I read that session variables in ASP were a security threat.
Is this true for session variables in .Net?


Recommended Answers

All 3 Replies

If someone can gain access to your computers memory where the session variables reside, you have a lot more to be concerned about than the session variables. Now in asp where you are going over the internet, I can see where this would be a concern.


I guess the question is: do session variables in .Net reside on the server and not cross the net?


Session variables run on the server side.Its not that easy to hack.You gotta hack the server to gain access to the session variables.

Most people say not to use session variables just because it degrades the efficiency of the webpage.

In my experience,session variables gave me a head ache in these cases.

1.In the middle of the application,if the user changes his screen resolution,the session variables remains the same(It screwed up).One has to close the browser and then reopen the browser for the application to run properly.

2.If you are using Dual servers and second server is intended to act when the first server fails.The session variables are lost when the first server fails.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.