SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Evangelist
    Join Date
    Jun 2001
    Location
    London
    Posts
    423
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ASP web page security

    If a user has logged onto an ASP web page and a session("loggon") is set to true. By checking at the start of each page whether this variable is set to true I am assuming is an easy form of page security. Is this correct?

    I also tend to store the user ID into a session variable and use this to place the desired dynamic content onto the page for each client.

    Are there any over implications?

    Thanks...

  2. #2
    SitePoint Wizard big_al's Avatar
    Join Date
    May 2000
    Location
    Victoria, Australia
    Posts
    1,661
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions are usualy fairly safe. I have heard of people "Hijacking" Sessions by stealing the cookie off of another persons computer. Very tinny threat and as far as I can tell has not happend to anyone using any of my systems.

    If you want to go even safer then you would probably use a database as well or NT Accounts and even SSL, it all depends on how secure you want your application to be, how fast your servers are and if it is really neccasary to go to that complexity.
    .NET Code Monkey


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •