Last post Jul 11, 2011 09:32 AM by dubeyparam
Jul 11, 2011 06:16 AM|dubeyparam|LINK
I am trying to update Session ID after every successful login by user. For that I Have abandoned the current Session and redirecting the flow to a middle page and loading the User specific settings there and then redirecting
the flow to default page of User. But during this process I observed that the Session ID in not getting updated. I think I am missing something here, but could not recognize what?
Can someone please Help?
Thanks in Advance.
Jul 11, 2011 06:22 AM|manishgvsharma2000|LINK
see this link
Jul 11, 2011 06:25 AM|Raigad|LINK
The proper way to create a session variable is:
Session["VarName"] = value;
Next to remove an item from the session state:
To clear all session variables use:
Jul 11, 2011 06:57 AM|dubeyparam|LINK
My intension is to create a new Session After successfull login so as to avoid Cross Site Scripting attacks.
Jul 11, 2011 07:09 AM|Bitnbytes|LINK
Its normal for ASP.Net framework to reuse the session id. Here is what you do to make sure id is not reused.
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));Here is the link that has why IDs are reused.http://support.microsoft.com/kb/899918
Jul 11, 2011 07:12 AM|Bitnbytes|LINK
If your intention to prevent a cross site scripting attack, then you need to look into standard procedure of using a unique variable stored on page and in session which is compared on post back to make sure you are not being sent replay of previous requests.
Search for "CSRF fix for asp.net" in gogle and you will find lot of discussion and code to help you with it.
Jul 11, 2011 09:32 AM|dubeyparam|LINK
Thanks for the link. It has resolved my problem.