Click here to Skip to main content
15,886,673 members
Search within:


Prevent Session Hijacking
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
Hello Guys

I need to use cookieless="useuri" in my web config, this is the only way I think multiple browser tabs have a unique asp.net sessions.

however implementing cookieless="useuri" would make the application prone to session hijacking.

Is there a way to prevent session hijacking even i want to use cookieless="useuri"?

Thanks
Posted
Updated 21-Mar-12 16:46pm
v2
Add a Solution
Comments
[no name] 21-Mar-12 22:33pm    
What problem are you trying to solve? What multiple tab session fix?
Mico Perez 21-Mar-12 22:50pm    
i just improved my question. :-)

1 solution

You can save client IP in session variables on session start and check on every request if current IP and IP from session are the same. This will provide a bit more security.
 
Share this answer
 
Posted
Comments
Mico Perez 25-Mar-12 22:18pm    
How? any sample solution?
vishal_h 8-May-14 4:48am    
But if IP address assign dynamicaly then
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
What is session hijacking in ASP.NET ?
How to avoid DLL hijacking in WPF application
How to avoid Sessionn hijacking in asp.net
How to overcome Session Hijacking
Session Hijacking? X-Forwarded-For, different between Login and subsequent request
prevent duplicate record in session.
How to prevent duplicate upload in excel to SQL
Session, viewbag prevent download
how to prevent session time out in asp.net
How to prevent session sharing in multiple tabs in mvc?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 23 Mar 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900