Sessions and Cookies...what's the catch ?

Results 1 to 5 of 5

Thread: Sessions and Cookies...what's the catch ?

  1. #1
    Patty Guest

    Default Sessions and Cookies...what's the catch ?

    I&#039;ve read that the use of session variables are prefered by developers.<BR><BR>For the session variables:<BR><BR>-If a user has disabled the cookie function on their system, then the session variables won&#039;t work<BR>-Session variables take a whole lot of the server&#039;s memory (it adds up when you have 20 fields that need to be remebered throught multiple pages)<BR>-Session variables expire in 20 minutes (default configuration, if you do not have physical access to the server and can&#039;t change the value)<BR><BR>On the other hand:<BR>-Cookies do not work if the user has disabled the cookie function on his/her browser.<BR>-Cookies can be deleted from the user&#039;s machine manually<BR>-but Cookies can be remembered for a long period of time<BR><BR>What is the downside?<BR><BR>Mentionning the points above, why do developers prefer to use session variabbles (apart from being able to store different kinds of data, such as object) ?<BR><BR>Thank you in advance.<BR>Patty

  2. #2
    Join Date
    Dec 1969

    Default RE: Sessions and Cookies...what's the catch ?

    Seems like you&#039;ve done some homework.<BR><BR>Well, I&#039;m a developer, and I absolutely refuse to use Session variables. I exclusively use cookies, even if the cookie expires at the end of the session.<BR><BR>Session variables will not cross web farms, unless you tie the session to the server (which defeats load balancing(<BR><BR>Your pages will run faster if you have Session state turned off in IIS, or at the top of your page<BR><BR>You better not be putting objects in your session varialbes. There are exceptions to this, but that is a much more advaced topic than what needs to be discussed here.<BR><BR>My rule? You don&#039;t get onto my sites if you don&#039;t have cookies enabled and accept them. It&#039;s hard enough to persist information in the Web world without being crippled even more. Oh yea, even with that stipulation, I&#039;ve never had a complaint yet. It&#039;s a good idea to tell the user beforehand what you&#039;re doing with the cookie.<BR><BR>Help any?

  3. #3
    Medieval Dude Guest

    Default RE: Sessions and Cookies...what's the catch ?

    I don&#039;t want my session to last beyond 20 minutes of idle time. If someone steps away for that long, I want their session variables to be lost for security reasons. And by the same token, I don&#039;t want to use cookies because they could last for an entire year or more. I like to setup my global variables for a short period, use them in my application, then get rid of all of them.

  4. #4
    Patty Guest

    Default Going with Cookies !

    I&#039;d rather use cookies than take up the server&#039;s memory.<BR>Even though the user at the other end might disable the cookie function. Most people don&#039;t. <BR><BR>Thanks for all you suggestions.<BR>Appreciate it.<BR>Patty

  5. #5
    Justin Bonaparte Guest

    Default RE: Going with Cookies !

    One thing you may want to consider is that there is a set limit to the amount of information a cookie can store (4KB?) and the number of cookies per site (20?). I&#039;ve run headlong into these limits on my intranet sites that do a lot of dynamic processing. As the session goes along, some session info is stored in cookies, and the cookies are constantly being appended to. Once the limit is reached, bam, the page doesnt display (at least not in IE). As cheap as RAM is now, your server shouldn&#039;t be light on memory. HTH

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts