 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ASP / Database Access / October 2005The concept of using your own SessionID
Hi All Just been looking through the excellent ASPFaq site and wanted to dissucss Aaron's (??) comments re better to create your own session ID rather than use ASP classic's in-built one and then use this through various posts and gets to keep the state. Only issue I've got with this is that won't this number, which to me looks like it will be sequential, be picked up by would-be hacker and used in his/her http pandemonium to try and hack other people's sessions. With them seeing it in the querystring and forms they will surely pick up on it and play with it, whereas the in-built session ID can be relatively invisible. I'm probably completely wrong with this, but I would really like to get to grips with the concept as I too am trying to find a cast-iron way to manage session state between http and https sites as the user flips between the 2, probably at lightening speed!! Thanks Laphan > Hi All > [quoted text clipped - 20 lines] > > Laphan Please include the article number and/or a link when referencing an ASPFaq article. Here's the article I think you're talking about: http://aspfaq.com/show.asp?id=2054 A closer reading of the article would reveal that Aaron is not advocating the role-your-own database session method. He is simply opining that said method is the best/simplest alternative when the session mechanism built into ASP is not suitable; for example when the pointy-haired-boss says so. Also note, that the article never mentions _sequential_ identifiers. While identity columns are usually sequential by default, most databases support some form of randomized identifier, whether that be the random auto-number in Access, the globally unique identifier in SQL Server or whatever implementations exist on other platforms.  SignatureMay you be touched by His noodly appendage. RAmen. http://venganza.org Hi Chris Thanks for the response. OK, I may not have completely taken in what Aaron is suggesting, but you can see it from my point of view can't you? The site does appear to work OK, I just want to make sure that I'm using the most cast iron approach I can when tracking state back and forth between the http and https parts of the site. Rgds Laphan > Hi All > [quoted text clipped - 20 lines] > > Laphan Please include the article number and/or a link when referencing an ASPFaq article. Here's the article I think you're talking about: http://aspfaq.com/show.asp?id=2054 A closer reading of the article would reveal that Aaron is not advocating the role-your-own database session method. He is simply opining that said method is the best/simplest alternative when the session mechanism built into ASP is not suitable; for example when the pointy-haired-boss says so. Also note, that the article never mentions _sequential_ identifiers. While identity columns are usually sequential by default, most databases support some form of randomized identifier, whether that be the random auto-number in Access, the globally unique identifier in SQL Server or whatever implementations exist on other platforms. SignatureMay you be touched by His noodly appendage. RAmen. http://venganza.org |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.