Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Do Sessions Require Cookies?
- Thread starter yu217171
- Start date
Keith - (based on Walthers, 2002, 2d Ed.)
Session variables can either be dependent on cookies (_ASP.NET_SessionID created on client machine) or independent of cookies (Cookieless Sessions, in which the SessionID is embedded with the current page's URL). By default, session state relies on cookies.
Session objects are stored on the Server and reference is made to the cookie on the client side (cookies) or the Session ID embedded within the URL (Cookieless Sessions). In this way, data tables and other objects, not compatible with traditional client side cookies, can be stored. The limitation here is scalability if large objects (such as tables) are routinely put into Session.
You can enable Cookieless Sessions by altering system.web in the Web.Config file, e.g.,
Cookieless sessions are fully compatible with managing state in process, in a Windows service, or in a database table. There's nothing wrong with enabling cookieless sessions and storing the session data in a database table.
Limitations in Cookieless sessions is that you cannot use absolute URLs when linking between pages (every link in your aspx pages must make reference to the current page), e.g.,
<a href="mypage.aspx">Click here</a>
<a href="mydri/mypage.aspx">Click here</a>
works but...
<a href=""/mypage.aspx">Click here</a>
<a href=".../mypage.aspx">Click here</a>
does not (makes no ref to current page).
You bring up a good point though Kieth. Which one is preferred? In my case, I generally rely on cookies on the client side, my target audience is not that big.
But what if your audience is large? Perhaps many will not accept cookies. Does one use the Cookieless state?
This is a good question for some of the experts here, and I have not paid too much attention to this. Let's see what someone else has to say on the subject.
Session variables can either be dependent on cookies (_ASP.NET_SessionID created on client machine) or independent of cookies (Cookieless Sessions, in which the SessionID is embedded with the current page's URL). By default, session state relies on cookies.
Session objects are stored on the Server and reference is made to the cookie on the client side (cookies) or the Session ID embedded within the URL (Cookieless Sessions). In this way, data tables and other objects, not compatible with traditional client side cookies, can be stored. The limitation here is scalability if large objects (such as tables) are routinely put into Session.
You can enable Cookieless Sessions by altering system.web in the Web.Config file, e.g.,
Code:
<configuration>
<system.web>
<sessionState
cookieless="true"
</system.web>
</configuration>Cookieless sessions are fully compatible with managing state in process, in a Windows service, or in a database table. There's nothing wrong with enabling cookieless sessions and storing the session data in a database table.
Limitations in Cookieless sessions is that you cannot use absolute URLs when linking between pages (every link in your aspx pages must make reference to the current page), e.g.,
<a href="mypage.aspx">Click here</a>
<a href="mydri/mypage.aspx">Click here</a>
works but...
<a href=""/mypage.aspx">Click here</a>
<a href=".../mypage.aspx">Click here</a>
does not (makes no ref to current page).
You bring up a good point though Kieth. Which one is preferred? In my case, I generally rely on cookies on the client side, my target audience is not that big.
But what if your audience is large? Perhaps many will not accept cookies. Does one use the Cookieless state?
This is a good question for some of the experts here, and I have not paid too much attention to this. Let's see what someone else has to say on the subject.
BoulderBum
Programmer
- Thread starter
- #4
Thanks for your responses everyone. It's just that at peak hours on a few of my sites, I'm getting
"Object reference not set to an instance of an object" and I think it may have to do with Sessions timing out. What's the best way of handling timing out sessions? Would I have to put code on every page, testing if the Session variable is null?
I also have clients where they close their browser and reopen another browser (not an instance of the same process - IE: Ctrl-N) and the session contents are still there. I guess I should do a Session.Contents.RemoveAll on my main page.
Thoughts, suggestion welcome.
Keith
"Object reference not set to an instance of an object" and I think it may have to do with Sessions timing out. What's the best way of handling timing out sessions? Would I have to put code on every page, testing if the Session variable is null?
I also have clients where they close their browser and reopen another browser (not an instance of the same process - IE: Ctrl-N) and the session contents are still there. I guess I should do a Session.Contents.RemoveAll on my main page.
Thoughts, suggestion welcome.
Keith
- Status
Similar threads
- Locked
- Question