troubleshooting Question

Logged in or not logged in; what's the difference?

Avatar of Kapalua
Kapalua asked on
Security
3 Comments1 Solution211 ViewsLast Modified:
Hi,

In my application the clients are given a session id which is used to identify the session.
This id is unique for all sessions and if it's used as a argument with the correct stored procedure it will return information.

As the application works right now two computers could request this information at the same time with the same session id. Which means that if some can obtain a session id, they could get access to the same information as the logged in users.

My question is:
How does a generic login function set status to "logged in" for a user account and how can the program differentiate between logged in sessions and not logged in session so it can refuse requests from not logged in clients information?

Hope i have made myself understandable and that someone could give me some help with this problem who have bothered me for quite some time.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros