liptonIcedTea
Well-known member
- Joined
- Jan 18, 2007
- Messages
- 89
- Programming Experience
- 1-3
Hi,
I have a web site which I have been using SessionState to persist state. I do this because at times, for datagrids and stuff, the data could be quite large to drag across.
Anyway, I've noticed a major security flaw in this logic. The SessionState is not unique across multiple browsers. So if the user decides to open a new window, and start browsing, there is two windows messing around with the same session variables.
This creates havoc, for example, the user may have a Purchase Order opened, if he opens a new window, and opens another Purchase Order, and then edits the old window, and hits Save, that'll save this information into the new Purchase Order.
Is there any means to make SessionState unique for each instance of a browser somehow? Anyone have any experience with this?
Thanks
I have a web site which I have been using SessionState to persist state. I do this because at times, for datagrids and stuff, the data could be quite large to drag across.
Anyway, I've noticed a major security flaw in this logic. The SessionState is not unique across multiple browsers. So if the user decides to open a new window, and start browsing, there is two windows messing around with the same session variables.
This creates havoc, for example, the user may have a Purchase Order opened, if he opens a new window, and opens another Purchase Order, and then edits the old window, and hits Save, that'll save this information into the new Purchase Order.
Is there any means to make SessionState unique for each instance of a browser somehow? Anyone have any experience with this?
Thanks
