Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ASP and Cookies 1
- Thread starter Rena
- Start date
- Thread starter
- #3
-
1
- #4
Yes, you have two types of cookies associated with your browser. One is the permanent cookie (stored on users hard drive) and one is the per-session cookie (not stored on users hard drive).
The perm. cookie you have to set yourself or it will never be sent and stored on the users machine.
the per-session cookie is nothing more than a cookie with a unique ID for that user to your server during the duration of the session state between you and him. Anything you use within the session state while interacting with him Stay's on the server only...the only thing passed back and forth is the actual ID number, so if you use credit card numbers, or whatever as a session variable (session("creditcard"
= Request.Form("userCCnumber"), it is not passed to the user's machine and stored on it, so you don't have to worry about the security. When the session ends, that unique ID is destroyed.
To use the session state on your web site, they have to have their per-session cookies enabled. They don't have to have the stored cookies enabled, to use the session state.
You can run a check to see if the user has enabled their per-session cookies when they first come to your site, and if they don't have it enabled, display a message telling them to use your site they must enable it. If you want information on that, let me know.
Hope this helps. -Ovatvvon :-Q
The perm. cookie you have to set yourself or it will never be sent and stored on the users machine.
the per-session cookie is nothing more than a cookie with a unique ID for that user to your server during the duration of the session state between you and him. Anything you use within the session state while interacting with him Stay's on the server only...the only thing passed back and forth is the actual ID number, so if you use credit card numbers, or whatever as a session variable (session("creditcard"
= Request.Form("userCCnumber"), it is not passed to the user's machine and stored on it, so you don't have to worry about the security. When the session ends, that unique ID is destroyed.To use the session state on your web site, they have to have their per-session cookies enabled. They don't have to have the stored cookies enabled, to use the session state.
You can run a check to see if the user has enabled their per-session cookies when they first come to your site, and if they don't have it enabled, display a message telling them to use your site they must enable it. If you want information on that, let me know.
Hope this helps. -Ovatvvon :-Q
Note, I am pretty sure that asp/IIS will only use a per-session cookie IF you are using the session state, that is, setting any session variables or what-not on your site.
If you set your EnableSessionState to False in your code, you will not be able to use your session variables and will come accross a bunch of problems. -Ovatvvon :-Q
If you set your EnableSessionState to False in your code, you will not be able to use your session variables and will come accross a bunch of problems. -Ovatvvon :-Q
- Thread starter
- #7
Thank you MNClimber, Jonax and Ovatvvon for your responses. This information was very helpful. We don't use session variables and have chosen to use the <%@EnableSessionState=FALSE%>. This is working well for us so far. Thanks again for your input.
Rena
Rena
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question