Reputation: 117
Is TempData in ASP.NET MVC secure?
I want to know about security of tempdata in ASP.NET MVC in the following scenario.
If one user is logged in and there is data passed to tempdata and it is we are keeping for next request or we are not reading it so it keeps value in tempdata. If another user logged in, then will that tempdata value also be available to the second user?
Upvotes: 1
Views: 1643
Answers (1)
Reputation: 17024
TempData uses by default Session*. Therefore it is as safe as a session can be.
A session is individual for every user, so yes.
Session Hijacking is one problem for a session, but since TempData is only valid for one request, I do not see any problems.
* Note it is possible to create a own ITempDataProvider (Credits to NightOwl888). In this case, you need to evaluate, if your provider is secure.
Upvotes: 4
Related Questions
- MVC C# TempData
- Is storing values in TempData safe for multiple concurrent users?
- Using Tempdata in ASP.NET MVC - Best practice
- ASP.NET MVC ViewBag / TempData Security
- equivalent of ASP.NET MVC TempData in ASP.NET
- Working with tempdata in mvc
- ASP.NET MVC - TempData - Good or bad practice
- Tempdata In Razor
- TempData: Is It Safe?
- what is the scope and visibility of TempData in ASP.NET MVC?