There has been a question asked multiple times lately on the relationship between cookies and session variables and I have yet to see a complete explanation on the main question being "Will session variables work if cookies are disabled". It drove me nuts seeing everyone going back and forth on this one so I did the tests and did the research and this is what I have for my results along with the answer to the question. Here is a simple test I performed With cookies disabled Session.asp <% response.write(session.sessionID &"<br>") session("var2") = "didn't need cookies" & "<br>" response.write "the session variable contains " & session("var2") %> Now of course this worked fine. I even received a session ID. Here's what I got
406791000 the session variable contains didn't need cookies
However, when I tried to call this variable on the next page Session2.asp <% response.write "The session variable contains " & session("var2") %> I recieved this The session variable contains the session variable contains
So it did not work with cookies disabled. So, with these results in hand I am confident in stating "The user must have cookies enabled in order for you to use a session variable ACROSS the pages of the site"
I think that is the main comment here. The session variables will work in one page of course, but when you try to call upon this variable in the next page you will not receive its value.
Here is the best article I found on this issue thus far and if I find more then I will add, but I think it along with this test pretty much sums it up.
(By the way, when I enabled cookies the test worked fine)
Question: For session variables to work, must the Web visitor have cookies enabled?
Answer: Kind of. Session variables are bits of information that can be stored on a user-by-user basis. These bits of information are stored on the Web server. To tie these bits of memory with a particular user, for session variables to persist across Web pages, the user must have cookies enabled. When a user first visits a page on a site that uses Session variables, two things happen:
-- A block of memory is allocated for that particular user's session variables on the Web server. This block of memory is identified by a unique SessionID -- A cookie is written to the user's computer, storing the value of the SessionID
When the user visits another page on the site that uses session variables, the users SessionID cookie is referenced to determine if the user already has a session variable memory block setup. If he does, the values that are stored there are referenced. Through this mechanism, one can create seemingly "global" variables that persist from one page to another.