Re: Help - Secure page by remembering user?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Steven Burn (pvt_at_noyb.com)
Date: 08/05/04

Next message: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Previous message: Steven Burn: "Re: Help - Secure page by remembering user?"
In reply to: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Next in thread: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Reply: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 5 Aug 2004 17:18:26 +0100

Inline.......

<jason@catamaranco.com> wrote in message
news:eyxtPZweEHA.3476@tk2msftngp13.phx.gbl...
> ps: Maybe I misintrepted your suggestion.
>
> Scenario
>
> Secure Page with a script that checks to see if a session or cookie is
> present for that user.....
>
> Yes - send him directly to page without logging in
> No - send him to Username login screen (ie Prompt for email only)
>
> Correct?
</snip>

Yes

<snip>
> But what about:
>
> 1. Expiry date of session variables - easy to change, like cookies?
</snip>

Session timeouts can be controlled either directly from the server, or in
the page(s) that uses them, so your not lumbered with the default 20 mins or
whatever.

<snip>
> 2. If one uses cookies or session variables are you not essentially
> compromising security if two users are using the same machine as mentioned
> in previous posts?
<snip>

Not if you assign them based on session ID's

Place the following into a .asp file and open the page in 2 browser windows.
You'll notice they have different session ID's

<%
Response.Write Session.SessionID
%>

</snip>
> 3. Which is better Sessions or cookies? one is client side and one is
server
> side.....I see this suggested client side solution....
<snip>

I personally hate using cookies, so tend to stick with sessions......
(though even sessions require cookies be enabled)

--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!

Next message: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Previous message: Steven Burn: "Re: Help - Secure page by remembering user?"
In reply to: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Next in thread: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Reply: jason_at_catamaranco.com: "Re: Help - Secure page by remembering user?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Attempt to de-mystify AJAX
... >>maintaining a session via URL is not a problem. ... >> around cookies and JS, but it seems to be tough. ... >> as needed back to the server. ... but as I mentioned before - a non-dynamic request by the browser can ...
(comp.databases.pick)
Re: Client-Side Session Data
... token on the client, but does it keep the session *data* on the ... How Not To Use Cookies ... Userdata belongs on the server, ... Session time out and cookies, ...
(comp.lang.php)
Re: Question about firesheep
... sends to the server or the data sent from the server to the browser? ... as the WISP server will be radiating these cookies ... "Session sidejacking, where the attacker uses packet sniffing ... This allows attackers that can ...
(alt.computer.security)
progmatic Form post (HttpWebRequest / Response) sessions
... The big if for me is maintaining the session thoughout all this so the ... If the server maintains the sessionsI am uneasily predicting ... that session state will remain fine. ... If cookies are used I am a little sceptical on how to maintain state. ...
(microsoft.public.dotnet.framework.aspnet)
Re: web replication
... Session cookies relate to memory in the server, ... , i'm actually studying the lvs documentation, ipvs via nat use nat to ...
(comp.os.linux.networking)