View Single Post
 
Old February 9th, 2008, 10:28 PM
Maxxim Maxxim is offline
Friend of Wrox
 
Join Date: Mar 2006
Location: , , Portugal.
Posts: 310
Thanks: 0
Thanked 0 Times in 0 Posts
Default Security: Could someone falsificate session vars?

Suppose that I put this on my page_load:

if not session("abcd") = true then
  redirect(*to other page*)
end if

If someone knows that this page only is accessible with this session var, could this person find a way to create this session form outside and see the page?

Forgive this newbie question but i need to be sure!

I want to make an admin page without the custom login and security verifications...

Thanks!
Max