Igor V Savchenko
Reputation: 1086
Most secured way to persist data in ASP MVC
I'm using ASP MVC application + WCF service with custom session behavior implementation. Clients receive, store and use (for authorization) session tokens. Now I'm searching for most secured way to store session token at client side in ASP MVC.
I see few ways:
- Hidden field. Drawback: user can open page source code and get token.
- Route value. Drawback: token is actually open. User can get it from address bar.
- Session. I've read a lot articles with one conclusion: using Session in MVC application is a bad practice. But Session have a lot advantages as well: can be widely configured, can store token at server side, etc.
I'm sure there are some best practices for solving my problem. Any help will be appreciated.
Upvotes: 0
Views: 618
Answers (1)
John Farrell
Reputation: 24754
Require HTTPS connections, encrypt secure data, place in cookie.
You could also pass the token around your site, encrypted of course via a hidden field or something but your scenario is actually what cookies are made to do.
My bank sets a cookie, they should be good enough for what you are doing.
Upvotes: 1
Related Questions
- MVC - Store secure information
- .NET MVC and securely passing data between pages
- Persisting Data
- Storing Sensitive Data in Session
- What is the most standard way to persist data between MVC views?
- Storing user data after authentication with MVC4
- how to store data in mvc for using it the across application
- persisting data in mvc
- mvc site, most secure way to preserve login credentials
- How to secure sensitive data in WCF client app?