How secure are session variables?

Discussion in 'ASP General' started by Giles, May 28, 2005.

  1. Giles

    Giles Guest

    Example:
    session("IsLoggedIn")=false

    Can this be changed on the user's machine by editing the cookie directly?
    (Please tell me it can't!).
    If so, will ASP know it has been tampered with, and refuse to "accept" it if
    changed to "true" ?
    Thanks
    Giles
     
    Giles, May 28, 2005
    #1
    1. Advertising

  2. Giles

    Steven Burn Guest

    Session cookies are stored in the servers memory, not on the client machine.

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    "Giles" <> wrote in message news:...
    > Example:
    > session("IsLoggedIn")=false
    >
    > Can this be changed on the user's machine by editing the cookie directly?
    > (Please tell me it can't!).
    > If so, will ASP know it has been tampered with, and refuse to "accept" it if
    > changed to "true" ?
    > Thanks
    > Giles
    >
    >
     
    Steven Burn, May 28, 2005
    #2
    1. Advertising

  3. Giles wrote:
    > Example:
    > session("IsLoggedIn")=false
    >
    > Can this be changed on the user's machine by editing the cookie
    > directly? (Please tell me it can't!).
    > If so, will ASP know it has been tampered with, and refuse to
    > "accept" it if changed to "true" ?
    > Thanks
    > Giles

    Session variables are not stored on the client pc: they are stored in the
    server's memory, which is one reason indiscriminate use of session variables
    can impair performance.

    The only thing stored on the client is a session cookie containing the
    session id.

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], May 28, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,503
    Teemu Keiski
    Jun 8, 2004
  2. VB Programmer

    How secure are session variables?

    VB Programmer, Nov 15, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    14,529
    stevish
    Dec 19, 2008
  3. Daniel Malcolm
    Replies:
    0
    Views:
    579
    Daniel Malcolm
    Jan 24, 2005
  4. zdrakec
    Replies:
    1
    Views:
    455
    zdrakec
    Jul 25, 2005
  5. Joe
    Replies:
    5
    Views:
    983
    Steven Cheng[MSFT]
    Dec 13, 2005
Loading...

Share This Page