Right now I need to save content into Session object of an asp.net program, and I found when i save something into session object, asp.net will generate a cookie which contains ASP.NET_SessionId = "current session id".
This will cause the session fixed security issue. Who can help me to solve this ?
You can turn off client side cookies and let the server handle it. This will put more strain on your server, but it's easily configurable via your web.config. Just read up on the Session configurations.
<sessionState
mode="[Off|InProc|StateServer|SQLServer|Custom]"
timeout="number of minutes"
cookieName="session identifier cookie name"
cookieless=
"[true|false|AutoDetect|UseCookies|UseUri|UseDeviceProfile]"
regenerateExpiredSessionId="[True|False]"
sqlConnectionString="sql connection string"
sqlCommandTimeout="number of seconds"
allowCustomSqlDatabase="[True|False]"
useHostingIdentity="[True|False]"
stateConnectionString="tcpip=server:port"
stateNetworkTimeout="number of seconds"
customProvider="custom provider name">
<providers>...</providers>
</sessionState>