NWebsec - Improved session security for ASP.NET¶

The NWebsec.SessionSecurity library improves ASP.NET session security by enforcing a strong binding between an authenticated user’s identity and the user’s session identifier.

You’ll find the library on NuGet: NWebsec.SessionSecurity. You can also get it under Releases over at GitHub.

To learn more about how it works, see Authenticated session identifiers. To see how it’s configured, refer to Configuring session security.

For background on why the library improves security, see the blog post Ramping up ASP.NET session security.

Did you now that the SDL requires countermeasures against session fixation attacks, and that certain security headers must set by your web application? No? See :doc:`` to learn more.

Check out the NWebsec demo site to see the headers and session security improvements in action.

To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.