Click here to Skip to main content
14,774,516 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello Guys

I need to use cookieless="useuri" in my web config, this is the only way I think multiple browser tabs have a unique asp.net sessions.

however implementing cookieless="useuri" would make the application prone to session hijacking.

Is there a way to prevent session hijacking even i want to use cookieless="useuri"?

Thanks
Posted
Updated 21-Mar-12 17:46pm
v2
Comments
[no name] 21-Mar-12 22:33pm
   
What problem are you trying to solve? What multiple tab session fix?
Mico Perez 21-Mar-12 22:50pm
   
i just improved my question. :-)

1 solution

You can save client IP in session variables on session start and check on every request if current IP and IP from session are the same. This will provide a bit more security.
   
Comments
Mico Perez 25-Mar-12 22:18pm
   
How? any sample solution?
vishal_h 8-May-14 4:48am
   
But if IP address assign dynamicaly then

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900