Avoid Session fixation in ASP.Net Core MVC

on Jan 24, 2022 04:33 AM

how to avoid Session Fixation in dot.net core mvc application.

below code i updating in user Login.

string guid = Guid.NewGuid().ToString();           
HttpContext.Session.SetInt32("UserId", userData.Id);
Response.Cookies.Append("AuthToken", guid, cookieOptions);

but Its not working.

Kindly suggest.

Download FREE API for Word, Excel and PDF in ASP.Net: Download
on Jan 24, 2022 04:38 AM
on Jan 24, 2022 04:38 AM

Hi venkatg,

Refer below code.

HttpContext.Session.SetInt32("UserId", userData.Id);
CookieOptions cookieOptions = new CookieOptions();
//Set the Expiry date of the Cookie.
cookieOptions.Expires = DateTime.Now.AddDays(30);
//Create a Cookie with a suitable Key and add the Cookie to Browser.
Response.Cookies.Append("AuthToken", Guid.NewGuid().ToString(), cookieOptions);

For more details refer below article.

ASP.Net Core Cookies: Read, Write (Save) and Remove (Delete) Cookies in ASP.Net Core MVC


on Jan 24, 2022 04:57 AM

Hi Dharmendar ,

Your code is working but the  Session Fixation issue still replicating on the dot net core application , can i have solution for the particular