Sessions and Cookies turned off

Results 1 to 2 of 2

Thread: Sessions and Cookies turned off

  1. #1
    Join Date
    Dec 1969

    Default Sessions and Cookies turned off

    I was working on a system of detecting if cookies are enabled and I noticed something. Scenario:<BR><BR>I was testing the site using Netscape 4.08 with cookies turned off.<BR><BR>I added the following to the top of the index.asp page, <BR>Response.Write(Session.SessionID)<BR><BR>The first time I hit the page, the first thing I saw was 1066392189. I thought this was weird to have a SessionID assigned since cookies were turned off. I refreshed the page and the new number I got was 1066392190. Refreshed again and got 1066392191. So the sessionID wasn&#039t sticking and I would get a new one every time I hit a page. This sparked my curiousity.<BR><BR>In Session_OnEnd, I added the following code,<BR><BR>Dim FileSys, File<BR>Set FileSys = CreateObject("Scripting.FileSystemObject")<BR>Set File = FileSys.CreateTextFile("c:\"& session.sessionid & ".txt", True)<BR>File.WriteLine (Date & " at " & Time)<BR>File.Close<BR>Set File = Nothing<BR>Set FileSys = Nothing<BR><BR>Now every time Session_OnEnd is called, it wrote a text file to the hard drive with the SessionID as the name.<BR><BR>I re-opened my Netscape browser and hit the same the page ten times. I got 10 seperate SessionID numbers. I closed my browser and checked the directory, no files written. I left my machine as it was and went to lunch. When I got back, I had ten files in my directory with the same SessionID filenames. I concluded the session timeout occured, calling Session_OnEnd. But that would mean that sessions were created on the server for each time I hit refresh, even though my browser had cookies turned off.<BR><BR>Does this mean that if I have 10 simultaneous users with cookies turned off, and they browse 5 pages, I have 50 unique (and useless) sessions on the server? Wouldn&#039t this make sessions really unscalable?<BR><BR>Tyson

  2. #2 Guest

    Default RE: Sessions and Cookies turned off

    For sessions to work, the user must have cookies enabled. To get around this, use Microsoft&#039s Cookie Munger. It will insert cookies into the headers of pages ... thus users without cookies will still be able to maintain session state, etc. The state is maintained with the server by the sessionid. It acts as a key to the session data being stored in IIS.<BR><BR>You are right about new sessions being created ... this is the nature of things when the browsers have cookies disabled. Many large-access sites even forget about the idea of sessions and work in a sessionless state. This reduces workload on the server. In these cases the sessions are maintained in variables stored in cookies or headers (using Cookie Munger).<BR><BR>Sessions become even more complicated in a load-balanced environment since sessions cannot be maintained across machines. To maintain sessions in this enviroment many people use cookies or headers (using Cookie Munger) or one of several third-party solutions for maintain session across a server farm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts