Session Hijacking Protection in ASP.NET

Question

I\'d like to find out what session ID hijacking protection is built into the current version of ASP.NET.

I recently saw this very informative article that explains h

Answer 1

Hey, I have also been looking for ways to reduce the risk of session ID hijacking. I read Jeff Prosise's article as well and I thought it could be useful; however, just like you, I was looking to see if the same approach applies for modern versions of the framework (his email wicked@microsoft.com doesn't work btw)

jkohlhepp, I don't agree with your post (or maybe I don't understand it):

you probably shouldn't use Session as a security measure. Instead, I would recommend relying on ASP.NET security (authentication, authorization)

As far as I'm concern asp.net authentication relies on Session IDs (except cookieless which seems to be worse: See Dino Esposito's opinion)

So, that pretty much put us where we started.