Re: Problem while using cookieless session
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 08/19/05
- Next message: Dominick Baier [DevelopMentor]: "Re: IIS 6 and ASP.NET security"
- Previous message: Yoshitha: "getting errors while running app in xp home"
- In reply to: Priya: "Re: Problem while using cookieless session"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 23:39:01 -0700
Hello Priya,
generally i would not recommend using cookieless sessions - no you cannot
hide the session id in the url...
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi,
> Thanks for the solution
> Is there any way to hide the session id displayed in the URL?
> Can you suggest any alternate solution?As we could find only usage of
> hidden
> fields which is not a feasible solution for our application.
> -Priya
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello Priya,
>>
>> no - this is the same as copying the cookie (in cookie session mode).
>>
>> Jeff Prosise wrote an article on MSDN where he took some extra info
>> to make the session ID unique (IIRC user agent and IP address). Be
>> aware that this is not bullet-proof as different users behind a proxy
>> e.g. will have the same IP address...
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> We are facing problems while using cookieless session. When the user
>>> copies and pastes the url from one machine to another, he is able to
>>> access the data entered by the first user. Is there any way to
>>> eliminate this problem.
>>>
>>> Thanks in advance.
>>>
- Next message: Dominick Baier [DevelopMentor]: "Re: IIS 6 and ASP.NET security"
- Previous message: Yoshitha: "getting errors while running app in xp home"
- In reply to: Priya: "Re: Problem while using cookieless session"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
