1

I want to know about security of tempdata in ASP.NET MVC in the following scenario.

If one user is logged in and there is data passed to tempdata and it is we are keeping for next request or we are not reading it so it keeps value in tempdata. If another user logged in, then will that tempdata value also be available to the second user?

Improve this question
1
  • 2
    No. TempData use Session (its user specific) Commented Jan 16, 2018 at 5:28

1 Answer 1

Reset to default
4

TempData uses by default Session*. Therefore it is as safe as a session can be.

A session is individual for every user, so yes.

Session Hijacking is one problem for a session, but since TempData is only valid for one request, I do not see any problems.

* Note it is possible to create a own ITempDataProvider (Credits to NightOwl888). In this case, you need to evaluate, if your provider is secure.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Technically, TempData uses Session by default. You can change the provider to use another storage mechanism. For example, here is a cookie-based TempData provider.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.