D
Dave
Has anyone seen any good examples of how to stop someone
from stealing the session id to hijack the session?
Thanks...
from stealing the session id to hijack the session?
Thanks...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
C
Chris Jackson
Well, the only way to really do this is to prevent somebody from gettng the
session id in the first place - this is the danger of cookieless session
state, where it is in the URL for all to see. Once somebody has the ID,
there isn't anything you can do to differentiate that person from the
legitimate user. If information is extremely senstive, then don't use
persistent cookies (so they won't be sitting on disk) and use HTTPS so it's
encrypted over the wire. Require authentication again when you get to
something particularly sensitive.
session id in the first place - this is the danger of cookieless session
state, where it is in the URL for all to see. Once somebody has the ID,
there isn't anything you can do to differentiate that person from the
legitimate user. If information is extremely senstive, then don't use
persistent cookies (so they won't be sitting on disk) and use HTTPS so it's
encrypted over the wire. Require authentication again when you get to
something particularly sensitive.
K
Keith
An apporach I'm considering is to:
1. Store the source IP and user agent
2. Compare the request IP and user agent on each page to
the session ID
3. Not use cookieless sessions
4. Not persist the ticket
This will give me the security I need to get ASP.Net
working in my organization.
1. Store the source IP and user agent
2. Compare the request IP and user agent on each page to
the session ID
3. Not use cookieless sessions
4. Not persist the ticket
This will give me the security I need to get ASP.Net
working in my organization.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman
-
Hello Everyone
- Started by welly
-
Problem with code
- Started by camilin05
-
How to get expertise in "cyber security" or from where to start for this?
- Started by independent
-
Arduino Chess Clock
- Started by ARDU_PROgrammER
-
What steps are the key steps involved in designing a product?
- Started by remotedevelopers