A Brief Analysis of ASP.NET Session Identifiers

A Brief Analysis of ASP.NET Session Identifiers
by Timothy D. Morgan

Abstract

(ASP).NET is a widely used web application development environment. In addition to many features considered standard for a web application platform, it provides built-in session management. Session identifiers are automatically generated and are typically provided to users (web browsers) as HTTP cookies. This paper provides a basic outline of how these session identifiers are generated which helps in better understanding their security.

Download: Full Article (128 kilobytes)

The paper above is distributed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 United States License.

Content on this page, unless otherwise indicated, is © 2002-2010 Sentinel Chicken Networks.
Reproduction is authorized under our terms.