I’m building a simple mvc application in ASP .NET and I would like to keep all the user data of a session on the client side, i.e. that at each time the page is loaded the variables restarts from zero (for example, points in a game). That data would then be sent to the server side (as a post) to be treated and then returned to the client. I’m doing this as to not use a database and gain performance.
However, how can I ensure that this data can’t be manipulated before being sent to the server? Excuse me, I’m kind of new to all this.
Thanks
You could embed an HMAC in the data sent to the client so the server can verify it hasn’t changed when the client sends it back later. But you also have to worry about things like replay attacks — even if a malicious client can’t change the data, it can send old data that it received several reloads ago.
You say you’re trying to gain a performance advantage by not using a database, but have you actually evaluated database performance and found it to be too slow? This sounds like you may be choosing a weird design for your application based on an unfounded assumption.