M
Martin
Hi,
To make a solution avoiding session ID hijacking work for cookie-less mode,
I would like to record some unique property of the ssl session negotiated in
the ASP.Net session object - for instance the secret key of that ssl
session. I assume the ssl session that is negotiated has the same life
cycle as a session based cookie. Ie in one browser session, if the user
visits some https pages on a site, then some http pages, then back to https
pages, they use the same ssl session for both visits to that site.
Is this possible?
Thanks
Martin
To make a solution avoiding session ID hijacking work for cookie-less mode,
I would like to record some unique property of the ssl session negotiated in
the ASP.Net session object - for instance the secret key of that ssl
session. I assume the ssl session that is negotiated has the same life
cycle as a session based cookie. Ie in one browser session, if the user
visits some https pages on a site, then some http pages, then back to https
pages, they use the same ssl session for both visits to that site.
Is this possible?
Thanks
Martin