I am displaying the session id in the asp page. But it is vulnerable. How can I show the session id by encoding or some other way.
我在asp页面中显示会话ID。但它很脆弱。如何通过编码或其他方式显示会话ID。
I cant avoid displaying session id in web screen
我不能避免在网页屏幕上显示会话ID
2 个解决方案
#1
First why do you think it's vulnerable other than "shoulder surfing"?
首先,为什么你认为除了“肩膀冲浪”之外它是脆弱的?
Secondly if you want to the such a thing use another cookie and create a random sessionid by yourself use that as a second check (obviously don't show it).
其次,如果你想要这样的事情,使用另一个cookie并自己创建一个随机的sessionid作为第二次检查(显然不显示它)。
#2
You could gen a new guid for each user and stick that guid in session and then show them that instead of the raw ID. Or, you could show an SHA hash of the session ID.
你可以为每个用户生成一个新的guid并在会话中坚持使用guid,然后向他们显示而不是原始ID。或者,您可以显示会话ID的SHA哈希。
#1
First why do you think it's vulnerable other than "shoulder surfing"?
首先,为什么你认为除了“肩膀冲浪”之外它是脆弱的?
Secondly if you want to the such a thing use another cookie and create a random sessionid by yourself use that as a second check (obviously don't show it).
其次,如果你想要这样的事情,使用另一个cookie并自己创建一个随机的sessionid作为第二次检查(显然不显示它)。
#2
You could gen a new guid for each user and stick that guid in session and then show them that instead of the raw ID. Or, you could show an SHA hash of the session ID.
你可以为每个用户生成一个新的guid并在会话中坚持使用guid,然后向他们显示而不是原始ID。或者,您可以显示会话ID的SHA哈希。