login and sessions

Discussion in 'ASP General' started by Ricardo Furtado, Aug 31, 2010.

  1. When developing web pages i usualy check if the user is logged by using
    sessions.
    Yesterday i read something about the down sides of sessions and one of them
    is when computers don't allow sessions.
    What should be the best way to check if a user is logged?
     
    Ricardo Furtado, Aug 31, 2010
    #1
    1. Advertisements

  2. Ricardo Furtado

    Tim Slattery Guest

    Sessions are maintained server-side. They are identified by a cookie
    that's passed back and forth between the server and client. Most
    clients will allow session cookies even if they don't allow persistent
    cookies. If the client doesn't allow session cookies, then there's
    nothing much you can do to maintain a session. (And the user has cut
    himself off from a LARGE part of the web!)
     
    Tim Slattery, Aug 31, 2010
    #2
    1. Advertisements

  3. Thanks for your answer.

    So, but can i believe that sessions are the best options for this kind of
    tasks? better than passing a session ID in every URL or even global variables?
     
    Ricardo Furtado, Aug 31, 2010
    #3
  4. Ricardo Furtado

    Evertjan. Guest

    Ricardo Furtado wrote on 31 aug 2010 in
    microsoft.public.inetserver.asp.general:
    [please do not top post or quote signatures on usenet]
    A session is passing a session ID in every request header.

    Why do you think "the best" exists?
    That is a matter of tast, not of axioms.
    Uh? what do you mean, global where? On the server?
    As a application variable?
    Or as a session variable? [you would need a session for the latter]
    Or on the browser?
    How would you recognize a specific user with those?
     
    Evertjan., Aug 31, 2010
    #4
  5. Ricardo Furtado

    Bwig Zomberi Guest


    Use session variables to maintain login details. Use response.cookies to
    maintain other details such user preferences, shopping cart details...
     
    Bwig Zomberi, Sep 2, 2010
    #5
  6. Ok, thank you all for your answers.
    I'll do that, Bwig Zomberi. Great tip
     
    Ricardo Furtado, Sep 2, 2010
    #6
  7. Ricardo Furtado

    Evertjan. Guest

    Bwig Zomberi wrote on 02 sep 2010 in
    microsoft.public.inetserver.asp.general:
    Why?

    It seems ridiculous if [as you should] you want to keep those details only
    for the session.

    Shopping cart details are part of the session and can better be kept on the
    server to prevent malicious use.

    Preferences could be kept in persistant cookies between sessions, if you
    want to save them for future use, however since you would keep login
    details on a serverside database, they are better kept in that database, to
    prevent another user on the same browser to be presented with another's
    preferences, and the same user on another browser or pc without his [or
    her's] preferences.

    So all in all, no, don't use cookies in a shopping cart environment, but
    for the asp automatic session.id cookie.
     
    Evertjan., Sep 2, 2010
    #7
  8. Ricardo Furtado

    Bwig Zomberi Guest

    Cookies can be made to expire. Details stored in the cookie should be
    mapped to the user id and should be used only if the user is logged in.

    You can of course store shopping cart and other details on the server
    but that is a lot of work.;-) It is easier to maintain an activity log
    in ASP.NET.

    Session variables are a limited resource. Most websites are on shared
    servers. So, it is best to limit the use of session variables.
     
    Bwig Zomberi, Sep 6, 2010
    #8
  9. Ricardo Furtado

    Evertjan. Guest

    Bwig Zomberi wrote on 06 sep 2010 in
    microsoft.public.inetserver.asp.general:
    Wait!

    Do not discuss session cookies and expiring cookies in the same way.

    While the latter often are disallowed by users, the session cookies,
    that only live till the browser has stopped or the domain is no longer
    accessed are most often allowed, making the ASP session.id cookie
    possible and so the ASP session.
    You can see that as a joke, but it is not. The only safe programming is
    serverside programming, and a shopping cart should not be influenced by
    interfering code on the browser, like the firefox and chrome extensions.
    Off topic, this is a classic ASP NG.
    No it is not,
    because of the simple truth that "is best" does not exist in
    programming.

    Having a shopping cart without enough resources asks for more resources
    in professional surrounding, not for unsave escape practices.
     
    Evertjan., Sep 6, 2010
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.