Session state management without cookies.

Hi,

We are using SQL Server to store session information (We are using a COM dll for this). When the user logs in we are creating a GUID and we are using this GUID to get the session details. Currently we are passing this GUID to all the pages via the query string. Now the client wants us to remove the GUID from the URL and also the client doesn't want us to use cookies. Please let me know if there is any way of doing this. The technology is ASP and we are using WEBFARMS.

Thanks in Advance

0
ramz_u
5/12/2008 12:03:54 PM
asp.net.state-management 8807 articles. 0 followers. Follow

11 Replies
735 Views

Similar Articles

[PageSpeed] 7

Hello  there,

Why don't you use Session managment provided by asp.net and you can make it cookie less as well. if you write this code inside web.config

<sessionState mode="SQLServer" sqlConnectionString="yourConnectionstring" cookieless="true"></sessionState>

should help you so you do not need to control anything.

other than that I do not think you can find a way! if you need more information about sqlserver session state just let me know


Cheers,
Emad Yazdanpanah
From http://www.CSharpCourses.com
0
emady
5/12/2008 12:28:45 PM

When we set cookieless="true", the sessionID is passed as part of the URL and this can compromise the security.

0
ramz_u
5/12/2008 1:01:21 PM

yes but the only way to keep session is either by cookie or querysting


Cheers,
Emad Yazdanpanah
From http://www.CSharpCourses.com
0
emady
5/12/2008 1:09:56 PM

just curious if there's a way to do this besides cookies or session ?

Cookies- A client might deliberately disable cookies and hence might never be authenticated

Session - A web server farm/cluster will postback different session IDs for different requests and hence there is a good chance that the user might fail authentication between two postbacks.

Is there some other client specific information that can be persisted..Something like MAC Address OR IP Address ?

 

Thanks in Advance

Russel

0
russzee
5/12/2008 11:53:53 PM

Hi there

first about cookies: even popular sites like yahoo and google will not work porperly if you disable cookie.

about Session: it is true that in web farme you have diffrent SessionId for diffrent request. However by using StateServer or Sqlserver (these are types of session  managment in web.config) you can redirect people with correct sessionId.

If you need help about StateServer and SqlServer session managment just Let me know

 


Cheers,
Emad Yazdanpanah
From http://www.CSharpCourses.com
0
emady
5/13/2008 12:44:47 AM

Hello emady, can you explain more details in Stateserver and SqlServer session management to me ?  because i wanna to know more about it and i plan to use it afterward..

Thank you..

0
angcs87
5/13/2008 2:02:42 AM

sure My friend just give me 6 hour I am at work then I will write a complete description about them sorry!


Cheers,
Emad Yazdanpanah
From http://www.CSharpCourses.com
0
emady
5/13/2008 3:01:18 AM

thank you.. i will be here waiting for you..

0
angcs87
5/13/2008 3:08:48 AM

Hello my Friend you can see a complete explanation in followin link I  just wrote that for you

http://www.csharpcourses.com/2008/05/session-managment.html

it explains all diffrent session managment in Asp.net let me know if you have any issues

 


Cheers,
Emad Yazdanpanah
From http://www.CSharpCourses.com
0
emady
5/13/2008 9:55:52 AM

Thank for reply and help me. Later i will go through all the thing.

0
angcs87
5/14/2008 1:52:56 AM

 hi there...

when i first setup the InstallSqlState.sql do i have to run UnInstallSqlState.sql too? because i found some site that i should install and uninstall which is absolutely confusing... and can you explain all about serializing using vb.net thanks a lot....


Regards,
Mhaey

Please remember to click “Mark as Answer” on the post that helps you.. =)
0
darkcat02
12/4/2008 5:31:14 AM
Reply:

Similar Artilces:

Session vs Cookie State management
 I have always been confused by this, even when I use PHP. Session & Cookies are two most common State management techniques.Sessions last until browser is closed, and Cookies persist beyond that. All that's fine.But I have also heard of permanent vs temporary cookies. And I have also read that a browser not set to accept cookies at all, cannot be tracked using sessions. All this has led me to conclude that temporary cookies are managed in memory & are the way sessions are managed. When the browser is closed, in memory-cookies are lost, and thus the sessions is over.And cook...

Usage scenarios for view state, session state, application state, cookies
Hi Guys, Im a college student in London with exams starting Monday on ASP.NET with C#.  Id be so grateful if you could provide me with solid real world scenarios/examples of when you would use the following to maintain state and why you would use them in that instance:   View State Session State Application State Cookies Also when would you use SOAP instead of the REST architecture and vice versa and why - again real world usage scenarios?  I note Amazon's web service uses the REST architecture - why is this, why dont they use SOAP. Id be grateful for a timely respon...

about session state management
i am new in this field and i want to know , how can i manage login state management in web application . what namespace and attribute and property should i use. please reffer me   Check these links.. http://msdn.microsoft.com/en-us/library/879kf95c.aspx http://msdn.microsoft.com/en-us/library/ms178331.aspx http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/login.aspxMy Blog"Don't be afraid to be wrong; otherwise you'll never be right." check out previous discussion http://forums.asp.net/p/1131994/1798030.aspx  Haissam Abdul MalakMCAD.NET| Bl...

Managing Session State
 Hi, Is there a way to set how long a session variable persists before it is destroyed?  I use forms based authentication on my site, but some events are based on particular session variables, and often times the session variable will be destroyed if the user leaves the session idle for a few minutes.  Can I configure my site so that session variables stick around until the forms authentication session is over?  Or, is it possible to set an event that triggers when the session state expires or when the session variables are destroyed that redirects to the login page?...

Session State Management
Which is the better option? Storing Session In Process .. Same process as the Web Server Storing Session State in a Windows Service .... ASP.NET State Storing Session State in Database. I am debating the pro's and con's of the three, basically it is for providing the typical who is online and what portion of the site they are visiting at the moment. I am tempted to use the Windows Service and run in on a secondary box.    AngeloA Hi,I moved your post from the FAQ forum to here as the FAQ forum is for posting answers to commonly asked questions, not asking questions.Ryan...

Session state managment
Can anyone refer me to a session state managment book and security practices if there is anything like that out their. Pelease check these sites. You may find them helpful. http://msdn2.microsoft.com/en-us/magazine/cc163730.aspx http://www.faqs.org/rfcs/rfc2964.html http://www.dotnetjohn.com/articles.aspx?articleid=249 http://www.informit.com/articles/article.aspx?p=31842&seqNum=3 http://coldfusion.sys-con.com/read/42075.htmPlease Mark As Answer if it helps you!...

The page requires session state that is no longer available. Either the session has expired, the client did not send a valid session cookie, or the session state history size is too small. Try increas
Hi.. I am making a mobile application using .net framework 2.0. My Application has  web farm scenario so for state management  I am using Sateserver in my application. My application runs fine if I dont use web farm scenario But in case of web farm scenario it is giving me error "The page requires session state that is no longer available. Either the session has expired, the client did not send a valid session cookie, or the session state history size is too small. Try increasing the history size or session expiry limit."   &...

"The page requires session state that is no longer available. Either the session has expired, the client did not send a valid session cookie, or the session state history size is too small. Try increa
Hi.. I am making a mobile application using .net framework 2.0. My Application has web farm scenario so for state management I am using Sateserver in my application. My application runs fine if I dont use web farm scenario But in case of web farm scenario it is giving me error "The page requires session state that is no longer available. Either the session has expired, the client did not send a valid session cookie, or the session state history size is too small. Try increasing the history size or session expiry limit." I am not getting why this error is coming ..Though I already h...

Easy explanation on Stateless management and State management
Hi,  Till now, me still confuse to understand Stateless management and State management. Can anybody explain to me in an easy understand with example? stateless - you cannot persist any values on frequent page request and response. state mgmt - you can retain values on subsequent calls. have a look at this http://articles.techrepublic.com.com/5100-10878_11-1049585.html"Never underestimate the power of stupid people in large groups" hi, The World Wide Web, on the other hand, is intrinsically stateless because each request for a new Web page is processed without any kn...

Session state timeout management
Hello all !There is one solution that is eluding me when it comes to the built in session timeout functionality in ASP.NET. What I have currently:A SessionCheck class that checks if a user session is timed out (using IsSessionNew() in conjuction with checking if there is a session cookie present etc.). Works fine and my system that measures the time users are logged in, covers this situation as long as the users "log in" (TimeIn), and subsequently "log out" when they are done (TimeOut). What I am not able to cover so far, is when the user is timed out from x min's of ...

How is session states managed in detail?
When I run the example http://www.dotnetjunkies.com/quickstart/aspplus/samples/apps/session1/VB/session1.aspx on http://asp.net/Tutorials/quickstart.aspx for session state with cookies switch of for my browser, I expected to se the session_id in the url when I press the button, but I never se anything why ?After changing the background color I open a new window with explorer and start the example again, and guess what, the new example has the color changed too. I thought that I was starting a new session, but obviously I was not. How could the server know that? may be a prox...

Session State Management #2
I have used Forms Authentication in my web application. And settings for session in Web.cofig is as follows <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="10" /> I want to redirect to my "Login.aspx" after session gets expire. My session variables are intialized in Login.aspx. Actually I have gone thrugh all this site, but could not get satisfaction. Please help me out for the same. Thanks in advance Regards, Kiran Hi,try to add Server.Transfe...

Session management
Hi, We are planning to use state server for maintaining session in our application since we are going for web farm installation. Could anyone please clarify the following queries 1) Assume we are installing our application in server 1 and server 2. Should I run state service in both the servers. Or there is an option of running service in Server 1 and point server 1 and server 2 to the service running in server1? 2) Somewhere in the article I read to maintain session variables all the pages in the application should be in one directory only. Is that true? If it is true how do we mainta...

Manage Session State
 Hi,i am trying to solve out consistency of arrays at .NET ASP  by using Session object.To be more specific, i have an aspx file  with an ajax timer. Every time the timer refreshes the page,i want to store a value to my array. The value is not specific. How can this array be available at all pages?Is there any other way besides the use of Session object? Thank you in advance   Session object will be available in all pages and specific to each user.  Application object will be available to all pages, but will be specific to the application (meaning all use...

Web resources about - Session state management without cookies. - asp.net.state-management

Management - Wikipedia, the free encyclopedia
Management in business and organizations is the function that coordinates the efforts of people to accomplish goals and objectives using available ...

Management - Wikipedia, the free encyclopedia
Management in businesses and organizations is the function that coordinates the efforts of people to accomplish goals and objectives by using ...

Management - Wikipedia, the free encyclopedia
Management in business and organizations is an art that coordinates the efforts of people to accomplish goals and objectives using available ...

Management - Wikipedia, the free encyclopedia
Management in business and organizations is the function that coordinates the efforts of people to accomplish goals and objectives using available ...

Wrike Rises Above Other Project Management Software After Testing
Over the last year I had occasion to look at and purchase Task and Project Management software. I had several folks on different teams sign up ...

Management expert Michael Schrage tells why you should love your ex-employees
Talented people who leave your organisation are not traitors.

Get trained for a career in project management for $39
... can be daunting—and expensive, when you’re starting your training from scratch. So if you’ve been thinking about a new career in project management, ...

Who is your team's clock-management assistant?
(Note: Sunday's edition of The Buffalo News includes a feature that explores the philosophies, fallacies and analytics of NFL clock management. ...

Charlie Sheen Plans To Counter Sue Ex-Fiancee In HIV Lawsuit Involving ‘Anger Management’ Profits
From the moment the Anger Management actor made public on The Today Show on November 17 that he has been HIV Positive for at least 4-years, we ...

Trend Micro Brings 'Deep Security' Management to Azure Workloads
The anti-malware software provider announces an integration with Microsoft's cloud security management platform.

Resources last updated: 12/5/2015 2:06:45 AM