Solved

what is the different between ASP Cookies and Session ?

Posted on 2001-06-03
12
252 Views
Last Modified: 2012-06-21
For me, there are the same thing.
Can any experts tell me what is exactly different
between them ? What is the advantage and disadvantage ?
0
Comment
Question by:decae2001
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 1

Expert Comment

by:moswa
ID: 6150676
a session is deleted when the browser is terminated,
a cookie is written on your computer and is still active the next time you visit the website

examples session and cookies:

session("name")=request.form("name")
and later call it by: <%=session("name")%> or
if session("name")="Tom Hanks" then ...

response.cookies("website")("name")= request.form("name")
response.cookies("website").Expires = DATE + 365
and later call it by:
<input NAME="name" value="<%=request.cookies("website")("name")%>">

0
 
LVL 2

Expert Comment

by:cybermoonlight
ID: 6150678
what was that?
the difference betweeen a cookie(response.cookies) and a session cookie(session("")) is where the cookie is stored(client/server)
your Q was "what is the difference between ASP cookie?..and what?
plz make this more clear
0
 
LVL 15

Accepted Solution

by:
robbert earned 30 total points
ID: 6150683
A Session cookie is a normal cookie with the name "ASPSESSIONID". A normal cookie don't having an expiration date.

Cookies without an expiration date expire when the browser closes. Session cookies, in opposite to other cookies, may also time out (at Session.SessionTimeout) - but that's not happening client-side, but server-side. That means IIS stops having this information stored and thus, a new Session cookie will be set when there's activity again.

So, Session cookies are client-side the same as normal cookies not having an expiration date.

You can set the expiration date with a normal cookie:
Response.Cookies("myCookie") = "myValue"
Response.Cookies("myCookie").Expires = "2010/1/1"

and delete it by:
Response.Cookies("myCookie").Expires = "1840/1/1"

We call that "persistant" cookies.

If the user's browser settings don't allow cookies, Session cookies won't work, too, and a new Session cookie will be set with loading another page.
IE5 differs and lets the user choose if to allow persistant or non-persistant cookies.

As for dis-/advantages:
+ If that isn't disabled server-side, a unique SessionID will be set with a Session cookie. You can also generate one, manually, (and identify the user by that) but the IIS Session engine only recognizes its own cookies. If it's able to do so, values you store in your custom Session cookies,

Session("x") = "y"

nextpage.asp:
x = Session("x")

can be retrieved. That's just easy and comfortable.

+ If you need to store values with the user for a longer time than this browser session, you would manually set cookies with an expiration date.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:robbert
ID: 6150691
By,

> A normal cookie don't having an expiration
date.

(first line), I meant,

> A Session cookie is a normal cookie don't having an expiration date.

But it's the "one" cookie IIS' Session engine looks at when identifying the user.
0
 

Author Comment

by:decae2001
ID: 6150921
If The user's browser disable cookie, can I still use session ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6150940
No. When the user doesn't accept cookies, a new Session will be started with each page.
0
 

Author Comment

by:decae2001
ID: 6150947
robber,

Sound like to me, the session is created by ASP itself.
What if I want to use straight cookies, and not session
at all ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6150960
Session cookies will be set, though. That doesn't harm for most users but anyway, you can state at the top of your scripts,

<%@ ENABLESESSIONSSTATE=True|False %>

or set that in IIS, in the web application properties.
0
 

Author Comment

by:decae2001
ID: 6151129
Then, how do I know if the user has disabled the cookies ?
Will I get any return code number ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6151150
You need to check for cookies. There's a pitfall, so follow.

Set a test cookie:

Response.Cookies("test") = "test"

Then, (at the top of your script) check if the cookie has been accepted:

If Len(Request.Cookies("test")) = 0 Then
    Response.Redirect "wouldyoupleaseacceptcookies.asp"
End If

The pitfall (or bait) is that even if the user doesn't have cookies enabled - if you set a cookie and check it on the same page - it always appears to be set.

Thus, one strategy is to set a testcookie at all entry pages and to check the cookie on all follow-up pages.
Obviously, it's hard to pre-determine where the user comes in and where he navigates, next.

What I'm usually doing is, setting the testcookie by server-side ASP, and checking it by client-side JavaScript:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>
... regular HTML code ...
</BODY>
</HTML>

And, you apparently want to know it quite in-depth - you'ld also need to ensure that the user has JavaScript enabled:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>

<noscript language=javascript>
Please activate JavaScript.
</script>

... regular HTML code ...
</BODY>
</HTML>

There is a third option (beneath server-side setting and checking cookies on different pages, and doing that server- and client-side on the same page) - checking for cookies by using the www.browserhawk.com component in the global.asa, and from there, deciding what to do (it's great but not common).

These are the only options.
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6151448
Robbert,

You always RIGHT!!

Regards,
Wee Siong!
0
 
LVL 1

Expert Comment

by:moswa
ID: 6151795
need a cookies.asp?! :)
http://rechten.kub.nl/projecten/cookiecheck.asp
(sorry, some text in dutch, but it says something about what cookies are and how you can accept cookies)

moswa
0

Featured Post

ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question