how to set session value to store as a querystring?

Question

1.00/5 (1 vote)

See more:

, +

hi,
i know that basically sessionid is stored in cookie on the client machine. i would like to know how we can pass sessionId to server via querystring to avoid some security reason(dont store anything on client machine even if that is a session id). like in some website for banking we can see a long querystring which user can not understand and decode.

Posted 16-Feb-14 22:41pm

ravikhoda

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Nirav Prabtani** · Answer 1 · 2014-02-16T22:50:00

Solution 1

you should use session instead of cookies or query string Session is stored on server side and more secure than both,
You can define it in this manner

C#

Session["UserID"]="123";

//what ever you like to store

you can use it in this way

C#

int sessionID = Convert.ToInt32(Session["UserID"]);
string sessionID1 = Convert.ToString(Session["UserID"]);

Posted 16-Feb-14 22:50pm

Nirav Prabtani

Comments

ravikhoda 17-Feb-14 5:02am

sorry but i think you dont get my question. what i want to know is that every session has unique session id which is generally stored on cookie client side. other way to store sesssion id is query string / database etc.. so i want to know how can we set that in applicatation that sessionid is stored in querystring or may be in the database and not on cookie. but anyways thanks for your help.

JoCodes · Answer 2 · 2014-02-17T04:43:00

Basically , From your question as well as the Comments , it seems you are trying to use Cookieless Session. In this case, the SessionID will be added in the Url itself .But its vulnerable to Session Hijack.

Refer

http://msdn.microsoft.com/en-us/library/aa479314.aspx[^]

[^]

Try these to make it Secured

what-risks-do-cookieless-sessions-have and what-are-the-mitigations[^]