From the course: ASP.NET: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Securing sessions
- [Instructor] Sessions are a virtual concept, so to speak. A user visits a website, clicks on a few links, and then, well, close the browser, doesn't do anything for a certain amount of time. This ends the session with the website. Technically, in SPO net, that's how it works. The client sends an HTP request to the server. The server replies and sends, once again, the set-cookie HTP header. However, there is no actual information that's usable for the client. In that cookie, there's no cleartext information. Instead, the user receives a session ID that's an identifier for the current session. This is the cookie, so the client stores it, and with each and every subsequent request, that cookie is sent back to the server. So the server always knows that's this specific session. And if the user is locked in, for instance, that's this specific user. Of course, on a server, there's a kind of database in memory or a real database where the session ID is more or less the primary key for some…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Introduction27s
-
(Locked)
Securing cookies6m 11s
-
(Locked)
Securing sessions6m 7s
-
Setting cookie attributes in the app1m 37s
-
(Locked)
Enforcing HTTPS3m 12s
-
(Locked)
Error handling4m 6s
-
(Locked)
Hiding server information2m 50s
-
(Locked)
Hiding more server information3m 34s
-
(Locked)
Security HTTP headers4m 15s
-
(Locked)
-