Reputation: 3747
Share session (asp->asp.net) security
I need to share session in order to pass data from asp page to aspx. The solutions I've found:
• Pass data through hidden form (link)
• Pass data through database (link)
I've tried method with form and it worked fine (after some modification). Now I'm trying method with database. First method is easier imho, so I wonder if the second method is more secure (and preferable) than the first one?
And what potential problems exist with these methods?
Upvotes: 2
Views: 866
Answers (3)
Reputation: 13476
Microsoft outlines a method to share session state between ASP classic and ASP.NET using SQL Server to store the session here: http://msdn.microsoft.com/en-us/library/aa479313.aspx
Upvotes: 1
Reputation: 13302
The first solution is definitely less secure since you're sending session data to the client and then receiving it back. That means that it's possible for someone on the client side to modify the data they post back to your page. This removes one of the best things about sessions, that only the programmer controls what's in them. In a way, the first method is similar to using cookies. As for the second method, it may be more difficult but I would definitely recommend it over the first.
Upvotes: 1
Reputation: 20004
If the session is encrypted I think you will fine. ASP.NET has the option of storing the session in a database and URL querystring to get around users not having cookies enabled. Your solutions sound similiar.
Upvotes: 1
Related Questions
- asp.net session security
- How to mantain session in classic asp sharing it with .net?
- Session in Asp.net
- Session Management
- Sharing login-system between classic ASP and ASP.Net
- ASP3 And ASP.NET session sharing
- PHP ASP Sharing Sessions
- Session in classic ASP
- Shared User Session for Multiple ASP.NET Websites
- sharing asp session over virtual directory