tags:

views:

870

answers:

3
+1  Q: 

if cookies are disabled, does asp.net store the cookie as a session cookie instead or not?

basically, if cookeis are disabled on the client, im wondering if this...

dim newCookie = New HttpCookie("cookieName", "cookieValue")

newCookie.Expires = DateTime.Now.AddDays(1)

response.cookies.add(newCookie)

notice i set a date, so it should be stored on disk, if cookies are disabled does asp.net automatically store this cookie as a session cookie (which is a cookie that lasts in browser memory until the user closes the browser, if i am not mistaken).... OR does asp.net not add the cookie at all (anywhere) in which case i would have to re-add the cookie to the collection without the date (which stores as a session cookie)... of course, this would require me doing the addition of a cookie twice... perhaps the second time unnecessarily if it is being stored in browsers memory anyway... im just trying not to store it twice as it's just bad code!! any ideas if i need to write another line or not? (which would be)...

response.cookies.add(New HttpCookie("cookieName", "cookieValue") ' session cookie in client browser memory

thanks guys

+1  A: 

This MSDN article seems to indicate that there is no built in mechanism for compensating with the user disabling cookies. It also indicates that session state does not work without at least some level of cookies being enabled.

I thought that there was a mechanism for passing a query variable for the session id but skimming the article (quickly) I did not see this.

Hope that helps.

EDIT: It does say that you can use cookieless sessions (I thought you could). They use a separate mechanism to embed session ID in the pages and url links.

GrayWizardx  2009-12-24 05:10:39
Erx_VB.NExT.Coder  2009-12-24 05:14:47
I realize that, but the backing for cookieless sessions would be session state maintenance. which oddly is disabled as well (not the best design IMHO). I believe that if the user has disabled cookies, you will get no warning (beyond checking for them yourself) and cookies will simply disappear into the ether.
GrayWizardx  2009-12-24 05:48:35
but there are situations where client can enable cookie data to be stored in its client browsers memory while at the same time not allowing cookie data to be stored inside a cookie file on disk. in internet explorer the option is labeled "allow session cookies"
Erx_VB.NExT.Coder  2009-12-24 06:43:35
I believe as far as ASP.NET is concerned this is "cookies enabled", and "disabled" is when all parts are disabled. Since these are browser settings, you would have to try it and see the results.
GrayWizardx  2009-12-24 07:05:11
will run a test and let you know how it goes
Erx_VB.NExT.Coder  2009-12-24 21:49:19
A: 

To follow up on GrayWizardx's reply, much of what was said is completely accurate.

If you are using a Cookie'd version of Session, and cookies are disabled then you are out of luck. But you have the option to have a cookieless version of the Session, which adds a string to the URL that shows the users session id. This is very ugly looking, and has always concerned me from a security perspective.

So you have three options (that I can think of off the top of my head): 1. Require cookies. This is not a bad thing, especially if your site is one that would have requiring cookies as normal. 2. Use ViewState.
3. Pass information from page to page within the URL. This, again worries me from a security perspective.

Clarence Klopfstein  2009-12-24 05:21:31
just a question then, if cookies are disabled, is there any way of storing information in the users computers memory (client/browser memory) without continuously transfering the data (viewState) or loading it all up in my servers memory (sessionState)...i just want to offload as much storage as i can to the client (while keeping in mind security obligations)... and where there is no option, persist them in server memory or viewstate.i think that if one has cookies disabled, it doesn't necessarily mean session cookies are disabled, so my original question still applies... any ideas?
Erx_VB.NExT.Coder  2009-12-24 06:41:30
Cookies are cookies. If they are disabled, then they are all disabled. If a user wants to lock you out, there isn't much you can do about it. That is just the model of browsers/web sites.Why such the concern over cookies being enabled or disabled? I've developed some fairly big projects and this has never been a concern for me, or the business people on the project. Some people just want to have an awful experience on the web. We can't prevent that too much.
Clarence Klopfstein  2009-12-24 15:34:55
Erx_VB.NExT.Coder  2009-12-24 21:48:23
I'm not incorrect. IE, apparently, has smart logic in it for session cookies. FireFox either allows cookies or not. It doesn't matter if it is a session cookie or a 'normal' cookie. So if you only need to support IE, then go for it with that setting as a requirement. However, for other browsers... its on or off.
Clarence Klopfstein  2009-12-24 23:07:23
ah ok, thanks for the clarification... basically im using a webservice to populate some data (array of integers) and cant use viewstate in webservice, dont want to use session state, so only option is to use cookies really...
Erx_VB.NExT.Coder  2009-12-25 13:07:04
just a comment, i am NOT talking abotu the session object and how it saves its id in a cookie, im just talking abotu session cookies and cookies... (nothing to do with the SESSION OBJECT)... session cookies mean in client memory cookies data (client memory, not server)
Erx_VB.NExT.Coder  2009-12-30 21:57:08
A: 

You might consider using this little library:

http://www.codeproject.com/KB/aspnet/Univar.aspx

It can automatically switch to the session whenever the cookie is unavailable. It also has a server side implementation of the cookie whereby all cookies are stored on the server and asp.net authentification can be used to identify the user.

Ziad  2010-03-26 11:02:36

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?