Can a session be rigged?

Question

Can a session be rigged?

I need to check all my asp code to prevent SQL injection.

Should I also check the session object?

How can a session be captured?

Thanks!

+5

sql-injection session asp-classic

March Dec 9 '08 at 8:57

source share

4 answers

SQL, SQL- . - . cookie HTTPS. ( ) ().

+3

Michael Borgwardt 09 . '08 9:10

, . , , : " ?" , sql-.

, , sql- , sql. sql- , , , SQL-.

, , sql-.

+1

Sergio 09 . '08 9:37

. cookie. , . , SQL-, .

+1

Espen 11 . '08 2:55

Salamander2007 · Accepted Answer · 2008-12-09T09:14:08+0000

Session can be captured. If I remember correctly, Classic ASP only supports cookie-based session identifiers. If someone was able to steal this cookie (wired contact), he can get the same session as a legitimate user.

? . , , , "" ( ), . - Session, .

Can a session be rigged?

More articles: