For the ASP Net program
appscan reports "session id" "not updated"
I need to modify the program to avoid this.
The recommendations are:
________________
1.Always generate a new session to which the user will log in if successfully authenticated.
How to always generate a new session if the log in is successful?
2.Prevent user ability to manipulate session ID.
How to prevent users from manipulating session ID
3.Do not accept session IDs provided by the user's browser at login.
How to prohibit the use of the user's browser decency of the session ID? |
|
DotNetNuke,c#.net,vb.net,sql-server expert
|
Sainyam C.
|
Provider
|
November 10, 2009 |
|
DOT NET developer, c#, Mercado, Omniture, XML, Webservices, XHTML, JQU
|
Manish K.
|
Provider
|
November 11, 2009 |
|
3 yrs of experience in .net,C#,classic ASP ,sqlserver2000/2005,webServ
|
Kamal K.
|
Provider
|
November 11, 2009 |
|
.Net 3.5/2.0/1.1,C#,SqlServer 2000/Asp Programmer
|
Bhavna S.
|
Provider
|
November 11, 2009 |
|
1337 Architecture & Development: Your Vision Delivered, as Promised
|
Gregg V.
|
Provider
|
November 11, 2009 |
|
2+ Year ASP.NET,sqlserver2000,c#.net,vb.net
|
Sanjiv B.
|
Provider
|
November 12, 2009 |
|
PayPal/Authorize.Net ASP.Net 1.1 2.0 3.5 C# VB.Net DevEx MS SQL 2K/2K5
|
Anil Dhiman
|
Provider
|
November 16, 2009 |
|
ASP.NET Applications Developer
|
Matthew Howell
|
Provider
|
November 17, 2009 |
|
WEB RESEARCHER,AJAX EXPEREINCE ,DATA ENTRY
|
Gummadavelli Prasad
|
Provider
|
November 19, 2009 |
|
Software Engineer (c#.net / asp.net/html/css/javascript.JQUERY/AJAX)
|
Rashedul Islam Rasel
|
Provider
|
November 19, 2009 |
|
|
|
|
|
