Session object and coockies in asp.net

R

RA

Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user session id,
but if cookies are not enabled then it will send the session id as part of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks
 
Z

Z D

The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD
 
R

RA

This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.



Z D said:
The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD


RA said:
Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user session id,
but if cookies are not enabled then it will send the session id as part of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks
 
Z

Z D

What microsoft document?

You have to allow it in web.config or else it doesnt work.


RA said:
This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.



Z D said:
The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD


RA said:
Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
session
id,
part
of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks
 
R

RA

Look at :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/


Z D said:
What microsoft document?

You have to allow it in web.config or else it doesnt work.


RA said:
This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.



Z D said:
The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user session
id,
but if cookies are not enabled then it will send the session id as
part
of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks
 
Z

Z D

that link doesn't work... you didnt link the file name of the document...


RA said:
Look at :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/


Z D said:
What microsoft document?

You have to allow it in web.config or else it doesnt work.


RA said:
This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies disabled
then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user session
id,
but if cookies are not enabled then it will send the session id as part
of
the url. Is this correct?

2) I also understand from the article that all the information I use
with
the session object such as Session["UserName"]=txtUserName.Text... is
kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks
 
R

RA

Sorry,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp

Z D said:
that link doesn't work... you didnt link the file name of the document...


RA said:
Look at :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
Z D said:
What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url
if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies disabled
then
you wont know which user relates to which session on the server (and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user
session
id,
but if cookies are not enabled then it will send the session id as
part
of
the url. Is this correct?

2) I also understand from the article that all the information I use
with
the session object such as
Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc"
then
the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always
have
object
 
Z

Z D

You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.


RA said:
Sorry,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp

Z D said:
that link doesn't work... you didnt link the file name of the document...
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ url
if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the server (and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ id
as
part
of
the url. Is this correct?

2) I also understand from the article that all the information
I
use
with
the session object such as Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc" then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always
have
a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session
object
to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks
 
R

RA

Thank you,

So if I use cookieless = true then asp.net will use the url for session id
and I can be safe using the session information I am saving. Am I correct?



Z D said:
You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.


RA said:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the
url
if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the
server
(and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
information
I
use
with
the session object such as Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc" then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have
a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object
to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks
 
Z

Z D

if you put cookiless=true then you must be careful to ONLY use relative
paths when linking to other pages, images, etc within your app. If you use
absolute paths it will not work correctly.

RA said:
Thank you,

So if I use cookieless = true then asp.net will use the url for session id
and I can be safe using the session information I am saving. Am I correct?



Z D said:
You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.
http://msdn.microsoft.com/library/d...ry/default.asp?url=/library/en-us/dnpag/html/
What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to
the
url
if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the server
(and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user
session
id,
but if cookies are not enabled then it will send the
session
id
as
part
of
the url. Is this correct?

2) I also understand from the article that all the
information
I
use
with
the session object such as
Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc"
then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always
have
a
valid
data regardless if the user enables cookies or not. Am I
correct?

This all lead me to a conclusion that if I use the Session
object
to
store
user information, then I should be safe reading and
storing
the
information
weather the user enables cookies or not.


Thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,951
Messages
2,570,113
Members
46,698
Latest member
alexxx

Latest Threads

Top