Session Variables a threat?

Please support our VB.NET advertiser: Intel Parallel Studio Home
Reply

Join Date: May 2005
Posts: 13
Reputation: earlofroberts is an unknown quantity at this point 
Solved Threads: 1
earlofroberts earlofroberts is offline Offline
Newbie Poster

Session Variables a threat?

 
0
  #1
Jun 28th, 2005
I read that session variables in ASP were a security threat.
Is this true for session variables in .Net?

thanks,
ed
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 65
Reputation: cpopham is an unknown quantity at this point 
Solved Threads: 0
cpopham cpopham is offline Offline
Junior Poster in Training

Re: Session Variables a threat?

 
0
  #2
Jun 28th, 2005
If someone can gain access to your computers memory where the session variables reside, you have a lot more to be concerned about than the session variables. Now in asp where you are going over the internet, I can see where this would be a concern.

Chester
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 13
Reputation: earlofroberts is an unknown quantity at this point 
Solved Threads: 1
earlofroberts earlofroberts is offline Offline
Newbie Poster

Re: Session Variables a threat?

 
0
  #3
Jun 29th, 2005
I guess the question is: do session variables in .Net reside on the server and not cross the net?

thanks,
ed
Reply With Quote Quick reply to this message  
Join Date: Feb 2005
Posts: 175
Reputation: Letscode is an unknown quantity at this point 
Solved Threads: 6
Letscode's Avatar
Letscode Letscode is offline Offline
Junior Poster

Re: Session Variables a threat?

 
0
  #4
Jul 12th, 2005
Session variables run on the server side.Its not that easy to hack.You gotta hack the server to gain access to the session variables.

Most people say not to use session variables just because it degrades the efficiency of the webpage.

In my experience,session variables gave me a head ache in these cases.

1.In the middle of the application,if the user changes his screen resolution,the session variables remains the same(It screwed up).One has to close the browser and then reopen the browser for the application to run properly.

2.If you are using Dual servers and second server is intended to act when the first server fails.The session variables are lost when the first server fails.
Save White Tiger
Reply With Quote Quick reply to this message  
Reply

This thread is more than three months old.
Perhaps start a new thread instead?
Message:


Thread Tools Search this Thread



About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC