Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
33 lines (20 sloc) 1.69 KB

NWebsec - Improved session security for ASP.NET

.. toctree::
   :maxdepth: 2
   :titlesonly:
   :hidden:

   Configuring-session-security
   Authenticated-session-identifiers


The NWebsec.SessionSecurity library improves ASP.NET session security by enforcing a strong binding between an authenticated user's identity and the user's session identifier.

You'll find the library on NuGet: NWebsec.SessionSecurity. You can also get it under Releases over at GitHub.

To learn more about how it works, see :doc:`Authenticated-session-identifiers`. To see how it's configured, refer to :doc:`Configuring-session-security`.

For background on why the library improves security, see the blog post Ramping up ASP.NET session security.

Did you now that the SDL requires countermeasures against session fixation attacks, and that certain security headers must set by your web application? No? See :doc:`` to learn more.

Check out the NWebsec demo site to see the headers and session security improvements in action.

To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.