Ending sessions when running in cookieless mode?

Discussion in 'ASP .Net Security' started by Lauchlan M, Oct 7, 2003.

  1. Lauchlan M

    Lauchlan M Guest

    Hi.

    I have an app that is running cookieless.

    (ie

    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data
    source=127.0.0.1;Trusted_Connection=yes"
    cookieless="true"
    timeout="20"
    />

    )

    The sesion variable is getting passed around in the url, as in

    http://localhost/MyWebApp/(0ufczt45npgtutzha3l23x55)/MyPage.aspx

    Now, at some point I blitz the session (I want to log out a user and login
    is handled with sessions instead of form authentication) with
    Session.Abandon() . But the session variable in the url for the next page I
    go to is still the same, eg

    http://localhost/MyWebApp/(0ufczt45npgtutzha3l23x55)/MyNextPage.aspx

    So, how do I make sure the session gets blitzed in the URL as well as in the
    HTTPSessionState?

    The problem is that because it 'remembers' this session variable, it allows
    going to pages that have already been visited previously in this 'session'
    although the previous visit was actually someone elses session. So if I log
    in as one kind of user in my web application and log out, and log in again
    as a different user, I can still go to pages that I went to under the old
    login when I shouldn't be able to.

    Thanks!

    Lauchlan M
    Lauchlan M, Oct 7, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JV

    Cookieless Sessions...

    JV, Jul 23, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    458
    levous
    Aug 4, 2003
  2. Leigh

    Cookieless sessions

    Leigh, Dec 1, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    327
    Guest
    Dec 8, 2003
  3. Steve Franks
    Replies:
    2
    Views:
    1,232
    Steve Franks
    Jun 10, 2004
  4. Replies:
    2
    Views:
    3,248
    Ravi Singh (UCSD)
    May 10, 2006
  5. scottymo
    Replies:
    3
    Views:
    666
    Dominick Baier
    Sep 30, 2006
Loading...

Share This Page