I got to read a good article explaining the nuances of cookie less sessions which prompted me to note down a few important things. Here is the link to post that started me on this. To simply enable cookie less session do this - <sessionState cookieless="true" /> What this will do is that your URL’s start looking like - http://mysite.com/ (22b5c4zyybphaw2mt3hjni2n) /Home.aspx This is obviously not secure. However what I want to note here is that even just having cookie based sessions (which is the default setting in .net web applications) is also not secure enough. So did a bit of binging and found out fairly quickly that best thing to do is obviously setup the whole web site on an SSL. (pretty obvious that one). However what if there are some pages that are outside the ssl. There is one confusing or very near and related setting in the forms element of the authentication tag that might fool someone which says setup forms element for authentication with ...
Welcome to learn from my learnings. This is where I share my learnings so that others can benefit too and I can reference it in future. I publish posts, helpful notes or cheat sheets on various software technologies.
Abhy Nadar. Sr. Architect @ 3Pillar Global.