locked
Session tracking cookies to be tied to an authenticated session. RRS feed

  • Question

  • In my application ,a new session id gets created on the page load of the login page(this is the first page when the application loads).  The same session id is used after login and till user logs out of the application.
    With this scenario, any undesired user can track the session id. Using the session id, user can log in into application without entering the user id and  password.

    The change required is either of the following:
    > The session id has to be set for the first time either after successful Login or
    > The Old session id should be replaced by a new session id which is to be used after successful login.

    The Application is on ASP.net 2.0 (VB.net) and authentication used in 'Windows'.

     

    I do not know how to implement the same. Please help ASAP.

     

    Thanks in advance.

     

    J

    Thursday, October 18, 2007 12:34 PM

All replies

  • You have posted  in the wrong forum. Please post this at http://forums.asp.net.

     

    Thursday, October 18, 2007 12:38 PM
    Moderator