ASP - Session Variables v Cookies

I've been reading up and have come to the conclusion that Session Variables are evil! That Session Variables consume far too many server resources....

So i've decided to use Cookies instead to hold user data... and hold user data on the client ....

But I'm using

If rememberme is null then
Response.Cookies("UserAuth").Expires = dateAdd("n", 20, Now())
end if

Open in new window

And now i think these are server cookies...... are these just as evil as Session Variables?

Thank you
Who is Participating?
Big MontySenior Web Developer / CEO of Commented:
as far as I know, they're client side cookies, they're just written from the server side of things.

Curious on why you think Session objects are evil :)

With any functionality, they can be perfectly fine to use, if you do it right. if you put EVERYTHING into sessions, then yes, you'll run into memory issues, but that's more of a fault of the developer than the actual piece of functionality. At my current job, a large part of our site relies on session objects, and we don't ever run into performance issues.

to prove it's a client side cookie, copy & paste the following code into an asp page and run it. The line

document.Write( document.Cookie );

will write ALL cookies to the screen, including the page header info:

<%Response.Cookies("test") = "hello world" %>

<script type="text/javascript" >
    function readCookie() {
        document.write( document.cookie );


<body onload="readCookie();">


Open in new window

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
What do you mean by evil?  The drawback to session's is they can take up memory and when the worker process crashes, they reset.  

The issue with cookies is they can be viewed more easily.  See my answer here on creating a token for your cookies.
garethtnashAuthor Commented:
Thank you both :)

I read an article from -

I've got a server with 16GB ram which is running slowly, so on the project I'm currently working on, i was looking to reduce server resources!

Mainly though i think the issue is that SQL is using all the ram it can eat,.... but thats another issue!

Thank you
garethtnashAuthor Commented:
Perfect thank you both
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
To follow up, the articles on 4guys are very helpful for classic asp.  However, take into consideration the dates these were written and what was available then vs now.  Back in the 2000 to 2003 era, it was probably typical to have 256mb of ram vs 4 to 16 now.    

I have run into issues with session variables though and it does depend on your traffic.  If you have a handful of users or thousands. More importantly how much traffic per second.  If there are only a few users but there are hundreds of calls to the server a second for even a short amount of time, the worker process crashes and resets the session.  

You just have to put it all in perspective.

SQL Server will use up as much memory as you throw at it.  

If your server is running slow, or at least your data is, you want to look at  your types of queries, indexing, and how much data you are throwing at the browser are the 3 major  items I can think of that can really speed things up.  Also if you are using a windows desktop or workstation as your server vs a webserver designed to be a webserver will make a difference.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.