Is it safe to store values in a session?

Question

Is it safe to store values in a session?

I am developing a web application where UserId and RoleId play a vital role ... Is it safe to store these values in a session. Some may be hidden, cookies .. Which is more secure?

Any suggestion for this ...

+3

security asp.net session

Chendur pandian Dec 22 '09 at 3:39

source share

5 answers

, cookie, , . , , . , , cookie, .

+4

Kaleb Brasee 22 . '09 3:42

"" , . , , , . , , .

+1

Kuwarii 15 . '11 12:36

, cookie.

The difference is that SESSION values are stored in SERVER, and hidden fields and cookies are stored on the client.

0

roman m Dec 22 '09 at 3:42

source share

A session will be more secure than a cookie (the session is stored in memory on the server where the cookie is sent to the client).

0

Gabriel McAdams Dec 22 '09 at 3:43

source share

keyboardP · Accepted Answer · 2009-12-22T03:44:45+0000

Sessions are safer than cookies and hidden fields because they are stored on the server. Cookies usually should not contain confidential data, even encrypted, as users have direct access to them. Hidden fields are also sent to the client, but simply are not displayed. Therefore, using tools such as FireBug , you can easily display this content.

There are various places in which you can store the session, for example, in memory (if you do not use them a lot) or support their SQL server. You can get more session information here . Sessions are secure because they are stored on the server side.

Is it safe to store values ​​in a session?

More articles:

Is it safe to store values in a session?