vellaima Posted April 8, 2003 Posted April 8, 2003 Hi, When i browsed i came to know that Cookieless Sessions can be Used. Is it passed as a QueryString Also, if i use cookies which is not cookieless sessions is there a possiblity that the end user can disable cookies. If so, how to go about for it? Quote
bungpeng Posted April 9, 2003 Posted April 9, 2003 Session is something like global variable, you can use it to store data, not passed as a QueryString. Session is not cookies, so user can't disable it. Quote
vellaima Posted April 9, 2003 Author Posted April 9, 2003 Thanks for replying. I went to this following web-site. I think it is stored as cookies. I am not sure. http://www.aspalliance.com/aspxtreme/webapps/aspnetsessions.aspx Quote
bungpeng Posted April 9, 2003 Posted April 9, 2003 No, this is "session" which provide by IIS (Internet Information Server), not cookies. Information will keep in IIS server rather than your machine. Cookies is handle by Browser and store data in your local machine (write data to your harddisk). Quote
vellaima Posted April 9, 2003 Author Posted April 9, 2003 In that case, when each user logs into the website does the IIS Server stores the session for each user? Is that what you are saying. Can you please explain as i am confused between cookies and sessions. Quote
bungpeng Posted April 9, 2003 Posted April 9, 2003 Yes. Session is similar with Cookies, just Cookies store in client machine and Session store in Web Server. Session will keep information of each user. Quote
vellaima Posted April 9, 2003 Author Posted April 9, 2003 Thanks a lot. Now i have understood the difference between Sessions and Cookies. :) Quote
bungpeng Posted April 9, 2003 Posted April 9, 2003 The Advantage for Session is it always function, user cannot disable it, but session will time out. Default time out is 20 minutes for IIS, you can change the setting. For Cookies, you can let it always on (no time out) until user close the browser. Furthermore, Session will need server resource but Cookies not. The only disadvantage for Cookies is: user can disable it. (setting in browser) Quote
vellaima Posted April 9, 2003 Author Posted April 9, 2003 Thanks bungpeng for this information. Can you please tell me whether HttpSessionState is a Session or Cookie. How can we extend the Session timing for more than 20 min? Is it possible by using script to extend the timing till the user closes the browser? Quote
*Gurus* Derek Stone Posted April 9, 2003 *Gurus* Posted April 9, 2003 I hate to jump on bungpeng's statements here, but sessions, by default, use cookies. The session object in ASP uses them, and ASP.NET is no different. You can set the HttpSessionState object to embed the session ID in the URL though, as Vidhya mentioned in his first post. You can set the Timeout property of the HttpSessionState object to a higher integer value if your application needs a longer session timeout value. Leave it at its default value and the cookie (and therefore the session) will be destroyed once the browser is closed. Quote Posting Guidelines
bungpeng Posted April 10, 2003 Posted April 10, 2003 Derek Store: If Session use cookies by default, it means when user disable the cookies, then my Session won't work? I did not know Session use cookies because I notice some feature are quite different. Quote
*Gurus* Derek Stone Posted April 10, 2003 *Gurus* Posted April 10, 2003 when user disable the cookies, then my Session won't work? That is correct (as long as you have not set the HttpSessionState's IsCookieless property to true). The only data a session cookie stores is the session ID. That ID is mapped to a memory store on the web server (the ASP.NET worker process more specifically), SQL Server or a state server, depending on which option the developer has chosen. If this ID is not sent with an HTTP request (for example if cookies are disabled) the server will establish a new session, since the previous one was never saved to a cookie on the client. Quote Posting Guidelines
bungpeng Posted April 10, 2003 Posted April 10, 2003 That is correct (as long as you have not set the HttpSessionState's IsCookieless property to true). [/Quote] Is it you mean in ASP.NET, there are 2 types of Sessions, one is Cookies base (IsCookiesless = false) and another one is not? Because if the second type also cookies base, then it should also won't work if client disable the cookies, right? Then I wonder what is the advantages of Session (first type, not Cookiesless) compare with Cookies? Because as what I understand, Session will need more resource compare with Cookies, that's why there are many articles teach people to disable Session or advice people not to use Session. Quote
vellaima Posted April 10, 2003 Author Posted April 10, 2003 Derek Stone, can you please tell me whether i am correct as i am confused now regarding Sessions. Can you please answer them if though it is repeated. 1) Is session's based on Cookies? The Session ID's are stored in Client's machine and not in server. 2) If "IsCookieless property to true" then the Session ID's are sent as a Query String Thanks, Vidhya Quote
*Gurus* Derek Stone Posted April 10, 2003 *Gurus* Posted April 10, 2003 I've answered all these questions, above. Please re-read what I have stated. Then I wonder what is the advantages of Session (first type, not Cookiesless) compare with Cookies? Because as what I understand, Session will need more resource compare with Cookies, that's why there are many articles teach people to disable Session or advice people not to use Session.Sessions use more resources because the session data is stored on the server, not on the client. This translates to higher memory usage by the server, since each session will need its own dedicated "chunk of space". The only data stored on the client is the session ID, which is mapped to the chunk of space on the server when a session variable is requested. Quote Posting Guidelines
bungpeng Posted April 11, 2003 Posted April 11, 2003 Thank you Derek Stone. May I know what are the advantages of Session compare with Cookies? and how about the other Session? (there are 2 types right? or what different between them?) Quote
vellaima Posted April 11, 2003 Author Posted April 11, 2003 Thanks Derek for replying to my Questions even though it is repeated. I have learnt a lot which i didn't know from this forum. I really thank each and every one of you for helping me do efficient programming. :) Quote
bungpeng Posted April 15, 2003 Posted April 15, 2003 I don't understand what is the advantages of this 'first' type Session compare with Cookies? and, what about the second type of Session? I just know from previous ASP, not ASP.NET... Quote
*Gurus* Derek Stone Posted April 15, 2003 *Gurus* Posted April 15, 2003 When a HttpSessionState object is cookie-less it stores the session ID in a query string that is passed from page to page as the user browses. If the HttpSessionState uses cookies the session ID is stored in a cookie that is sent to the server with each request. Those are the only differences. As for advantages of using sessions over cookies there are a few. The session object in ASP.NET is easier to use than the cookie collections, and it provides storage for any data type, not just string values. Data is also more secure since it isn't sitting unencrypted in a cookie on the user's hard drive. Sessions can be hijacked however, sometimes easily. Quote Posting Guidelines
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.