Sessions are not really cookies. Basically, session variables are kept in
memory on the server (or through another method such as a database). They
set a cookie on the browser with information to identify exactly what
session the browser is part of. Sessions are usually kept short so that the
server can then close them out and release their resources frequently. That
way, you don't end up with hundrends of sessions active that actually don't
have any users doing anything (sessions don't close when someone browses to
another web site). For things like login information, shorter sessions are
good because if a user leaves their computer and someone else walks up, the
window of opportunity for such an error is reduced. You may want to see what
is useful to put into cookies if you need to keep good control over the time
a value is stored for without eating up tons of server resources. You may
also want to look at ASP.Net's forms authentication features as it also has
a sliding expiration for user information. In other word, the timeout is
refreshed whenever the user grabs another page on the site.
Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage
"Wayne Wengert" <> wrote in message
news:ee$...
> Are Session variables the same as a cookie? In reading a couple of pages I
> got from searches, I don't get the difference. Basically, I am currently
> using simple session variables (e.g. Session("UserName") =
> txtLastName.Text). I think they are expiring for some users (longer
> sessions?) and I need to be able to set the expiration to something like
> Now() plus 2 hours.
>
> What is the right way to do this?
>
> Wayne
>
>
|
Similar Threads
