Getting HttpSessionState for SessionID

[Alexander Vasilevsky]

Is it possible to get an HttpSessionState object by its id.

http://www.alvas.net - Audio tools for C# and VB.Net developers

 

[Eliyahu Goldin]

If you store sessions in a database, you should be able to see the tables
where they are stored and to figure out how to access those tables.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net

 

[Aidy]

It's not possible to access sessions that are not your own if that's what
you mean.

 

[Mark Rae [MVP]]

It's not possible to access sessions that are not your own if that's what
you mean.

Unless you use SQL Server to store the sessions...

 

[Aidy]

I've never actually seen the data structures used when this is done. Is it
held in plain English and easy to read? Or is it all encrypted? Surely you
still can't session hi-jack though as it would be a security risk?

 

[Michael Nemtsev [MVP]]

Hello Aidy,

just open the SQL Session scripts and u will find the structure

---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo


A> I've never actually seen the data structures used when this is done.
A> Is it held in plain English and easy to read? Or is it all
A> encrypted? Surely you still can't session hi-jack though as it would
A> be a security risk?
A>
A> A>

 

[Mark Rae [MVP]]

Is it held in plain English and easy to read?
Yes.

Or is it all encrypted?
No.

Surely you still can't session hi-jack though as it would be a security
risk?

You can - Microsoft advising encrypting the <connectionStrings> section of
web.config and also using integrated security in an attempt to make it
harder to access, but that's about it...
http://msdn2.microsoft.com/en-us/library/ms178201(VS.80).aspx