0

I need to implement a simple secure area on a MVC 3 website. I can not use cookies and can not pass session ID in the URL. Are there any other implemented options in ASP.NET?

P.S. I know it is possible in other environments.

Arthur

Improve this question

1 Answer 1

Reset to default
2

If you don't use cookies and don't want to pass anything in the URL (or hidden fields in a POST request) your server simply cannot distinguish the users. Don't forget that HTTP is a stateless protocol. You could implement some sort of custom HTTP headers that would be sent along each request and allow you to track users but when you think about it: that's exactly what cookies do, so instead of reinventing the wheel, use cookies :-)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

What about headers or hidden input? PHP does it nicely, but I don't want to use PHP.
@Arthur, as I said you could use hidden inputs and custom HTTP headers. Nothing built-in ASP.NET though. You will have to implement your own authentication module to handle it.
So far it looks like headers are the brightest option :( Thank you

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.