12 aprilie 2012 15:51
I'm working on asp.net (4.0) web site. I was trying to use form authentication (). Obviously trying to have some of pages secure. My understanding that best solution for security is to set cookieless="UseCookies" so it not going to write id to URL.
My question is what exactly happening when I use cookieless="UseCookies".
- Is session created and some id stored in Browser(~memory which used later to pull info from IIS server side session "cookie") or it's actually spouse to create "regular" client side encrypted cookie?
(I'm obviously trying to avoid writing to URL and to client side cookies - not sure if all that could be avoided)
- If it sets ID in Browser does all the browsers allow store session ID in it. If it's not allowed by Browser what is going to happened? Is there a way to pre check it?
So I guess as all of us I'm just trying to build proper secure application if anyone got any other suggestion it will be greatly appreciated.
Tanks a lot,
- Mutat de Mark Liu-lxf 17 aprilie 2012 02:17 (From:Visual Basic General)
13 aprilie 2012 05:03
This forum is for VB Net (and then mainly code and designers but also aspects related to those), including ASP.Net.
However, your question is maybe for 0,1% related to VB (you made the program probably with VB but the created assembly is then still a .Net assembly)
So try some better Microsoft forums for your question.