T
theintrepidfox
Dear Group
Is there any information or your views on session variable security?
I'm using my own authentization, storing whether a user has access to a
page in a session variable being either set to true or false. I
evaluate the variable in the page load event and if false the user is
directed to the login page.
How secure are session variables? Is it possible for someone to
manipulate a variable from the outside, setting it to true in order to
get access?
Thanks very much for your thoughts, views and any hints regarding
available resources on this topic.
Best Regards,
Martin
Is there any information or your views on session variable security?
I'm using my own authentization, storing whether a user has access to a
page in a session variable being either set to true or false. I
evaluate the variable in the page load event and if false the user is
directed to the login page.
How secure are session variables? Is it possible for someone to
manipulate a variable from the outside, setting it to true in order to
get access?
Thanks very much for your thoughts, views and any hints regarding
available resources on this topic.
Best Regards,
Martin