DevGuidance

Development tips, tricks and answers

Getting HttpSessionState for SessionID

by Alexander Vasilevsky on 1/3/2008 1:23:00 PM Is it possible to get an HttpSessionState object by its id.

http://www.alvas.net - Audio tools for C# and VB.Net developers


 

Re: Getting HttpSessionState for SessionID

by Eliyahu Goldin on 1/3/2008 1:52:00 PM If you store sessions in a database, you should be able to see the tables
where they are stored and to figure out how to access those tables.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net


"Alexander Vasilevsky" <mail@alvas.net> wrote in message
news:fli9ha$2ep6$1@behemoth.volia.net...
> Is it possible to get an HttpSessionState object by its id.
>
> http://www.alvas.net - Audio tools for C# and VB.Net developers
>
>


 

Re: Getting HttpSessionState for SessionID

by Aidy on 1/3/2008 9:55:00 AM It's not possible to access sessions that are not your own if that's what
you mean.

"Alexander Vasilevsky" <mail@alvas.net> wrote in message
news:fli9ha$2ep6$1@behemoth.volia.net...
> Is it possible to get an HttpSessionState object by its id.
>
> http://www.alvas.net - Audio tools for C# and VB.Net developers
>
>
>


 

Re: Getting HttpSessionState for SessionID

by Mark Rae [MVP] on 1/3/2008 10:12:00 AM "Aidy" <aidy@xxnoemailxx.com> wrote in message
news:-bKdnXFJNJljLeHanZ2dnUVZ8t6inZ2d@bt.com...

> It's not possible to access sessions that are not your own if that's what
> you mean.

Unless you use SQL Server to store the sessions...


--
Mark Rae
ASP.NET MVP
http://www.markrae.net

 

Re: Getting HttpSessionState for SessionID

by Aidy on 1/3/2008 11:29:00 AM I've never actually seen the data structures used when this is done. Is it
held in plain English and easy to read? Or is it all encrypted? Surely you
still can't session hi-jack though as it would be a security risk?

"Mark Rae [MVP]" <mark@markNOSPAMrae.net> wrote in message
news:euFJPEfTIHA.5208@TK2MSFTNGP04.phx.gbl...
> "Aidy" <aidy@xxnoemailxx.com> wrote in message
> news:-bKdnXFJNJljLeHanZ2dnUVZ8t6inZ2d@bt.com...
>
>> It's not possible to access sessions that are not your own if that's what
>> you mean.
>
> Unless you use SQL Server to store the sessions...
>
>
> --
> Mark Rae
> ASP.NET MVP
> http://www.markrae.net
>


 

Re: Getting HttpSessionState for SessionID

by Mark Rae [MVP] on 1/3/2008 12:38:00 PM "Aidy" <aidy@xxnoemailxx.com> wrote in message
news:BYGdnephYIBhW-HanZ2dnUVZ8tuqnZ2d@bt.com...

>>> It's not possible to access sessions that are not your own if that's
>>> what you mean.
>>
>> Unless you use SQL Server to store the sessions...
>
> Is it held in plain English and easy to read?

Yes.

> Or is it all encrypted?

No.

> Surely you still can't session hi-jack though as it would be a security
> risk?

You can - Microsoft advising encrypting the <connectionStrings> section of
web.config and also using integrated security in an attempt to make it
harder to access, but that's about it...
http://msdn2.microsoft.com/en-us/library/ms178201(VS.80).aspx


--
Mark Rae
ASP.NET MVP
http://www.markrae.net