Solved

what is the different between ASP Cookies and Session ?

Posted on 2001-06-03
12
256 Views
Last Modified: 2012-06-21
For me, there are the same thing.
Can any experts tell me what is exactly different
between them ? What is the advantage and disadvantage ?
0
Comment
Question by:decae2001
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 1

Expert Comment

by:moswa
ID: 6150676
a session is deleted when the browser is terminated,
a cookie is written on your computer and is still active the next time you visit the website

examples session and cookies:

session("name")=request.form("name")
and later call it by: <%=session("name")%> or
if session("name")="Tom Hanks" then ...

response.cookies("website")("name")= request.form("name")
response.cookies("website").Expires = DATE + 365
and later call it by:
<input NAME="name" value="<%=request.cookies("website")("name")%>">

0
 
LVL 2

Expert Comment

by:cybermoonlight
ID: 6150678
what was that?
the difference betweeen a cookie(response.cookies) and a session cookie(session("")) is where the cookie is stored(client/server)
your Q was "what is the difference between ASP cookie?..and what?
plz make this more clear
0
 
LVL 15

Accepted Solution

by:
robbert earned 30 total points
ID: 6150683
A Session cookie is a normal cookie with the name "ASPSESSIONID". A normal cookie don't having an expiration date.

Cookies without an expiration date expire when the browser closes. Session cookies, in opposite to other cookies, may also time out (at Session.SessionTimeout) - but that's not happening client-side, but server-side. That means IIS stops having this information stored and thus, a new Session cookie will be set when there's activity again.

So, Session cookies are client-side the same as normal cookies not having an expiration date.

You can set the expiration date with a normal cookie:
Response.Cookies("myCookie") = "myValue"
Response.Cookies("myCookie").Expires = "2010/1/1"

and delete it by:
Response.Cookies("myCookie").Expires = "1840/1/1"

We call that "persistant" cookies.

If the user's browser settings don't allow cookies, Session cookies won't work, too, and a new Session cookie will be set with loading another page.
IE5 differs and lets the user choose if to allow persistant or non-persistant cookies.

As for dis-/advantages:
+ If that isn't disabled server-side, a unique SessionID will be set with a Session cookie. You can also generate one, manually, (and identify the user by that) but the IIS Session engine only recognizes its own cookies. If it's able to do so, values you store in your custom Session cookies,

Session("x") = "y"

nextpage.asp:
x = Session("x")

can be retrieved. That's just easy and comfortable.

+ If you need to store values with the user for a longer time than this browser session, you would manually set cookies with an expiration date.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:robbert
ID: 6150691
By,

> A normal cookie don't having an expiration
date.

(first line), I meant,

> A Session cookie is a normal cookie don't having an expiration date.

But it's the "one" cookie IIS' Session engine looks at when identifying the user.
0
 

Author Comment

by:decae2001
ID: 6150921
If The user's browser disable cookie, can I still use session ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6150940
No. When the user doesn't accept cookies, a new Session will be started with each page.
0
 

Author Comment

by:decae2001
ID: 6150947
robber,

Sound like to me, the session is created by ASP itself.
What if I want to use straight cookies, and not session
at all ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6150960
Session cookies will be set, though. That doesn't harm for most users but anyway, you can state at the top of your scripts,

<%@ ENABLESESSIONSSTATE=True|False %>

or set that in IIS, in the web application properties.
0
 

Author Comment

by:decae2001
ID: 6151129
Then, how do I know if the user has disabled the cookies ?
Will I get any return code number ?
0
 
LVL 15

Expert Comment

by:robbert
ID: 6151150
You need to check for cookies. There's a pitfall, so follow.

Set a test cookie:

Response.Cookies("test") = "test"

Then, (at the top of your script) check if the cookie has been accepted:

If Len(Request.Cookies("test")) = 0 Then
    Response.Redirect "wouldyoupleaseacceptcookies.asp"
End If

The pitfall (or bait) is that even if the user doesn't have cookies enabled - if you set a cookie and check it on the same page - it always appears to be set.

Thus, one strategy is to set a testcookie at all entry pages and to check the cookie on all follow-up pages.
Obviously, it's hard to pre-determine where the user comes in and where he navigates, next.

What I'm usually doing is, setting the testcookie by server-side ASP, and checking it by client-side JavaScript:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>
... regular HTML code ...
</BODY>
</HTML>

And, you apparently want to know it quite in-depth - you'ld also need to ensure that the user has JavaScript enabled:

<%
Response.Cookies("testcookie") = "testcookie"
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<script language=javascript>
if (document.cookie.indexOf("testcookie=testcookie") >= 0)
document.location.href = "cookies.asp"
</script>

<noscript language=javascript>
Please activate JavaScript.
</script>

... regular HTML code ...
</BODY>
</HTML>

There is a third option (beneath server-side setting and checking cookies on different pages, and doing that server- and client-side on the same page) - checking for cookies by using the www.browserhawk.com component in the global.asa, and from there, deciding what to do (it's great but not common).

These are the only options.
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6151448
Robbert,

You always RIGHT!!

Regards,
Wee Siong!
0
 
LVL 1

Expert Comment

by:moswa
ID: 6151795
need a cookies.asp?! :)
http://rechten.kub.nl/projecten/cookiecheck.asp
(sorry, some text in dutch, but it says something about what cookies are and how you can accept cookies)

moswa
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question