web 2.0

How-To Prevent From SessionID Hijacking With ASP.NET

Author: Yoann. B | Posted: 21. December 2008 01:26 1

Hi,

In this article i’ll talk about to prevent from SessionID Hijacking using Login and LoginStatus WebControl.

There is a pretty useful class named SessionIDManager.

MSDN :

SessionIDManager Class

Manages unique identifiers for ASP.NET session state.

Namespace: System.Web.SessionState
Assembly: System.Web (in System.Web.dll)

In order to make SessionID safe, you’ll need firslty to implement LoggedIn Event of the Login WebControl.

protected void Login1_LoggedIn(object sender, EventArgs e)
{
    SessionIDManager Manager = new SessionIDManager();

    // Remove Current Session ID
    Manager.RemoveSessionID(HttpContext.Current);
    // Create New Session ID
    String NewSessionID = Manager.CreateSessionID(HttpContext.Current);
    Boolean IsRedirected;
    Boolean IsCookieAdded;
    // Save New Session ID
    Manager.SaveSessionID(HttpContext.Current, NewSessionID, out IsRedirected, out IsCookieAdded);
}

Then you need to Implement LoggedOut Event of the LoginStatus WebControl

protected void LoginStatus1_LoggedOut(object sender, EventArgs e)
{
    SessionIDManager Manager = new SessionIDManager();

    // Remove Current Session ID
    Manager.RemoveSessionID(HttpContext.Current);
}

 

Hope this Help’s!



Views(2575)

kick it on DotNetKicks.com

Share/Save/Bookmark Subscribe

Currently rated 5.0 by 2 people

  • Currently 5/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

ASP.NET

E-mail | Kick it! | DZone it! | Wikio | Digg it!
Permalink | Comments (1) | Post RSSRSS comment feed

Comments

Technorati Profile