Re: Store values in session.item
From: Chris Jackson (chrisj_at_mvps.org)
Date: 10/13/03
- Next message: Grant Harmeyer: "Re: Web.Config / Security Settings for sites NOT on sys partition"
- Previous message: MSFT: "Re: Forms authentication and downloading files"
- In reply to: Niclas Lindblom: "Store values in session.item"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Oct 2003 11:34:26 -0400
Session information is stored on the server. What is sent to the client is
the session ID. An attacker can hijack the session ID and pose as a given
user, but if you never write this value back to the client, then they still
won't be able to see it.
-- Chris Jackson Software Engineer Microsoft MVP - Windows XP Windows XP Associate Expert -- More people read the newsgroups than read my email. Reply to the newsgroup for a faster response. (Control-G using Outlook Express) -- "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message news:ONWl8gAkDHA.2140@TK2MSFTNGP09.phx.gbl... > Hi, > > Are there any security issues related with storing data related to the users > session in session.item ? Can i keep data in there with any risk of it being > read from the client side ? > > Please advise > > Regards > > Niclas > >
- Next message: Grant Harmeyer: "Re: Web.Config / Security Settings for sites NOT on sys partition"
- Previous message: MSFT: "Re: Forms authentication and downloading files"
- In reply to: Niclas Lindblom: "Store values in session.item"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
