O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Session State

Session state probably does not strike most people as having much of anything to do with security. However, some security-related design points are worth touching on when thinking about how session state is used in an application. ASP.NET 3.5 plays an important role in securing cookieless sessions as well as locking down behavior in lower trust levels.

This chapter covers the following topics on ASP.NET 3.5 session state:

  • Session state and the concept of a logon session.

  • How session data is partitioned across applications.

  • Cookie-based session IDs.

  • Cookieless sessions and session ID regeneration.

  • Configuring session state inside IIS 7.0.

  • Protecting against session state denial-of-service attacks.

  • Trust-level restrictions when using session state.

  • Database security when using storing session state in SQL Server.

  • Securing the out-of-process state server.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required