Foiling Session Hijacking Attempts, a pretty good article in the new MSDN Magazine where Jeff Prosise walks through a solution using HTTP modules to thwart session hijacking attacks.

I thought he addressed some of the risks better than Basic Web Session Impersonation, although that might be worth reading as well. While the latter wasn't the best article, it touched on some good points.

blog comments powered by Disqus