Cookies , Session Which is Better ? and Global.asa Question

Discussion in 'ASP General' started by Amit D.Shinde, Jul 24, 2004.

  1. Hello Experts..

    I need some help regarding cookies and session objects and also
    global.asa file

    I am creating one cookie when a user logs in on my website.
    The cookie stores the login name of the user. I want that cookie
    should get deleted when user closes the browser without signing out.

    I think it is done in global.asa file . But i don;t know how to do it?
    Please Explain me the working of global.asa file.

    Also If I am creating a cookie and other site is also creating a
    cookie of same name then does this will create a problem?.

    which is safe and better .. creating cookies or creating session
    variables.
    can anyone give me the comparision
     
    Amit D.Shinde, Jul 24, 2004
    #1
    1. Advertising

  2. Amit D.Shinde

    Jeff Cochran Guest

    On 24 Jul 2004 03:30:34 -0700, (Amit D.Shinde)
    wrote:

    >Hello Experts..
    >
    >I need some help regarding cookies and session objects and also
    >global.asa file
    >
    >I am creating one cookie when a user logs in on my website.
    >The cookie stores the login name of the user. I want that cookie
    >should get deleted when user closes the browser without signing out.


    That's problematic, since closing the browser closes your potential
    for a response from the client. If the cookie has no expiration, it
    *should* expire when the user leaves your site, including when they
    close the browser. In my experience, that isn't always what happens,
    but it should do for what you need.

    >I think it is done in global.asa file . But i don;t know how to do it?
    >Please Explain me the working of global.asa file.


    Think of global.asa as a global include file that handles events.
    That's a little simplistic, but it'll help you understand the concepts
    of what you're asking. You can do things when the session starts or
    ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
    applications. But in the case of a SESSION_ONEND, it happens at the
    end of the session, not when the browser is closed (which may or may
    not end the session). You can't use the application object since it
    doesn't apply to the user. So there's no real way to detect the
    browser being closed, since it doesn't end a session and doesn't send
    a response back to the server.

    >Also If I am creating a cookie and other site is also creating a
    >cookie of same name then does this will create a problem?.


    Assuming you aren't using two sites that are identical, no.

    >which is safe and better .. creating cookies or creating session
    >variables.


    Yes.

    >can anyone give me the comparision


    There isn't a comparison like that available. Each has advantages and
    disadvantages in specific situations. You need to learn the
    difference in the technologies first, since they don't have the same
    function and using cookies doesn't mean you don't use a session
    variable, or visce versa.

    In your mentioned situation you might do better with a cookie than a
    session variable, but it really depends on what you're doing with the
    information.

    Might look at:

    http://www.asp101.com/resources/apps_sessions_gasa.asp

    Jeff
     
    Jeff Cochran, Jul 24, 2004
    #2
    1. Advertising

  3. Amit D.Shinde

    Bã§TãRÐ Guest

    A little addition to Jeff's well thought out response:


    COOKIES:
    Cookies are best used when storing information that is generic like
    browser settings, colors etc. for ( in most cases ) a longer amount of
    time.

    YOU SHOULD NEVER STORE PERSONALLY IDENTIFIABLE INFORMATION IN A
    COOKIE!!!!!
    The main reason for this being is safety, most people would store a
    user name in a cookie name like uname or user or username or
    user_name. I could write code that would run through those
    combinations and the combinations of any other bit of information,
    email, pw's ip's where they've surfed etc. and steal that information
    to use for what ever purpose I needed.

    If you needed to store personal information in a cookie use non
    standard naming conventions and think about encrypting any specific
    personal information you need to store. But like I said use as a last
    resort.

    Cookies (in most cases) can be called from multiple sites depending on
    what you store in the info and know how to access it.

    One advantage of using cookies is that the persons machine bears the
    brunt of setting the cookie, storing that information etc. Unlike
    sessions where the server takes the hit for having to store that
    information.

    SESSIONS:
    Sessions are just as dangerous when storing personal information but
    the danger is lessened if the server is "secured" etc. Although not
    impossible - its much harder for me to hijack session information from
    a user then it is for me to hijack cookie information. The server that
    ..asp file is running on bears the brunt of storing session information
    in memory. Meaning, if you have a lot of people hitting your site at
    any given time - server performance is reduced becuase the server is
    using more memory to store session information.

    The average time a session lasts is 20 mins. So, when your browser
    hits the site the sessions starts counting down from there.

    Sessions (in most cases) are site specific. It is possible to transfer
    sessions to other sites but its not very practical.

    Sessions do not die after the browser has closed down. If you have a
    logout button on your site - make sure you use session.abandon to
    kill any unwanted and unused sessions.

    Rules of thumb for deciding which is better for your sites needs.
    1. hi-traffic sites - use cookies
    Moves some of the load off the server onto the persons browser

    2. e-commerce sites - use sessions
    quick and easy and doesnt store any personal information the persons
    computer - can be killed once transaction is complete and the person
    moves on to other websites.

    3. site customization - use cookies
    usually information like this is innoculous and is of no use to anyone
    but your website.



    Hope this helps a little
    - Bastard


    On Sat, 24 Jul 2004 13:56:19 GMT, (Jeff Cochran)
    wrote:

    >On 24 Jul 2004 03:30:34 -0700, (Amit D.Shinde)
    >wrote:
    >
    >>Hello Experts..
    >>
    >>I need some help regarding cookies and session objects and also
    >>global.asa file
    >>
    >>I am creating one cookie when a user logs in on my website.
    >>The cookie stores the login name of the user. I want that cookie
    >>should get deleted when user closes the browser without signing out.

    >
    >That's problematic, since closing the browser closes your potential
    >for a response from the client. If the cookie has no expiration, it
    >*should* expire when the user leaves your site, including when they
    >close the browser. In my experience, that isn't always what happens,
    >but it should do for what you need.
    >
    >>I think it is done in global.asa file . But i don;t know how to do it?
    >>Please Explain me the working of global.asa file.

    >
    >Think of global.asa as a global include file that handles events.
    >That's a little simplistic, but it'll help you understand the concepts
    >of what you're asking. You can do things when the session starts or
    >ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
    >applications. But in the case of a SESSION_ONEND, it happens at the
    >end of the session, not when the browser is closed (which may or may
    >not end the session). You can't use the application object since it
    >doesn't apply to the user. So there's no real way to detect the
    >browser being closed, since it doesn't end a session and doesn't send
    >a response back to the server.
    >
    >>Also If I am creating a cookie and other site is also creating a
    >>cookie of same name then does this will create a problem?.

    >
    >Assuming you aren't using two sites that are identical, no.
    >
    >>which is safe and better .. creating cookies or creating session
    >>variables.

    >
    >Yes.
    >
    >>can anyone give me the comparision

    >
    >There isn't a comparison like that available. Each has advantages and
    >disadvantages in specific situations. You need to learn the
    >difference in the technologies first, since they don't have the same
    >function and using cookies doesn't mean you don't use a session
    >variable, or visce versa.
    >
    >In your mentioned situation you might do better with a cookie than a
    >session variable, but it really depends on what you're doing with the
    >information.
    >
    >Might look at:
    >
    >http://www.asp101.com/resources/apps_sessions_gasa.asp
    >
    >Jeff
     
    Bã§TãRÐ, Jul 27, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wayne
    Replies:
    2
    Views:
    493
    Wayne
    Nov 11, 2003
  2. Raghu
    Replies:
    1
    Views:
    4,124
    Raghu
    Feb 17, 2005
  3. _Who
    Replies:
    7
    Views:
    2,751
  4. Cookies in global.asa

    , Jun 24, 2004, in forum: ASP General
    Replies:
    4
    Views:
    455
    Zenobia
    Jun 26, 2004
  5. bb
    Replies:
    0
    Views:
    579
Loading...

Share This Page