From the course: Security in ASP.NET Core
Join today to access over 24,400 courses taught by industry experts.
Securing sessions - ASP.NET Tutorial
From the course: Security in ASP.NET Core
Securing sessions
- [Instructor] Sessions are a virtual concept, so to speak. A user visits a website, clicks on a few links, and then, well, closes the browser, doesn't do anything for a certain amount of time, and this ends the session with the website. Technically, at least in ASP.NET Core, that's how it works. Client sends a request to the server. The server once again responds with a Set-Cookie HTTP header, sets a cookie and the value of that cookie is a so-called session ID or contains a session ID that's an identifier for that session. We don't want to store cleartext information on the client because the client isn't trustworthy but an ID for something on the server works well. With subsequent requests, the client returns that session cookie. The client can't make anything out of that session ID information, but the server then knows, oh wait a minute, that's session ID xy12. And of course, the real session ID is much longer, but that's kind of a primary key for some data storage on the server.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
