Cookieless session management

Results 1 to 2 of 2

Thread: Cookieless session management

  1. #1
    Join Date
    Dec 1969

    Default Cookieless session management

    I am trying to use forms authentication and using cookieless session management. I want to know how secure it is. I read some of the articles saying it is not secure. There is a flaw in it. Until microsoft resolves the problem of sessionid, we are not supposed to use cookieless session management. Can anyone who&#039;s actually implemented cookieless sessions tell me if what I am going to start is going to pose lot of security threats? <BR><BR>I came to know that if an attacker uses an expired sessionid then simply makes a new session with the old/expired sessionid provided by the attacker and we will not have a clue about it? can anyone please let me know how to work around this problem?<BR><BR>Thanks alot<BR>K

  2. #2

    Default RE: Cookieless session management

    The "session id" is in the url, so it is a bit like having <BR>pagename.aspx?userID=132456<BR><BR>A url is easier to copy than a cookie.<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts