how secure are Session(" ") ?

G

Gurra

Hi ive seen alot of communites that use the session("") cookie to assaign
the userid after the login
Since this is a cookie, isnt it easy to modifie it and become which user you
want at the current community ?
 
C

Curt_C [MVP]

nope... unless you write it to the users drive (by setting a .Expires) it's
in memory..
Not easy to "hack"....
 
K

Ken Schaefer

An ASP Session cookie only contains the ASPSessionID. The server keeps all
the data in the server's memory. The browser returns the ASPSessionID, and
the server uses that to lookup the user's data.

So, it's not "hackable" in the sense that the data isn't stored anywhere on
the client's machine, or transmitted between the client and the server.
However, if someone could guess your ASPSessionID (either by luck, or by
sniffing traffic between you and the server), then they could launch a
session-hijacking type attack.

Cheers
Ken

: Hi ive seen alot of communites that use the session("") cookie to assaign
: the userid after the login
: Since this is a cookie, isnt it easy to modifie it and become which user
you
: want at the current community ?
:
:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to go about building a crud app when you are a noob 1
Just starting out 1
How secure are session variables? 2
Session Secure 0
Are AuthTickets Secure? 2
Secure internet communications 0

Members online

Total: 26 (members: 3, guests: 23)
Robots: 322

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top