Chapter 8. Session State
Session state probably does not strike most people as having much of anything to do with security. However, some security-related design points are worth touching on when thinking about how session state is used in an application. ASP.NET 3.5 plays an important role in securing cookieless sessions as well as locking down behavior in lower trust levels.
This chapter covers the following topics on ASP.NET 3.5 session state:
Session state and the concept of a logon session.
How session data is partitioned across applications.
Cookie-based session IDs.
Cookieless sessions and session ID regeneration.
Configuring session state inside IIS 7.0.
Protecting against session state denial-of-service attacks.
Trust-level restrictions when using session state.
Database security when using storing session state in SQL Server.
Securing the out-of-process state server.
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
