Click here to Skip to main content
15,559,971 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more: , +
hi,
i know that basically sessionid is stored in cookie on the client machine. i would like to know how we can pass sessionId to server via querystring to avoid some security reason(dont store anything on client machine even if that is a session id). like in some website for banking we can see a long querystring which user can not understand and decode.
Posted

you should use session instead of cookies or query string Session is stored on server side and more secure than both,
You can define it in this manner

C#
Session["UserID"]="123";
//what ever you like to store

you can use it in this way

C#
int sessionID = Convert.ToInt32(Session["UserID"]);
string sessionID1 = Convert.ToString(Session["UserID"]);
 
Share this answer
 
Comments
ravikhoda 17-Feb-14 5:02am    
sorry but i think you dont get my question. what i want to know is that every session has unique session id which is generally stored on cookie client side. other way to store sesssion id is query string / database etc.. so i want to know how can we set that in applicatation that sessionid is stored in querystring or may be in the database and not on cookie. but anyways thanks for your help.
Basically , From your question as well as the Comments , it seems you are trying to use Cookieless Session. In this case, the SessionID will be added in the Url itself .But its vulnerable to Session Hijack.

Refer

http://msdn.microsoft.com/en-us/library/aa479314.aspx[^]

[^]

Try these to make it Secured

what-risks-do-cookieless-sessions-have and what-are-the-mitigations[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900