
manipulate a variable from the outside, setting it to true in order to
get access?

Thanks very much for your thoughts, views and any hints regarding
available resources on this topic.

Best Regards,

Martin

Nov 19 '05 #1
1 1100
Hello Martin,

You would probably be better off using one of the Authentication classes
for what you are describing. Take a look at how you can use FormsAuthentication
[1] for example.

[1] http://www.differentpla.net/node/view/310

--
Matt Berther
http://www.mattberther.com
Dear Group

Is there any information or your views on session variable security?
I'm using my own authentization, storing whether a user has access to
a page in a session variable being either set to true or false. I
evaluate the variable in the page load event and if false the user is
directed to the login page.

How secure are session variables? Is it possible for someone to
manipulate a variable from the outside, setting it to true in order to
get access?

Thanks very much for your thoughts, views and any hints regarding
available resources on this topic.

Best Regards,

Martin


Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Pack Fan | last post by:
I've noticed that session variables will persist on Mac IE even after all browser windows have been closed. One must quit the program to clear the session variables. This presents a security risk...
8
by: Marc Hoeve | last post by:
Hi everybody I'm setting up 2 websites for a friend of mine, en I'm have problems with one of the sites. The situation: I have 2 different domains (both in the .NL domain). Both domains...
5
by: Larry Woods | last post by:
I am losing Session variables, but only those that are set in the page previous to a redirect to a secure page. Anyone seen ANY situation where Session variables just "disappear?" Note that...
1
by: Scott Wickham | last post by:
I'm having a problem saving session information on one form and retrieving it on a subsequent form...for only one out of a number of users. Actually, I'm not absolutely certain it's a session...
14
by: Paul Yanzick | last post by:
Hello, I am trying to develop a book tracking application for my capstone in school, and am running into a problem. The application is an ASP.Net application written in C#. The first page you...
14
by: dale zhang | last post by:
Hi groups, Can anyone give me the equivalent C# sharp code for this VB.ET code, :: VB.NET :: Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _ Handles...
26
by: BillE | last post by:
Some ASP.NET applications use Session Variables extensively to maintain state. These should be re-written to use viewstate, hidden fields, querystring, etc. instead. This is because if a user...
2
by: Gordon Burditt | last post by:
I had this idea about preventing session fixation, and I'm wondering what anyone else thinks about it. The idea is, essentially, don't allow session ids that YOUR PHP didn't generate (and aren't...
8
by: YYZ | last post by:
I'm using asp, not asp.net. I've got some open ended questions that I was really hoping someone in here could answer, or direct me to some resources that will help me answer them on my own. ...
9
by: sheldonlg | last post by:
I have come across this problem before but never really resolved it. It is probably something so obvious that I should be embarrassed to even ask in this forum. The problem is one of losing the...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.