session-variables

I am comparing the session variable to a string to check if the login type is administrator or not. Code i am using : if (Session["loggedInUsername"] == null) { btnLogin.Text = "Sign In"; lblWelcome.Text = "Welcome!"; hypManageRestaurants.Enabled = false; hypManageReviews.Enabled = false; hypPostReviews.Enabled = false; } else { if (Session["loggedInUserType"] == "Administrator") { hypManageRestaurants.Enabled = true; hypManageReviews.Enabled = true; hypPostReviews.Enabled = true; } else { hypManageRestaurants.Enabled = false; hypManageReviews.Enabled = false; hypPostReviews.Enabled = true; }

I set a session object at one juncture in my code: Session("my_name") = "Dave" Later in my code I give the user a chance to update this object: Session("my_name") = TextBox1.Text I reload my page and display a little hello statement like this: Label1.Text = "Hello" & CStr(Session("my_name")) The result is: "Hello Dave" no matter what I change Session("my_name") too. EDIT: Here is the a full code-behind I wrote up to demonstrated: Public Class WebForm1 Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Response.Cache

I have a web service built for SharePoint 2007 that I am trying to port to SharePoint 2010. This web service is dependent on session state to function properly, but so far, I have been enable to get session state to work at all in SharePoint 2010. This web service runs as its own web application under t he /_vti_bin virtual directory. I have tried all of the following with no luck: Ensured the "State Service" service application is running. Added the System.Web.SessionState.SessionStateModule http module to my application's web.config file. Added the System.Web.SessionState.SessionStateModule

I am currently doing a website in php, we are using a Session variable to store the permission level of each user. For example, if any one of you would go on the website, you would automatically get a session variable with a value of "member". What I am asking is: Is it possible for an attacker to go on the website and modify the value of the session variable for "admin" instead of "member" I am not asking how, just if it is possible, and if so what kind of special access would the attacker would need (ex: access to the code, ....) I have an alternative solution, which would be to replace the

A neat feature which I found in CakePHP was the ability to set a flash message, say on some save script, then have that message displayed on the following page. Something like, Post updated , or Error - no file found. The way Cake does it is with this session object. I am trying to avoid sessions like the plague because of their odd requirements for scalability. Can I not just simply store the flash message in a cookie (client side) and then delete that cookie once it's displayed on the following page? What would be some pros/cons to this approach - or more simply, why does Cake uses session