Solved

Sessions

Posted on 1998-11-04
9
241 Views
Last Modified: 2013-12-25
Using ASPs the only way to maintain user sessions in my site is thru the use of cookies or is there another way ?

I want the user to enter a login/password to enter the site. If he desires he can allow the site to drop a cookie and he wouldn't need to reenter the login/password each time he comes back. This id the best way right ?

Is there a simple way to test If the users browser is cookie-enabled ?
0
Comment
Question by:aloha
9 Comments
 
LVL 12

Expert Comment

by:Otta
ID: 1856096
> Using ASPs the only way to maintain user sessions
> in my site is thru the use of cookies or is there another way ?

HTTP is a "connection-less" protocol,
every request and response is "independent",
i.e., like plugging coins into a slot-machine.

Contrast this to a telephone-call, where you have "setup",
then a "connection", and finally "hang-up".

> Is there a simple way to test If the user's browser
> is cookie-enabled ?

Send it a cookie, and then try to retrieve the cookie.
If successfully-retrieved, then you have the answer.
0
 
LVL 1

Expert Comment

by:rajgn
ID: 1856097
You can maintain sessions not only by using Cookies but also by Session variables. As a matter of fact, using Session variables is the right way. Here you need not bother about client's browser accepts cookies or not.
0
 

Author Comment

by:aloha
ID: 1856098
Not quite. Session variables are maintained through the use of cookies that "mark" each user with a session id. This session id can be seen as the "key" to access the user/session variables.

What I would like to know is what happens if the user rejects these cookies ?
0
 
LVL 12

Expert Comment

by:Otta
ID: 1856099
> what happens if the user rejects these cookies ?

It depends on the ASP programming,
and its "tolerance" to unavailabilty of cookies.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:aloha
ID: 1856100
could you be more specific ?
0
 
LVL 12

Expert Comment

by:Otta
ID: 1856101
More specific?
If your ASP programming has sent a cookie to a user's browser,
and now tries to retrieve the cookie, and nothing is returned,
then how will your programming react to the data which you
stored in the cookie, but which is now unavailable ?

Compare it to taking your automobile to the dealer,
to get snow-tires installed.  The dealer returns it to you,
but they didn't tell you that they had no such tires in their
warehouse, and then you try to drive through some snow,
without noticing that the summer-tires are still mounted.
The likely result?  A crash!
0
 

Accepted Solution

by:
Eck earned 50 total points
ID: 1856102
You can get CookieMunger from Microsoft which is an IIS ISAPI filter that basically pharses each and every page and changes every link in the page so it contains the information it would have stored in the cookie in the accual link instead. Nice idea, but the overhead must be *massive*.

Hope that helps :]
0
 

Author Comment

by:aloha
ID: 1856103
I know what cookies are. And I understood what you meant by cookie tolerant pages.

What I said is that the IIS web server by default sends a cookie to each user to store his session id (to be used has his key to the "locker room" where his session variables are stores thats the comparison that they usually give in the documentation). What I wanted to know was what happens to the users session variables if he refuses this default cookie (not one sent by me!) ?


0
 
LVL 12

Expert Comment

by:Otta
ID: 1856104
> What I wanted to know was what happens to the users
> session variables if he refuses this default cookie
> (not one sent by me!) ?

When the user rejects them, they are not saved on the user's computer.

When the web-server software tries to retrieve the cookie,
no values can be retrieved -- a message like
"requested cookie was not found" could be sent
from the browser to the web-server.


0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Uploading files to the web server has become common part of almost any kind of web application. People use different technologies to solve this, but regardless of the technology used, it is always useful to have some kind of progress indicator shown…
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now