setting session ID

Results 1 to 3 of 3

Thread: setting session ID

  1. #1
    Join Date
    Dec 1969

    Default setting session ID

    I am building a password protection script using an access db from a tutorial. The script sets the session ID to the following:<BR><BR>Session("id") = oRs("ID")<BR><BR>How would I change that to make the session id equal to something that I select like "arbor123" or is that advisable?<BR><BR>If that is acceptable then how would I check for that exact value on the other pages? Currently I am using:<BR> if session("ID") = "" then <BR>response.redirect("sorry.asp") <BR>end if<BR><BR>I&#039m not real clear on session ID and would appreciate any help on this. I would also be interested in any opinions on how secure this is.<BR><BR>Thanks<BR><BR>

  2. #2 Guest

    Default RE: setting session ID

    Session variables a similar to VB variants. You can replace the ID with any name you like, and you can set it to any value even an object. You should limit the size and type of the variables, because each visitor on the server starts a session, and this can impact the performance. <BR><BR>So you can do:<BR><BR>Session("AnyNameYouLike") = AnyValueYouLike<BR>or to assign an object:<BR>set Session("AnyNameYouLike") = AnyObjectYouLike<BR><BR>To maintain a login, as you want, you just assign a session variable(s) that is suitable to uniquely identify the user. You may improve performance if you save some other values that you use on every page and would otherwise have to get from db, but don&#039t carry too much in the session.<BR>

  3. #3
    Join Date
    Dec 1969

    Default One point of confusion...

    What you are describing is *NOT* a Session ID! It is simply the value of a so-called "Session Variable." <BR><BR>A Session ID is a *number* that is automatically generated by the system for each person as they first enter a given virtual directory (*not* just a site! there is a difference!). You access it via simply Session.SessionID and it is *read only*--you can never change it via your own code.<BR><BR>The Session Variable named "ID" has no special status whatsoever. The name "ID" is something that *YOU CHOSE* (perhaps you chose it by choosing to use your predecessor&#039s code, but you still chose it).<BR><BR>And having said all that... You can do essentially anything you want with a Session Variable&#039s value. You control it. It is there for you, the ASP programmer. Do what you will. NOTHING outside of YOUR code will ever see its value.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts