sessionid

So I just noticed that one of the internet banks websites is passing session id as url parameter. ( See image below ) I didn't previously see anywhere that ';' in url, in this case it is after 'private;'. 1) What is the use of this ';'? 2) And why internet bank, which needs to be securest place in the internet is passing session id as url parameter? At first, I thought they are doing it because some of the users disallow use of cookies, but then again, if they allow it, use cookies, if not - url, but I do allow use of cookies, so obviously thats not the case. 3) I guess then they should have

UPDATE We eventually had a meeting with some programmers on the Acunetix team and they realized there may be a few bugs in their code that are causing this to be displayed in the scan as more of an issue than it actually may be. The general consensus was to ignore the scan results and use the out-of-the-box ASP.NET Session ID generation as it should be secure enough for our site. @Vasile Bujac since your answer was the only one and mentioned using the ASP.NET standard solution I took that as the answer, but thanks everyone for your help. We use Acunetix's Retina scanner at work to do security

On Windows 7 to retrieve the name of a logged on user I can do this: LPTSTR pUserName = NULL; DWORD dwcbSzUserName = 0; //'dwSessID' = user session ID if(WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, dwSessID, WTSUserName, &pUserName, &dwcbSzUserName)) { //Got user name in 'pUserName' } if(pUserName) WTSFreeMemory(pUserName); But on Windows 8 it returns some abbreviated name, for instance, "john_000" when the actual user's name is "John A. Doe". So what is the way to retrieve the name of the logged on user (and possibly their email) on Windows 8 with C++ using WinAPIs as it's shown at

This web page http://www.w3schools.com/ASP/prop_sessionid.asp states that a session ID is generated on the ServerSide. If this is the case, then how does a server know it's still the same client on the 2nd request response cycle? Surely the SessionId would be generated on the ClientSide so that the client would be sure of passing the same value to the server? The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client. The session ID is

I am building a web-app that users can upload certain files and work on them through the web-app interface. I need to store these files for the length of a users session. I am creating a folder for each user using the session_id as the folder name and storing the files in there. The problem: There is nothing to indicate that a user walked away from my site and the session is going out of use. I need a cleanup script that takes the name of each folder and checks if that session_id is still active in order to delete unused and now unreachable folders. How can I do this? I have had precisely the

1.-I'm using reporting services and sometimes I get this error ASP.NET session has expired or could not be found when I try to load a report. 2.-I realized that I get this error when the Session.SessionID property changes even though the user is the same. If it does not change, the report is loaded. I mean, if I refresh the report a number of times, whenever the Session.SessionID is the same than the last one, the report is loaded. 3.-Microsoft Documentation says: When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a