p2p.wrox.com Forums

Need to download code?

View our list of code downloads.

  Return to Index  

asptoday_discuss thread: SessionID - Secure?

Message #1 by "Joe Hughes" <joehughes@m...> on Wed, 26 Sep 2001 18:29:29
I've developed a website which has a secure logon, and utilising SSL. 

Currently the way I maintain a state, is using the SessionID - I do not 

store objects or data directly in the Session object, but have a server 

side session table held on SQL linked via sessionID. The data held in this 

table is also encrypted. My main question is, is using the SessionID to 

provide a link between user and server secure? I've read stuff briefly on 

Session cookie hijacking etc. The fact that I validate my users within 

each function (in vb COM) against the SessionID, I would like to know if 

using this is secure. If not I presume generating a session token on 

website entry and holding it in the querystring is the best way. 

thanks in advance

  Return to Index