ASP 101 - Active Server Pages 101 - Web01
The Place ASP Developers Go!

Please visit our partners


Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates














ASP 101 is an
internet.com site
ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
An Overview of ASP.NET
Connections, Commands, And Procedures
What is ASP?

QUICK TIP:
IIS Reset
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


Quick Tips


Cookie-less Sessions

Sessions were one of the great innovations of classic ASP. Sure they had their problems, but they provided an easy way to store user specific data and gave us an easy way to overcome the limitations of the stateless nature of the Web.

If you were willing to deal with the additional load that sessions could place on your web server, the other main issue developers faced was handling clients that didn't accept cookies. You see, in order to keep track of which client went with which session information, the server would set a cookie on the client browser. Then when the browser requested the next page it would send that cookie back. When the server received the cookie back, it would use the value of that cookie to look up the user's session information. If the browser didn't send back the cookie, then the web server couldn't find the user's session.

Luckily ASP.NET solved this problem by offering a new option. By simply setting an option in your Web.config file you can tell ASP.NET to pass the unique identifier in the querystring instead of via a cookie. Here's the option you need to set in your Web.config:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <sessionState cookieless="true" />
  </system.web>
</configuration>

Once enabled, you'll see that URLs in your application look a little odd. Instead of the normal URL that might look like this:

http://localhost/CookielessSessions/default.aspx

you get something like this instead:

http://localhost/CookielessSessions/(hmkaz445ms12b3zam1aeiw45)/default.aspx

ASP.NET automatically adds the portion between the parentheses and uses it instead of a cookie to identify the user. This section of the URL will be unique for each session so that each user's request to the same page will result in a different URL. This way ASP.NET can keep track of sessions without the browser needing to support cookies. After all, every browser supports URLs!


Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.


Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers