keep the sessionID on url
Recently i found an intersting stuff around axisbank url.
Later on my investigation i found its a property of .net framework keep the sessionID on url if cookieless is enabled.
on webconfig :
<configuration>
<system.web>
<sessionState cookieless="true"
regenerateExpiredSessionId="true" />
</system.web>
</configuration>
Security reason behind that :
if the client rewrites a URL that is supplied by the application, ASP.NET may not be able to resolve the session ID and associate the request with an existing session. In that case, a new session is started for the request. [ regenerateExpiredSessionId="true" helps to make it happen].
MSDN info
If u had any trouble just ask, Happy to help u :)
Stay Tune...
Have a nice day... 'N happy Coding :)
Recently i found an intersting stuff around axisbank url.
Later on my investigation i found its a property of .net framework keep the sessionID on url if cookieless is enabled.
on webconfig :
<configuration>
<system.web>
<sessionState cookieless="true"
regenerateExpiredSessionId="true" />
</system.web>
</configuration>
Security reason behind that :
if the client rewrites a URL that is supplied by the application, ASP.NET may not be able to resolve the session ID and associate the request with an existing session. In that case, a new session is started for the request. [ regenerateExpiredSessionId="true" helps to make it happen].
MSDN info
If u had any trouble just ask, Happy to help u :)
Stay Tune...
Have a nice day... 'N happy Coding :)
No comments:
Post a Comment