ASP.NET session hijacking with Google and ELMAH

added by troyhunt
1/9/2012 5:17:10 AM


ELMAH is one those libraries which is both beautiful in its simplicity yet powerful in what it allows you to do. Combine the power of ELMAH with the convenience of NuGet and you can be up and running with absolutely invaluable error logging and handling in literally a couple of minutes. Yet, as the old adage goes, with great power comes great responsibility and if you’re not responsible with how you implement ELMAH, you’re also only a couple of minutes away from making session hijacking of your ASP.NET app – and many other exploits – very, very easy.


1/9/2012 2:03:05 PM
Great piece of advice for anyone using ELMAH, but I think it also forces one to think more carefully about what is and isn't safe to run on their production site.