In a SSL web application, what would be the vulnerabilities of using session based authentication?
- by Thomas C. G. de Vilhena
I'm not sure the term even exists, so let me explain what I mean by "session based authentication" through some pseudo-code:
void PerformLogin(string userName, string password)
{
if(AreValidCredentials(userName, password))
{
Session.Set("IsAuthenticated", true);
}
else
{
Message.Show("Invalid credentials!");
…