Asp.net session security

Question

Asp.net session security

If I put pretty important information in a session variable, how safe is it? Could this be accessed by a client who writes a rogue page and makes an ajax call for my application?

Thank.

+3

asp.net

frenchie Jan 29 '11 at 23:58

source share

3 answers

, , .

, . ajax ( ) . , .

, - , , ( ). . , HTTPS.

+2

Bennor McCarthy 30 . '11 0:06

. , , , . , - , ... . . , , , . , . , , . , .

, . PCI: PCI

In addition, this session safe use guide can help: Fast, scalable, secure ASP.NET session

+1

Zack jannsen Aug 14 '12 at 14:13

source share

Bruno Costa · Accepted Answer · 2011-01-30T00:33:45+0000

If you really need to keep this data between requests, you must save it on the server side.

To store information for use between requests, you have the following options:

Hidden fields: you should not use this to store confidential information, because the user (or the attacker) can get this information;
ViewState: , , viewstate;
Cookies: . , .
: , , . - , .

, .

Asp.net session security

More articles: