Is it possible to set or tamper values through , set in aspx page in server
Ocean10000
3:00 am on Feb 18, 2012 (gmt 0)
Short Answer No.
Long Answer. Depending on how the application is wrote, someone may be able to exploit what values are wrote in there if the data is not validated before processing it and saving it to the session.
dukelips
1:31 pm on Feb 18, 2012 (gmt 0)
Tx Ocean. Could you please one sample for the long answer
The previous code will insert a value into the session without validating it before inserting it. Which is a bad bad practice ever to do, but is an example of a way to have something inserted into a session which you may not of intended.
dukelips
5:36 am on Feb 20, 2012 (gmt 0)
tx ocean. but how can a user find the variable name "somekey" in Session["somekey"]
Ocean10000
3:14 am on Feb 21, 2012 (gmt 0)
Think of it more like the following on say a login screen. If they are already loged in, they might have for an example a way to trick the system into thinking they are an admin user etc.
