Although session variables can come in handy (especially when you create a website and you would like to use these session variables to check the validity of each page request), it is sometime not possible to use them.
In this article I described a workaround which has worked for me with great success, by passing a SQL Server database generated unique ID from page to page with each redirect or form submit, and checking the validity of this ID every time a page request is made.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |