Secure |Sessions

Results 1 to 2 of 2

Thread: Secure |Sessions

  1. #1
    Join Date
    Dec 1969

    Default Secure |Sessions

    I have a login page in my site. The user submit login and password to logon. When I submit the page I keep this information in sessions.<BR>e.g. <BR> session("userid") = request.form("userid")<BR> session("password") = request.form("password")<BR>I maintain these values untill the last page when the session destroyes.My question is are these values are safe. If any one hyjack these values,how can I maintain the security. If encryption software or secure socket layer or some other solution is required then what is the procedure<BR>to implement such type of securiy. I need detail description or some tutorial about this.<BR>Thanks

  2. #2
    Join Date
    Dec 1969

    Default RE: Secure |Sessions

    as far as my knowledger goes, session variables are server side variables and the browser cannot view what is in them. if u need more security u can encrypt ur username and password in the sessions.<BR><BR>another way is that u should not be storing passwords in sessions and why do u need them anyway???all thru the pages? so i feel it is enough u store only usernames.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts