I am displaying the session id in the asp page. But it is vulnerable. How can I show the session id by encoding or some other way.
I cant avoid displaying session id in web screen
I am displaying the session id in the asp page. But it is vulnerable. How can I show the session id by encoding or some other way.
I cant avoid displaying session id in web screen
You could gen a new guid for each user and stick that guid in session and then show them that instead of the raw ID. Or, you could show an SHA hash of the session ID.
First why do you think it's vulnerable other than "shoulder surfing"?
Secondly if you want to the such a thing use another cookie and create a random sessionid by yourself use that as a second check (obviously don't show it).