Reputation: 22327
Security of sessions in ASP.NET
If I do the following in one of my .aspx pages:
Session["MySess123"] = "Some plain text";
and then read it from another .ashx page:
string str = Session["MySess123"].ToString();
Will Some plain text in any way be visible in a client browser?
Or in other words, how easy for an "intruder" is it to get access to my session variables?
PS. I am not storing any sensitive information this way. I use it for the purpose of storing Captchas.
Upvotes: 0
Views: 114
Answers (1)
Reputation: 172
as you certainly know, sessions are stored on server. So it's the best way to transfer "sensitive" data. ViewBag, hidden fields and cookies are stored on client side so it's not good at all. Session stay the best solution. But if anybody reach your server, he can access all these variables.
It's not very well secured but you can add a basic encryption or something like this if you want to.
Upvotes: 3
Related Questions
- ASP.net session variables information required
- how safe is it to use session variables - asp.net / c#
- how safe is it to use session variables? ASP.NET C#
- session variable
- asp.net session security
- What to care to secure ASP.NET session variables
- Session ASP.NET
- Is it secure to store values in session?
- Hacking session variables in Asp.NET
- implementing security with session variables, how it is insecure