A
anoop
Hello,
I am writing the following code to prevent session fixation in all
the .aspx.cs file of the website as follows
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Random rd = new Random();
int valnum = rd.Next();
// Session fixation
sessionFixation vfy = new sessionFixation();
vfy.AntiFixationInit(valnum);
vfy.AntiFixationVerify("../login.aspx");
}
else
{
Random rd = new Random();
int valnum = rd.Next();
// Session fixation
sessionFixation vfy = new sessionFixation();
vfy.AntiFixationInit(valnum);
vfy.AntiFixationVerify("../login.aspx");
}
}
Also I am writing the following code in sessionfixation.cs file
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public class sessionFixation
{
public void AntiFixationInit(int valnum)
{
int val=valnum;
HttpCookie cookie = null;
if (cookie == null)
{
cookie = new HttpCookie("ASPFIXATION");
}
else
{
cookie
=System.Web.HttpContext.Current.Request.Cookies["ASPFIXATION"];
}
cookie.Value = val.ToString();
cookie.Expires = DateTime.Now.AddSeconds(300);
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
}
public void AntiFixationVerify(string LoginPage)
{
HttpCookie cookie_value = null;
System.Text.StringBuilder sb = new System.Text.StringBuilder();
Object session_value = null;
if (cookie_value == null)
{
cookie_value =
System.Web.HttpContext.Current.Request.Cookies.Get ("ASPFIXATION");
if (cookie_value != null)
{
sb.Append(cookie_value.Value);
}
}
String str = sb.ToString();
if (str == null)
{
System.Web.HttpContext.Current.Response.Redirect(LoginPage);
}
}
Now I want to know that where do I will call the Session fixation prevention
functions, so that in each request of the .aspx page, the random value of
user defined cookie is different. I have already called the functions in
Page_Load . Do I have to call these functions in other events of Page Life
cycle also viz. Prerender, Render, SaveViewState etc?. Please help.
Thank you
I am writing the following code to prevent session fixation in all
the .aspx.cs file of the website as follows
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Random rd = new Random();
int valnum = rd.Next();
// Session fixation
sessionFixation vfy = new sessionFixation();
vfy.AntiFixationInit(valnum);
vfy.AntiFixationVerify("../login.aspx");
}
else
{
Random rd = new Random();
int valnum = rd.Next();
// Session fixation
sessionFixation vfy = new sessionFixation();
vfy.AntiFixationInit(valnum);
vfy.AntiFixationVerify("../login.aspx");
}
}
Also I am writing the following code in sessionfixation.cs file
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public class sessionFixation
{
public void AntiFixationInit(int valnum)
{
int val=valnum;
HttpCookie cookie = null;
if (cookie == null)
{
cookie = new HttpCookie("ASPFIXATION");
}
else
{
cookie
=System.Web.HttpContext.Current.Request.Cookies["ASPFIXATION"];
}
cookie.Value = val.ToString();
cookie.Expires = DateTime.Now.AddSeconds(300);
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
}
public void AntiFixationVerify(string LoginPage)
{
HttpCookie cookie_value = null;
System.Text.StringBuilder sb = new System.Text.StringBuilder();
Object session_value = null;
if (cookie_value == null)
{
cookie_value =
System.Web.HttpContext.Current.Request.Cookies.Get ("ASPFIXATION");
if (cookie_value != null)
{
sb.Append(cookie_value.Value);
}
}
String str = sb.ToString();
if (str == null)
{
System.Web.HttpContext.Current.Response.Redirect(LoginPage);
}
}
Now I want to know that where do I will call the Session fixation prevention
functions, so that in each request of the .aspx page, the random value of
user defined cookie is different. I have already called the functions in
Page_Load . Do I have to call these functions in other events of Page Life
cycle also viz. Prerender, Render, SaveViewState etc?. Please help.
Thank you