|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Change ASP .NET Session IdIn order to prevent Session Fixation attacks I would like to know how it is
programatically possible to change the session id? The idea is that after a successful authentication during login a new session id is generated and the previous one is invalidated. Have you tried calling the HttpSessionState.Abandon method to end the
original session? (A new session will be automatically created once the old one is dropped.) Show quoteHide quote "Jan Monsch" <Jan Mon***@discussions.microsoft.com> wrote in message news:E2DCFB4F-E3DA-49D6-B344-1C87D5F479A6@microsoft.com... > In order to prevent Session Fixation attacks I would like to know how it > is > programatically possible to change the session id? > > The idea is that after a successful authentication during login a new > session id is generated and the previous one is invalidated. 
Other interesting topics
|
|||||||||||||||||||||||
