how safe is it to use session variables – / c#

Session state is kept entirely server-side, no matter which storage method you use (in-memory, session state server or database).

So unless your server is hacked, Session variables are safe. And in case your server does get hacked, the hacker would only have access to the data in his own session, unless he finds a way to analyze the IIS process’ memory.

Leave a Comment