implementing security with session variables, how it is insecure
Posted
by haansi
on Stack Overflow
See other posts from Stack Overflow
or by haansi
Published on 2010-05-05T05:34:38Z
Indexed on
2010/05/05
5:48 UTC
Read the original article
Hit count: 192
I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]).
Please help me understand how this could be insecure. I've heard that such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc.
Please guide me on this.
© Stack Overflow or respective owner