what is the different between ASP Cookies and Session ?

For me, there are the same thing.
Can any experts tell me what is exactly different
between them ? What is the advantage and disadvantage ?
decae2001Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
robbertConnect With a Mentor Commented:
A Session cookie is a normal cookie with the name "ASPSESSIONID". A normal cookie don't having an expiration date.

Cookies without an expiration date expire when the browser closes. Session cookies, in opposite to other cookies, may also time out (at Session.SessionTimeout) - but that's not happening client-side, but server-side. That means IIS stops having this information stored and thus, a new Session cookie will be set when there's activity again.

So, Session cookies are client-side the same as normal cookies not having an expiration date.

You can set the expiration date with a normal cookie:
Response.Cookies("myCookie") = "myValue"
Response.Cookies("myCookie").Expires = "2010/1/1"

and delete it by:
Response.Cookies("myCookie").Expires = "1840/1/1"

We call that "persistant" cookies.

If the user's browser settings don't allow cookies, Session cookies won't work, too, and a new Session cookie will be set with loading another page.
IE5 differs and lets the user choose if to allow persistant or non-persistant cookies.

As for dis-/advantages:
+ If that isn't disabled server-side, a unique SessionID will be set with a Session cookie. You can also generate one, manually, (and identify the user by that) but the IIS Session engine only recognizes its own cookies. If it's able to do so, values you store in your custom Session cookies,

Session("x") = "y"

nextpage.asp:
x = Session("x")

can be retrieved. That's just easy and comfortable.

+ If you need to store values with the user for a longer time than this browser session, you would manually set cookies with an expiration date.
0
 
moswaCommented:
a session is deleted when the browser is terminated,
a cookie is written on your computer and is still active the next time you visit the website

examples session and cookies:

session("name")=request.form("name")
and later call it by: <%=session("name")%> or
if session("name")="Tom Hanks" then ...

response.cookies("website")("name")= request.form("name")
response.cookies("website").Expires = DATE + 365
and later call it by:
<input NAME="name" value="<%=request.cookies("website")("name")%>">

0
 
cybermoonlightCommented:
what was that?
the difference betweeen a cookie(response.cookies) and a session cookie(session("")) is where the cookie is stored(client/server)
your Q was "what is the difference between ASP cookie?..and what?
plz make this more clear
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
robbertCommented:
By,

> A normal cookie don't having an expiration
date.

(first line), I meant,

> A Session cookie is a normal cookie don't having an expiration date.

But it's the "one" cookie IIS' Session engine looks at when identifying the user.
0
 
decae2001Author Commented:
If The user's browser disable cookie, can I still use session ?
0
 
robbertCommented:
No. When the user doesn't accept cookies, a new Session will be started with each page.
0
 
decae2001Author Commented:
robber,

Sound like to me, the session is created by ASP itself.
What if I want to use straight cookies, and not session
at all ?
0
 
robbertCommented:
Session cookies will be set, though. That doesn't harm for most users but anyway, you can state at the top of your scripts,

<%@ ENABLESESSIONSSTATE=True|False %>

or set that in IIS, in the web application properties.
0
 
decae2001Author Commented:
Then, how do I know if the user has disabled the cookies ?
Will I get any return code number ?
0
 
robbertCommented:
You need to check for cookies. There's a pitfall, so follow.

Set a test cookie:

Response.Cookies("test") = "test"

Then, (at the top of your script) check if the cookie has been accepted:

If Len(Request.Cookies("test")) = 0 Then
    Response.Redirect "wouldyoupleaseacceptcookies.asp"
End If

The pitfall (or bait) is that even if the user doesn't have cookies enabled - if you set a cookie and check it on the same page - it always appears to be set.

Thus, one strategy is to set a testcookie at all entry pages and to check the cookie on all follow-up pages.
Obviously, it's hard to pre-determine where the user comes in and where he navigates, next.

What I'm usually doing is, setting the testcookie by server-side ASP, and checking it by client-side JavaScript:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>
... regular HTML code ...
</BODY>
</HTML>

And, you apparently want to know it quite in-depth - you'ld also need to ensure that the user has JavaScript enabled:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>

<noscript language=javascript>
Please activate JavaScript.
</script>

... regular HTML code ...
</BODY>
</HTML>

There is a third option (beneath server-side setting and checking cookies on different pages, and doing that server- and client-side on the same page) - checking for cookies by using the www.browserhawk.com component in the global.asa, and from there, deciding what to do (it's great but not common).

These are the only options.
0
 
weesiongCommented:
Robbert,

You always RIGHT!!

Regards,
Wee Siong!
0
 
moswaCommented:
need a cookies.asp?! :)
http://rechten.kub.nl/projecten/cookiecheck.asp
(sorry, some text in dutch, but it says something about what cookies are and how you can accept cookies)

moswa
0
All Courses

From novice to tech pro — start learning today.