Session Fixation in ASP.NET

前端未结

关注

 4  1381

没有蜡笔的小新 2020-11-28 10:27

I\'m wondering how to prevent Session fixation attacks in ASP.NET (see http://en.wikipedia.org/wiki/Session_fixation)

My approach would to this would normally be to

4条回答

一整个雨季 (楼主)

2020-11-28 11:15

Basically just do this in your Login GET method and your Logout method:

Session.Clear();
Session.Abandon();
Session.RemoveAll();
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
   Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
   Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}

0 讨论(0)

查看其它4个回答