how safe is it to use session variables – asp.net / c#
So basically i’m wondering how safe is my way of using Session variables.
session
Keeping a related ASP.NET application’s session alive from another ASP.NET application
I have 2 applications running on the same domain. The flow goes like so:
How is HttpOnly get set for ASP.NET_SessionId cookie?
In my web project setting to turn on httpOnlyCookies is not there. It is false by default. Also there is no place in code where cookie is being set to HttpOnly. However, when I browse to the site I can see that ASP.NET_Session cookie is being passed as HttpOnly. How is it set to HttpOnly?
‘Session’ does not exist in the current context
I have the following code, that uses session but i have an error in the line :
SQLServer vs StateServer for ASP.NET Session State Performance
I’m studying for a MS certification and one of the practice tests I’m doing has a question where the point of contention is the performance between storing the session in SQL Server as opposed to StateServer.
“HttpContext.Current.Session” vs Global.asax “this.Session”
Recently, while working on some code for an ASP.NET project at work. We needed a tracking util to take basic metrics on user activity (page hit count etc) we would track them in Session, then save the data to DB via Session_End in Global.asax.
How to log out a user when a session times out or ends
Whats the best way to log out a user when a session ends or expires?
IIS Session Timeout vs ASP.NET Session Timeout
In IIS 6 (and other versions too afaik), there is a Session Timeout setting in Properties -> Home Directory Tab -> Configuration button -> Options tab. Looks like this:
Can I put an ASP.Net session ID in a hidden form field?
I’m using the Yahoo Uploader, part of the Yahoo UI Library, on my ASP.Net website to allow users to upload files. For those unfamiliar, the uploader works by using a Flash applet to give me more control over the FileOpen dialog. I can specify a filter for file types, allow multiple files to be selected, etc. It’s great, but it has the following documented limitation:
asp.net session variables on Session_End
I need to access Session variables on Session_End event in global.asax.cs, but HttpContext.Current is null, so none of the session variables are accessible.