ASP- server cookies

Ok, to be blunt, I am really frustrated.

I need to know what a server cookie is, and how to use one and I can't find anything on it. people keep mentioning session variables and server cookies as if they were the same thing, are they???????

Now I don't mean cookies that reside on a user's computer, I mean cookies that reside on a server.

Please, please, please tell me what a server cookie is and how to use it.

I am using plain old ASP, not ASP.NET.

Thank you!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Well, I've seen server cookies used in the context of network load balancing, but I'm pretty sure that's not what you're talking about.

The only thing I can think of is:

1.  They don't know what they're talking about; cookies are client-side things.  Calling a Session Variable a cookie is just silly, IMHO.

2.  They're talking about Server-to-Server HTTP requests, where your local server will need to process, persist, and supply cookies to the remote server.  For example, you aggregate an RSS news feed on your server, then send it to the client.  You may need to provide cookies from your server to the remote server when you make your request, and it may send you cookies in it's response.  The ServerXMLHTTPRequest object uses WinHTTP for these requests, and here's some MSDN info on how WinHTTP uses cookies:

These are, in fact, regular old cookies, but they're stored on the server.

Mike Sharp
just look at it this way cookies refer to client side data that stored in the computer of the user. Now session varaibles are varibales that is stored on the server. But session variables is only active or usable for a scpecific amount of time but if you close the browser all session variables is lost. Unlike cookies it can be used for a specified time since it reside on the user computer it can be access again and again as long as it is not reach the specified time.(day, month...)

you can look at this link..


Happy programming...
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

"Server Cookie" is, I believe, a misnomer.  At least, its not something I've ever heard of.  What I believe you are referring to is the cookie that ASP creates for every session.  The cookie is sent to the client the first time the browser loads a page in that application.  It allows the server to identify that browser session and to use the proper session variables when displaying pages.

The cookie itself looks something like this: ASPSESSIONIDXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
where the 'X' characters are some random alphanumeric characters.

This cookie makes it possible to use the Session object to persist values across page requests.  The ASP engine automagically looks up the proper session object to use for each response based on the cookie used in each request.  If the browser does not send that cookie, the ASP engine will assume that this request is a new session and send a new cookie.

So, to answer at least part of your question, cookies are essential for session variables to work.  They are not the same thing as session variables exist only at the server while cookies exist at, and are transmitted back and forth between, the server and browser.  Cookies can be used for other things besides temoprarily storing the ASPSESSIONID cookie, though.  They can store people's logon names, passwords, etc...  can be manipulated in the browser using javascript, and can persist for a long time in your browser's cache.  Session variables exist only for the duration of that session, but are more secure because their contents don't leave the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vanaudenAuthor Commented:
Hi techjosh

Thank you for the clear explanation. That tell me that I want to use session variables for what I want to do.

I fail to see why people would talk about "server cookies" if they don't exist. Just say "session variable" if that is what you mean!

A member of Experts-Exchange actually mentioned this term to me to help me on a related problem (I have been having trouble with a bingo/tictactoe game). (This is not a flame - merely information) However, it is not the first time I hear/read it.

here is the link---

It is mentioned in the fourth message from the bottom.

Anyway, the point is moot. your answer gave me what I needed. A clear explanation.

Thank you, as well, to the rest of you who helped!
Remember though, if the user's browser does not accept cookies, you won't be able to use session variables in ASP.  

In general, web applications that maintain state between requests are not good design, unless there's some compelling reason to to it.  They're expensive in terms of server resources (less so if you preserve session state in a DB).  Make sure you really need them before using them; there may be a more efficient stateless way of accomplishing whatever your goal is.  I've seen them used a lot of times out of "convenience" when there is a better way.  An example of this is a set of forms-processing pages.  When the user clicks submit on each form as they work through a set of pages, it's better to capture state in hidden form fields, submitting these each time along with the new values than it is to "remember" previous pages the user submitted.  Of course, you don't store sensitive information in this type of field!  

Stateless almost always scales better.  And it eliminates an entire class of bugs, just as pure functions are more robust than functions that exhibit side effects.  I've been doing web development for a long time, and it's pretty rare to "need" session variables in an application.  They are usually the result of either poor application design, or programmer laziness.  

That said, if any type of authentication/log in is needed, a session cookie and it's corresponding server-side session variable is probably necessary.  Just don't store things in session variables that should be put elsewhere.
Mike Sharp

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.