Session object and coockies in asp.net

[RA]

Hi

Please review and let me know if I am correct:

1) My understanding from reading
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp is that asp.net uses cookies to store the user session id,
but if cookies are not enabled then it will send the session id as part of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks

 

[Z D]

The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD

 

[RA]

This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.

The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD

Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp is that asp.net uses cookies to store the user session id,
but if cookies are not enabled then it will send the session id as part of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks

 

[Z D]

What microsoft document?

You have to allow it in web.config or else it doesnt work.

This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.

The issue is tracking the user's session. If they have cookies disabled then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell it to
do so in web.config

-ZD

Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

session
id,

part

of

the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text... is kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the information
weather the user enables cookies or not.


Thanks

 

[RA]

Look at :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

What microsoft document?

You have to allow it in web.config or else it doesnt work.

This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.

The issue is tracking the user's session. If they have cookies

disabled
then

you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell

it
to

do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp is that asp.net uses cookies to store the user session
id,
but if cookies are not enabled then it will send the session id as

part

of
the url. Is this correct?

2) I also understand from the article that all the information I use with
the session object such as Session["UserName"]=txtUserName.Text...

is
kept

on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks

 

[Z D]

that link doesn't work... you didnt link the file name of the document...

Look at :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

What microsoft document?

You have to allow it in web.config or else it doesnt work.

This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url if the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies disabled
then
you wont know which user relates to which session on the server (and thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly

tell

it

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp is that asp.net uses cookies to store the user session
id,
but if cookies are not enabled then it will send the session id as part
of
the url. Is this correct?

2) I also understand from the article that all the information I use
with
the session object such as Session["UserName"]=txtUserName.Text... is
kept
on the server. If the web.config session state mode="inproc" then the
session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks

 

[RA]

Sorry,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp

that link doesn't work... you didnt link the file name of the document...

Look at :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the url

if
the

cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies disabled
then
you wont know which user relates to which session on the server (and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly

tell

it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp is that asp.net uses cookies to store the user
session
id,
but if cookies are not enabled then it will send the session id as
part
of
the url. Is this correct?

2) I also understand from the article that all the information I use
with
the session object such as

Session["UserName"]=txtUserName.Text...
is

kept
on the server. If the web.config session state mode="inproc"

then
the

session object information will be stored and managed by Aspnet_wp.exe
process. So in this case the Session["UserName"] will always

have

a

object

to

 

[Z D]

You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.

Sorry,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/
diforwc-ch05.asp

that link doesn't work... you didnt link the file name of the document...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ url

if

the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the server (and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ id

as

part
of
the url. Is this correct?

2) I also understand from the article that all the information

I
use

with
the session object such as Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc" then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always

have

a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session

object

to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks

 

[RA]

Thank you,

So if I use cookieless = true then asp.net will use the url for session id
and I can be safe using the session information I am saving. Am I correct?

You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.

Sorry,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to the

url

if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the

server
(and

thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

id

information

I

use
with
the session object such as Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc" then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always have
a
valid
data regardless if the user enables cookies or not. Am I correct?

This all lead me to a conclusion that if I use the Session object
to
store
user information, then I should be safe reading and storing the
information
weather the user enables cookies or not.


Thanks

 

[Z D]

if you put cookiless=true then you must be careful to ONLY use relative
paths when linking to other pages, images, etc within your app. If you use
absolute paths it will not work correctly.

Thank you,

So if I use cookieless = true then asp.net will use the url for session id
and I can be safe using the session information I am saving. Am I correct?

You are prolly referring to this quote from that article:
"If the client or application is configured to disallow cookies, ASP.NET
encodes the session ID as part of the URL the client uses when making
requests to the application"

It is a little ambigious and not technically 100% correct. The incorrect
part is "client or application".

If the client is configured to disallow cookies, then asp.net does NOT
autmatically put the sessionID in the URL.

It ONLY puts the sessionID in the url if the Applicaion is configured to
disallow cookies. (ie you set cookieless = true in web.config)

try it yourself and you will see that i'm correct.

http://msdn.microsoft.com/library/d...ry/default.asp?url=/library/en-us/dnpag/html/

What microsoft document?

You have to allow it in web.config or else it doesnt work.


This is not what being said in the microsoft document.
Look in the document and you will see that it is applied to

the
url

if
the
cookies disabled at the browser.



The issue is tracking the user's session. If they have cookies
disabled
then
you wont know which user relates to which session on the server
(and
thus
the server wont know which Session["UserName"] to use).

Note: The session ID is only stored in the URL if you explicitly
tell
it
to
do so in web.config

-ZD


Hi

Please review and let me know if I am correct:

1) My understanding from reading

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/

diforwc-ch05.asp is that asp.net uses cookies to store the user
session
id,
but if cookies are not enabled then it will send the

session
id

as
part
of
the url. Is this correct?

2) I also understand from the article that all the

information

I
use
with
the session object such as
Session["UserName"]=txtUserName.Text...
is
kept
on the server. If the web.config session state mode="inproc"
then
the
session object information will be stored and managed by
Aspnet_wp.exe
process. So in this case the Session["UserName"] will always
have
a
valid
data regardless if the user enables cookies or not. Am I
correct?

This all lead me to a conclusion that if I use the Session
object
to
store
user information, then I should be safe reading and

storing
the

information
weather the user enables cookies or not.


Thanks