How can I store session variables that can be accessed even after the browser is closed?

Posted on 2008-10-20
Last Modified: 2012-05-05
I'm using Session[""] variables right now but am having the problem of losing the data when the user closes the browser.  Because they will still be logged in, I need access to these variables once the browser is re-opened.

Do I store them as a cookie, and if so, how?
Question by:tektician
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Accepted Solution

talker2004 earned 250 total points
ID: 22763899
I would store it in a cookie, Although it is possilbe to latch back onto the session after the browser is closed, it is really note ment to work like that.

'Write to a cookie
        If Request.Cookies("UserGuid") Is Nothing Then
            Dim aCookie As New HttpCookie("UserGuid")
            aCookie.Value = UserGuid
            aCookie.Expires = DateTime.Now.AddDays(30)
            Response.Cookies.Item("UserGuid").Value = UserGuid
        End If

'read from the cookie

        If Not Request.Cookies("UserGuid") Is Nothing Then
            ActiveUserID = Request.Cookies("UserGuid").Value
        End If


Expert Comment

ID: 22764007
You can take it a step further and use a cookieless session

in the web.config you can pass the session state key through the query string. After the user closes the browser it is possible to recreate the session. However your default setting on the server is 20 before the session expires.

In the system.web section of your web.config you can specify to pass the session state key as a query string.  

                        timeout="5" />

I want to warn you that your site could be session hijacked if somebody had the url in the users browser. I like it because i can copy the url from firefox to IE and transfer the session from one browser to another while i am in the middle of debugging my application.

Expert Comment

ID: 22764077
Oh, and as far as the cookie example you can store the session state key in a cookie on the users computer to attempt to resume the session. Although I would not recommend leaving lots of sessions on your server, they could be inadvertently cleared because of numerous reasons unrelated to the session time out. App Pools are cleared on schedules as well as when the server memory usage for an application exceeds it's configured thresholds.

Once it's being passed through as a query string it is free game as to read in the string and store it into a cookie file.

If the user accidentally closed the browser then they would open it back up and you would read the url that you stored inside of the value in your cookie and redirect them to the uri which would go right back into the session.

BTW, The web.config solution is the only way to latch onto an existing session through an ASP.Net application. But there is ways to generate your own key to try to make it more secure. The concern is based off the theory that these things use random number generators and that hackers may be able to reproduce the same exact key at the same time as ASP.Net would. I don't think it's likely but there are solutions out there to do some type of unique encryption scheme.

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now


Author Comment

ID: 22764096
Thanks for the reply talker,

could you please post the C# version to that code?  I haven't worked with VB before but I'll see if I can make that work with C#.

On another note, I want to make sure that the cookie is deleted if the user logs out using the LoginStatus control.  Is there a way to delete the cookie on the event of a logout through the LoginStatus control?

Author Comment

ID: 22764728
I'm using cookies rather than session variables like you suggested and everything is working fine.

I also made sure that when the user logged out (using the LoginStatus control), I forced the existing cookies to expire:

HttpCookie cookie_userID = new HttpCookie("userID");
            cookie_userID.Expires = DateTime.Now.AddDays(-1d);


Author Closing Comment

ID: 31508110
I put down the code in C# and it works fine, thanks!

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question