asp.net-session

Session ID not random enough - ASP.NET

孤人 提交于 2019-12-03 12:23:22
问题 UPDATE We eventually had a meeting with some programmers on the Acunetix team and they realized there may be a few bugs in their code that are causing this to be displayed in the scan as more of an issue than it actually may be. The general consensus was to ignore the scan results and use the out-of-the-box ASP.NET Session ID generation as it should be secure enough for our site. @Vasile Bujac since your answer was the only one and mentioned using the ASP.NET standard solution I took that as

Session ID not random enough - ASP.NET

杀马特。学长 韩版系。学妹 提交于 2019-12-03 03:36:35
UPDATE We eventually had a meeting with some programmers on the Acunetix team and they realized there may be a few bugs in their code that are causing this to be displayed in the scan as more of an issue than it actually may be. The general consensus was to ignore the scan results and use the out-of-the-box ASP.NET Session ID generation as it should be secure enough for our site. @Vasile Bujac since your answer was the only one and mentioned using the ASP.NET standard solution I took that as the answer, but thanks everyone for your help. We use Acunetix's Retina scanner at work to do security

What is the difference between Session.Abandon() and Session.Clear()

拜拜、爱过 提交于 2019-11-26 23:49:28
What is the difference between destroying a session and removing its values? Can you please provide an example demonstrating this? I searched for this question, but don't grasp total answer. Some answers are: Session.Abandon() destroys the session Session.Clear() just removes all values A friend told me this: Clearing the session will not unset the session, it still exists with the same ID for the user but with the values simply cleared. Abandon will destroy the session completely, meaning that you need to begin a new session before you can store any more values in the session for that user.

What is the difference between Session.Abandon() and Session.Clear()

拈花ヽ惹草 提交于 2019-11-26 12:21:12
问题 What is the difference between destroying a session and removing its values? Can you please provide an example demonstrating this? I searched for this question, but don\'t grasp total answer. Some answers are: Session.Abandon() destroys the session Session.Clear() just removes all values A friend told me this: Clearing the session will not unset the session, it still exists with the same ID for the user but with the values simply cleared. Abandon will destroy the session completely, meaning

How can I set the Secure flag on an ASP.NET Session Cookie?

|▌冷眼眸甩不掉的悲伤 提交于 2019-11-26 08:48:37
问题 How can I set the Secure flag on an ASP.NET Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP? 回答1: There are two ways, one httpCookies element in web.config allows you to turn on requireSSL which only transmit all cookies including session in SSL only and also inside forms authentication, but if you turn on SSL on httpcookies you must also turn it on inside forms configuration too. Edit for clarity: Put this in <system.web> <httpCookies requireSSL="true

ASP.NET session state provider in Azure [closed]

风流意气都作罢 提交于 2019-11-26 07:43:21
问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 7 years ago . As far as I know, the current situation is this: Use SQL session state provider is possible (as I\'ve read somewhere) but it\'s not
订阅 asp.net-session