I am displaying the session id in the asp page. But it is vulnerable. How can I show the session id by encoding or some other way.
I cant avoid displaying session id in web screen
A:
You could gen a new guid for each user and stick that guid in session and then show them that instead of the raw ID. Or, you could show an SHA hash of the session ID.
JP Alioto
2009-04-09 06:08:53
@JP I need to display only session id. just let me know what to with this.
BALAMURUGAN
2009-04-09 06:11:27
+1
A:
First why do you think it's vulnerable other than "shoulder surfing"?
Secondly if you want to the such a thing use another cookie and create a random sessionid by yourself use that as a second check (obviously don't show it).
dr. evil
2009-04-09 06:37:19