How secure are session variables?

G

Giles

Example:
session("IsLoggedIn")=false

Can this be changed on the user's machine by editing the cookie directly?
(Please tell me it can't!).
If so, will ASP know it has been tampered with, and refuse to "accept" it if
changed to "true" ?
Thanks
Giles
 
B

Bob Barrows [MVP]

Giles said:
Example:
session("IsLoggedIn")=false

Can this be changed on the user's machine by editing the cookie
directly? (Please tell me it can't!).
If so, will ASP know it has been tampered with, and refuse to
"accept" it if changed to "true" ?
Thanks
Giles
Click to expand...
Session variables are not stored on the client pc: they are stored in the
server's memory, which is one reason indiscriminate use of session variables
can impair performance.

The only thing stored on the client is a session cookie containing the
session id.

Bob Barrows
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
Reading session variables from COM+ 2
How secure are session variables? 6
Session variables are lost 10
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Issue with passing fetched data to POST form. How can I? 0
"Non-persistent" session variables 3
Serious Problem - Lost Session Variables 12

Members online

No members online now.
Total: 36 (members: 1, guests: 35)
Robots: 456

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top