ASP - Session Variables v Cookies

I've been reading up and have come to the conclusion that Session Variables are evil! That Session Variables consume far too many server resources....

So i've decided to use Cookies instead to hold user data... and hold user data on the client ....

But I'm using

If rememberme is null then
Response.Cookies("UserAuth").Expires = dateAdd("n", 20, Now())
end if

Open in new window

And now i think these are server cookies...... are these just as evil as Session Variables?

Thank you
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
What do you mean by evil?  The drawback to session's is they can take up memory and when the worker process crashes, they reset.  

The issue with cookies is they can be viewed more easily.  See my answer here on creating a token for your cookies.
Big MontyWeb Ninja at largeCommented:
as far as I know, they're client side cookies, they're just written from the server side of things.

Curious on why you think Session objects are evil :)

With any functionality, they can be perfectly fine to use, if you do it right. if you put EVERYTHING into sessions, then yes, you'll run into memory issues, but that's more of a fault of the developer than the actual piece of functionality. At my current job, a large part of our site relies on session objects, and we don't ever run into performance issues.

to prove it's a client side cookie, copy & paste the following code into an asp page and run it. The line

document.Write( document.Cookie );

will write ALL cookies to the screen, including the page header info:

<%Response.Cookies("test") = "hello world" %>

<script type="text/javascript" >
    function readCookie() {
        document.write( document.cookie );


<body onload="readCookie();">


Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garethtnashAuthor Commented:
Thank you both :)

I read an article from -

I've got a server with 16GB ram which is running slowly, so on the project I'm currently working on, i was looking to reduce server resources!

Mainly though i think the issue is that SQL is using all the ram it can eat,.... but thats another issue!

Thank you
garethtnashAuthor Commented:
Perfect thank you both
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
To follow up, the articles on 4guys are very helpful for classic asp.  However, take into consideration the dates these were written and what was available then vs now.  Back in the 2000 to 2003 era, it was probably typical to have 256mb of ram vs 4 to 16 now.    

I have run into issues with session variables though and it does depend on your traffic.  If you have a handful of users or thousands. More importantly how much traffic per second.  If there are only a few users but there are hundreds of calls to the server a second for even a short amount of time, the worker process crashes and resets the session.  

You just have to put it all in perspective.

SQL Server will use up as much memory as you throw at it.  

If your server is running slow, or at least your data is, you want to look at  your types of queries, indexing, and how much data you are throwing at the browser are the 3 major  items I can think of that can really speed things up.  Also if you are using a windows desktop or workstation as your server vs a webserver designed to be a webserver will make a difference.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.