Getting HttpSessionState for SessionID

Is it possible to get an HttpSessionState object by its id.

http://www.alvas.net - Audio tools for C# and VB.Net developers

Re: Getting HttpSessionState for SessionID

If you store sessions in a database, you should be able to see the tables
where they are stored and to figure out how to access those tables.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net


"Alexander Vasilevsky" wrote in message
news:fli9ha$2ep6$1@behemoth.volia.net...
> Is it possible to get an HttpSessionState object by its id.
>
> http://www.alvas.net - Audio tools for C# and VB.Net developers
>
>

Re: Getting HttpSessionState for SessionID

It's not possible to access sessions that are not your own if that's what
you mean.

"Alexander Vasilevsky" wrote in message
news:fli9ha$2ep6$1@behemoth.volia.net...
> Is it possible to get an HttpSessionState object by its id.
>
> http://www.alvas.net - Audio tools for C# and VB.Net developers
>
>
>

Re: Getting HttpSessionState for SessionID

"Aidy" wrote in message
news:-bKdnXFJNJljLeHanZ2dnUVZ8t6inZ2d@bt.com...

> It's not possible to access sessions that are not your own if that's what
> you mean.

Unless you use SQL Server to store the sessions...


--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Re: Getting HttpSessionState for SessionID

I've never actually seen the data structures used when this is done. Is it
held in plain English and easy to read? Or is it all encrypted? Surely you
still can't session hi-jack though as it would be a security risk?

"Mark Rae [MVP]" wrote in message
news:euFJPEfTIHA.5208@TK2MSFTNGP04.phx.gbl...
> "Aidy" wrote in message
> news:-bKdnXFJNJljLeHanZ2dnUVZ8t6inZ2d@bt.com...
>
>> It's not possible to access sessions that are not your own if that's what
>> you mean.
>
> Unless you use SQL Server to store the sessions...
>
>
> --
> Mark Rae
> ASP.NET MVP
> http://www.markrae.net
>

Re: Getting HttpSessionState for SessionID

Hello Aidy,

just open the SQL Session scripts and u will find the structure

---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo


A> I've never actually seen the data structures used when this is done.
A> Is it held in plain English and easy to read? Or is it all
A> encrypted? Surely you still can't session hi-jack though as it would
A> be a security risk?
A>
A> "Mark Rae [MVP]" wrote in message
A> news:euFJPEfTIHA.5208@TK2MSFTNGP04.phx.gbl...
A>
>> "Aidy" wrote in message
>> news:-bKdnXFJNJljLeHanZ2dnUVZ8t6inZ2d@bt.com...
>>
>>> It's not possible to access sessions that are not your own if that's
>>> what you mean.
>>>
>> Unless you use SQL Server to store the sessions...
>>
>> --
>> Mark Rae
>> ASP.NET MVP
>> http://www.markrae.net

Re: Getting HttpSessionState for SessionID

"Aidy" wrote in message
news:BYGdnephYIBhW-HanZ2dnUVZ8tuqnZ2d@bt.com...

>>> It's not possible to access sessions that are not your own if that's
>>> what you mean.
>>
>> Unless you use SQL Server to store the sessions...
>
> Is it held in plain English and easy to read?

Yes.

> Or is it all encrypted?

No.

> Surely you still can't session hi-jack though as it would be a security
> risk?

You can - Microsoft advising encrypting the section of
web.config and also using integrated security in an attempt to make it
harder to access, but that's about it...
http://msdn2.microsoft.com/en-us/library/ms178201(VS.80).asp x


--
Mark Rae
ASP.NET MVP
http://www.markrae.net