Using GUID to maintain state

Results 1 to 2 of 2

Thread: Using GUID to maintain state

  1. #1
    Join Date
    Dec 1969

    Default Using GUID to maintain state

    I am trying to find a secure and reliable method of keeping state (no session variables).<BR>I have a table called sessions that I will use to maintain state. A SessionId and MemberId will be passed from page to page with hidden fields. The SessionId is inserted into the Sessions table when the member logs in. <BR>At the top of each page I will do a check, if the SessionId and MemberId are not in the table there is a redirect to the login page. <BR>There is a security risk that someone could guess the SessionId of another user and bring their details up. To make it more secure I thought of using SQL Servers GUID for the SessionId. This will make it a lot more difficult for someone to guess. Could someone by looking at previously created GUIDs guess what future ones will be for a particular SQL Server?<BR>Is this a secure way of maintaining state? <BR>Will using GUID as the SessionId greatly affect performance? <BR>If anyone has a more secure solution please let me know of them.<BR>

  2. #2
    Join Date
    Dec 1969

    Default Crosspost, answered other forum <nm>


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts