Cookiless Session Is it a security

Posted by Costa on Stack Overflow See other posts from Stack Overflow or by Costa
Published on 2010-04-15T13:31:34Z Indexed on 2010/04/15 13:33 UTC
Read the original article Hit count: 164

Hi

http://msdn.microsoft.com/en-us/library/aa479314.aspx

You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user.

Thanks

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about security