NWebsec - Improved session security for ASP.NET
.. toctree:: :maxdepth: 2 :titlesonly: :hidden: Configuring-session-security Authenticated-session-identifiers
The NWebsec.SessionSecurity library improves ASP.NET session security by enforcing a strong binding between an authenticated user's identity and the user's session identifier.
For background on why the library improves security, see the blog post Ramping up ASP.NET session security.
Did you now that the SDL requires countermeasures against session fixation attacks, and that certain security headers must set by your web application? No? See :doc:`` to learn more.
Check out the NWebsec demo site to see the headers and session security improvements in action.
To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.