Session being crossed

Discussion in 'ASP .Net Security' started by MattC, Dec 7, 2005.

  1. MattC

    MattC Guest

    Hi,

    I have an open question regarding any issues anyone has had regarding a
    cookieless session managment on a webfarm. My concern is that we had a user
    able to see the contents of another users session, their basket effectively.

    Set up:
    Two webservers running IIS6.
    enableviewstatemac has been left in default state of on.
    Identical machine key settings.
    Identical website ID's in IIS.
    Identical Web.config as the websites are load balance over a distributed
    filesystem.

    Both using out-of-proc state management on a third server.
    Server has had registry altered to allow remote connection to aspnet_state
    service.

    I don't understand, short of a random bug in the session service, how one
    user can get anothers without ( and here's the caveat ), sending their URL
    munged querystring to the other user.

    I would really appreciate any advice and/or experiences any of you have had
    with maintaining a secure out of process session while attempting to not
    rely on cookies for sessionID storage.

    Worst case scenario I will return to using a cookie based management method.

    TIA

    MattC
     
    MattC, Dec 7, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jay
    Replies:
    2
    Views:
    374
  2. henryh
    Replies:
    1
    Views:
    924
    Roedy Green
    Sep 18, 2005
  3. lime
    Replies:
    47
    Views:
    1,092
    Uncle Pirate
    Nov 17, 2004
  4. jgun
    Replies:
    0
    Views:
    218
  5. Kenneth Tilton

    There's a line, and I just crossed it

    Kenneth Tilton, Aug 2, 2010, in forum: Javascript
    Replies:
    3
    Views:
    113
    Kenneth Tilton
    Aug 4, 2010
Loading...

Share This Page