session security

Results 1 to 2 of 2

Thread: session security

  1. #1
    Join Date
    Dec 1969

    Default session security

    I have a login page in my site. The user submit login and password to logon. When I submit the page I keep this information in sessions.<BR>e.g. <BR> session("userid") = request.form("userid")<BR> session("password") = request.form("password")<BR>I maintain these values untill the last page when the session destroyes.My question is are these values are safe. If any one hyjack these values,how can I maintain the security. If encryption software or secure socket layer or some other solution is required then what is the procedure to implement such type of securiy. I need detail description or some <BR>tutorial about this.

  2. #2
    Join Date
    Dec 1969

    Default Well...

    Session values are held in memory Server side and they only apply to the running session. If someone is smart enough to hack into your server and can run an in memory program to somehow pull these session variables out of this specific session, you&#039;ll have much bigger problems that session variables...You&#039;ll likely not have a working web server for long.<BR><BR>As long as the server itself is secure, you are ok.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts