Solved

ASP- server cookies

Posted on 2004-11-01
419 Views
Last Modified: 2012-06-27
Ok, to be blunt, I am really frustrated.

I need to know what a server cookie is, and how to use one and I can't find anything on it. people keep mentioning session variables and server cookies as if they were the same thing, are they???????

Now I don't mean cookies that reside on a user's computer, I mean cookies that reside on a server.

Please, please, please tell me what a server cookie is and how to use it.

I am using plain old ASP, not ASP.NET.

Thank you!
0
Question by:vanauden
    6 Comments
     
    LVL 26

    Expert Comment

    by:rdcpro
    Well, I've seen server cookies used in the context of network load balancing, but I'm pretty sure that's not what you're talking about.

    The only thing I can think of is:

    1.  They don't know what they're talking about; cookies are client-side things.  Calling a Session Variable a cookie is just silly, IMHO.

    2.  They're talking about Server-to-Server HTTP requests, where your local server will need to process, persist, and supply cookies to the remote server.  For example, you aggregate an RSS news feed on your server, then send it to the client.  You may need to provide cookies from your server to the remote server when you make your request, and it may send you cookies in it's response.  The ServerXMLHTTPRequest object uses WinHTTP for these requests, and here's some MSDN info on how WinHTTP uses cookies:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/cookie_handling_in_winhttp.asp

    These are, in fact, regular old cookies, but they're stored on the server.

    Regards,
    Mike Sharp
    0
     
    LVL 15

    Expert Comment

    by:gladxml
    0
     
    LVL 15

    Expert Comment

    by:gladxml
    just look at it this way cookies refer to client side data that stored in the computer of the user. Now session varaibles are varibales that is stored on the server. But session variables is only active or usable for a scpecific amount of time but if you close the browser all session variables is lost. Unlike cookies it can be used for a specified time since it reside on the user computer it can be access again and again as long as it is not reach the specified time.(day, month...)

    you can look at this link..

    http://www.devguru.com/Technologies/asp/quickref/request_cookies.html
    http://www.devguru.com/Technologies/asp/quickref/session.html
    http://www.devguru.com/Technologies/asp/quickref/session_remove.html

    HTH...

    Happy programming...
    0
     
    LVL 3

    Accepted Solution

    by:
    "Server Cookie" is, I believe, a misnomer.  At least, its not something I've ever heard of.  What I believe you are referring to is the cookie that ASP creates for every session.  The cookie is sent to the client the first time the browser loads a page in that application.  It allows the server to identify that browser session and to use the proper session variables when displaying pages.

    The cookie itself looks something like this: ASPSESSIONIDXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    where the 'X' characters are some random alphanumeric characters.

    This cookie makes it possible to use the Session object to persist values across page requests.  The ASP engine automagically looks up the proper session object to use for each response based on the cookie used in each request.  If the browser does not send that cookie, the ASP engine will assume that this request is a new session and send a new cookie.

    So, to answer at least part of your question, cookies are essential for session variables to work.  They are not the same thing as session variables exist only at the server while cookies exist at, and are transmitted back and forth between, the server and browser.  Cookies can be used for other things besides temoprarily storing the ASPSESSIONID cookie, though.  They can store people's logon names, passwords, etc...  can be manipulated in the browser using javascript, and can persist for a long time in your browser's cache.  Session variables exist only for the duration of that session, but are more secure because their contents don't leave the server.
    0
     
    LVL 1

    Author Comment

    by:vanauden
    Hi techjosh

    Thank you for the clear explanation. That tell me that I want to use session variables for what I want to do.

    I fail to see why people would talk about "server cookies" if they don't exist. Just say "session variable" if that is what you mean!

    A member of Experts-Exchange actually mentioned this term to me to help me on a related problem (I have been having trouble with a bingo/tictactoe game). (This is not a flame - merely information) However, it is not the first time I hear/read it.

    here is the link--- http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_21188473.html#12469710

    It is mentioned in the fourth message from the bottom.

    Anyway, the point is moot. your answer gave me what I needed. A clear explanation.

    Thank you, as well, to the rest of you who helped!
    0
     
    LVL 26

    Expert Comment

    by:rdcpro
    Remember though, if the user's browser does not accept cookies, you won't be able to use session variables in ASP.  

    <SoapBox>
    In general, web applications that maintain state between requests are not good design, unless there's some compelling reason to to it.  They're expensive in terms of server resources (less so if you preserve session state in a DB).  Make sure you really need them before using them; there may be a more efficient stateless way of accomplishing whatever your goal is.  I've seen them used a lot of times out of "convenience" when there is a better way.  An example of this is a set of forms-processing pages.  When the user clicks submit on each form as they work through a set of pages, it's better to capture state in hidden form fields, submitting these each time along with the new values than it is to "remember" previous pages the user submitted.  Of course, you don't store sensitive information in this type of field!  

    Stateless almost always scales better.  And it eliminates an entire class of bugs, just as pure functions are more robust than functions that exhibit side effects.  I've been doing web development for a long time, and it's pretty rare to "need" session variables in an application.  They are usually the result of either poor application design, or programmer laziness.  
    </SoapBox>

    That said, if any type of authentication/log in is needed, a session cookie and it's corresponding server-side session variable is probably necessary.  Just don't store things in session variables that should be put elsewhere.
    Regards,
    Mike Sharp



    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: MongoDB Object-Document Mapper for NodeJS

    NodeJS (JavaScript on the server) is awesome, but some developers get confused about NoSQL when it comes to working in Node with MongoDB (NoSQL database). Do you need a better explanation of how to use Node.js with MongoDB? The most popular choice is the Mongoose library.

    Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
    Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
    The viewer will learn how to count occurrences of each item in an array.
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now