How secure are session variables?

G

Giles

Example:
session("IsLoggedIn")=false

Can this be changed on the user's machine by editing the cookie directly?
(Please tell me it can't!).
If so, will ASP know it has been tampered with, and refuse to "accept" it if
changed to "true" ?
Thanks
Giles
 
B

Bob Barrows [MVP]

Giles said:
Example:
session("IsLoggedIn")=false

Can this be changed on the user's machine by editing the cookie
directly? (Please tell me it can't!).
If so, will ASP know it has been tampered with, and refuse to
"accept" it if changed to "true" ?
Thanks
Giles
Session variables are not stored on the client pc: they are stored in the
server's memory, which is one reason indiscriminate use of session variables
can impair performance.

The only thing stored on the client is a session cookie containing the
session id.

Bob Barrows
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top