Session Capturing and Modifying

I want to know how can I capture web sessions and modify them.

I`m developing websites and desktop apps, and I want to know if 开发者_运维知识库they can be penetrated using the sessions that are created or not. So I want to know how to capture session variables and how to modify them.

If possible, a sample code in C++ or C# will be great.

Sessions are generally stored on the server. Some systems use encrypted cookie based sessions (ie. Kohana), but the standard way of dealing with sessions is to have them stored and used on the server. As has been said previously, often it isn't possible to 'capture' session data because it isn't transmitted - as a whole - between the client and server.

In order to reliably deal with the session, you'd need the ability to run your own code on the web server. If you have a specific system in mind (like Kohana, with its optional encrypted cookie based session system), then the answer may be slightly different.