Session Variable Security

Dear Group
Is there any information or your views on session variable security?
I'm using my own authentization, storing whether a user has access to a
page in a session variable being either set to true or false. I
evaluate the variable in the page load event and if false the user is
directed to the login page.
How secure are session variables? Is it possible for someone to
manipulate a variable from the outside, setting it to true in order to
get access?
Thanks very much for your thoughts, views and any hints regarding
available resources on this topic.
Best Regards,
MartinHello Martin,
You would probably be better off using one of the Authentication classes
for what you are describing. Take a look at how you can use FormsAuthenticat
ion
[1] for example.
[1] http://www.differentpla.net/node/view/310
Matt Berther
http://www.mattberther.com

> Dear Group
> Is there any information or your views on session variable security?
> I'm using my own authentization, storing whether a user has access to
> a page in a session variable being either set to true or false. I
> evaluate the variable in the page load event and if false the user is
> directed to the login page.
> How secure are session variables? Is it possible for someone to
> manipulate a variable from the outside, setting it to true in order to
> get access?
> Thanks very much for your thoughts, views and any hints regarding
> available resources on this topic.
> Best Regards,
> Martin
>