Ultimate State Management

[kingelessar]

Hey,

 

I'm trying to create my own state/session management system because of the following reason:

 

I want it to be cookieless and completely invisible to the end user (so no fiddling with the url), so the ASP.NET session thingy isn't good enough for me

 

I could track sessions trough the client's IP, or a combination of the IP and UserAgent, but unfortunately there are a lot of people that have a home network with two computers with almost the same configuration.

 

Does anyone have another idea?

[Rodenberg]

If you want to be hardcore you can pull the MAC address from the http/request packets and differentiate that way. I don't know what performance would be like, but it would be a way you could identify each unique incoming request.

[Derek Stone]

If you're not going to add a session token to the URL, you'd have to add it to the page itself, and perform nothing but HTTP POST requests to hide it from the user. This would be an absolute nightmare, for both the developer and the end user. I would not recommend this.

[egdotnet]

you could requests and then immediately put the request value into a session or local variable & redirect to the page w/o any request strings.

[kingelessar]

Thanks for your replies.

 

I don't like the POST idea either, because when users would start entering their a custom url in their browser the session information would be lost.

 

About the MAC address: when someone has a LAN, wouldn't I get the MAC address of the router? And how can I retrieve the MAC address? As far as I know ASP.NET doesn't provide any access to the actual TCP/IP package.

 

The thing I am trying to do is track session information, and make this work in even a textbrowser, and allow the users to enter an url without the session info being lost.

 

Dennis

[kingelessar]

After some googling I found out that it is probably impossible what I am trying to do. Thanks for your help.