preventing Session ID replay attack

A

anoop

Hello,
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login and also Close the current
Session after User closes the Window or gets logged out of the Website. So
that every time user logs in into the website, Session ID will be unique.

Thank you.
 
E

Evertjan.

=?Utf-8?B?YW5vb3A=?= wrote on 16 apr 2007 in
microsoft.public.inetserver.asp.general:
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login

You cnnot, simply because changing the session.id would end the session per
definition.
and also Close the
current Session after User closes the Window or gets logged out of the
Website.

Use session.abandon if you have to, or empty the
session("login") value if so designed.

.... however you cannot reliably trust the closing of window to be reported.
It depends on the browser used, the closing of the computer, or if someone
trips over the mains connection or internet connection.
So that every time user logs in into the website, Session ID
will be unique.

The session.id is unique as delivered by the system, better than once in a
lifetime at least.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top