Results 1 to 2 of 2

Thread: faking session variables

  1. Feb 25th, 2001, 07:02 AM #1
    alexmac
    alexmac is offline

    Thread Starter
    Addicted Member
    Join Date
    Nov 2000
    Location
    UK
    Posts
    164
    I am using session variables to login users.

    Theres no possible way a user could create there own session variable or alter the value is there?

    I am pretty sure this is impossible but want to make sure..

    Alex
    ASP, SQL, VB6, Java Script and dubious guitar playing skills.
    Reply With Quote Reply With Quote
  2. Feb 25th, 2001, 11:29 AM #2
    Clunietp
    Clunietp is offline
    Guru Clunietp's Avatar
    Join Date
    Oct 1999
    Location
    USA
    Posts
    1,844
    As far as I know, a user cannot change the value of the session variable

    I suppose in some weird circumstance the user might be able to change their temporary cookie that IIS relies on to implement sessions (IIS 5 doesn't need cookies), but they would just (i think) change the GUID that they receive and not the actual values of the session variables
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width