Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Cookies , Session Which is Better ? and Global.asa Question

Reply
Thread Tools

Cookies , Session Which is Better ? and Global.asa Question

 
 
Amit D.Shinde
Guest
Posts: n/a
 
      07-24-2004
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.

I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.

Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.

which is safe and better .. creating cookies or creating session
variables.
can anyone give me the comparision
 
Reply With Quote
 
 
 
 
Jeff Cochran
Guest
Posts: n/a
 
      07-24-2004
On 24 Jul 2004 03:30:34 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) (Amit D.Shinde)
wrote:

>Hello Experts..
>
>I need some help regarding cookies and session objects and also
>global.asa file
>
>I am creating one cookie when a user logs in on my website.
>The cookie stores the login name of the user. I want that cookie
>should get deleted when user closes the browser without signing out.


That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.

>I think it is done in global.asa file . But i don;t know how to do it?
>Please Explain me the working of global.asa file.


Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.

>Also If I am creating a cookie and other site is also creating a
>cookie of same name then does this will create a problem?.


Assuming you aren't using two sites that are identical, no.

>which is safe and better .. creating cookies or creating session
>variables.


Yes.

>can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff
 
Reply With Quote
 
 
 
 
BTR
Guest
Posts: n/a
 
      07-27-2004
A little addition to Jeff's well thought out response:


COOKIES:
Cookies are best used when storing information that is generic like
browser settings, colors etc. for ( in most cases ) a longer amount of
time.

YOU SHOULD NEVER STORE PERSONALLY IDENTIFIABLE INFORMATION IN A
COOKIE!!!!!
The main reason for this being is safety, most people would store a
user name in a cookie name like uname or user or username or
user_name. I could write code that would run through those
combinations and the combinations of any other bit of information,
email, pw's ip's where they've surfed etc. and steal that information
to use for what ever purpose I needed.

If you needed to store personal information in a cookie use non
standard naming conventions and think about encrypting any specific
personal information you need to store. But like I said use as a last
resort.

Cookies (in most cases) can be called from multiple sites depending on
what you store in the info and know how to access it.

One advantage of using cookies is that the persons machine bears the
brunt of setting the cookie, storing that information etc. Unlike
sessions where the server takes the hit for having to store that
information.

SESSIONS:
Sessions are just as dangerous when storing personal information but
the danger is lessened if the server is "secured" etc. Although not
impossible - its much harder for me to hijack session information from
a user then it is for me to hijack cookie information. The server that
..asp file is running on bears the brunt of storing session information
in memory. Meaning, if you have a lot of people hitting your site at
any given time - server performance is reduced becuase the server is
using more memory to store session information.

The average time a session lasts is 20 mins. So, when your browser
hits the site the sessions starts counting down from there.

Sessions (in most cases) are site specific. It is possible to transfer
sessions to other sites but its not very practical.

Sessions do not die after the browser has closed down. If you have a
logout button on your site - make sure you use session.abandon to
kill any unwanted and unused sessions.

Rules of thumb for deciding which is better for your sites needs.
1. hi-traffic sites - use cookies
Moves some of the load off the server onto the persons browser

2. e-commerce sites - use sessions
quick and easy and doesnt store any personal information the persons
computer - can be killed once transaction is complete and the person
moves on to other websites.

3. site customization - use cookies
usually information like this is innoculous and is of no use to anyone
but your website.



Hope this helps a little
- Bastard


On Sat, 24 Jul 2004 13:56:19 GMT, (E-Mail Removed) (Jeff Cochran)
wrote:

>On 24 Jul 2004 03:30:34 -0700, (E-Mail Removed) (Amit D.Shinde)
>wrote:
>
>>Hello Experts..
>>
>>I need some help regarding cookies and session objects and also
>>global.asa file
>>
>>I am creating one cookie when a user logs in on my website.
>>The cookie stores the login name of the user. I want that cookie
>>should get deleted when user closes the browser without signing out.

>
>That's problematic, since closing the browser closes your potential
>for a response from the client. If the cookie has no expiration, it
>*should* expire when the user leaves your site, including when they
>close the browser. In my experience, that isn't always what happens,
>but it should do for what you need.
>
>>I think it is done in global.asa file . But i don;t know how to do it?
>>Please Explain me the working of global.asa file.

>
>Think of global.asa as a global include file that handles events.
>That's a little simplistic, but it'll help you understand the concepts
>of what you're asking. You can do things when the session starts or
>ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
>applications. But in the case of a SESSION_ONEND, it happens at the
>end of the session, not when the browser is closed (which may or may
>not end the session). You can't use the application object since it
>doesn't apply to the user. So there's no real way to detect the
>browser being closed, since it doesn't end a session and doesn't send
>a response back to the server.
>
>>Also If I am creating a cookie and other site is also creating a
>>cookie of same name then does this will create a problem?.

>
>Assuming you aren't using two sites that are identical, no.
>
>>which is safe and better .. creating cookies or creating session
>>variables.

>
>Yes.
>
>>can anyone give me the comparision

>
>There isn't a comparison like that available. Each has advantages and
>disadvantages in specific situations. You need to learn the
>difference in the technologies first, since they don't have the same
>function and using cookies doesn't mean you don't use a session
>variable, or visce versa.
>
>In your mentioned situation you might do better with a cookie than a
>session variable, but it really depends on what you're doing with the
>information.
>
>Might look at:
>
>http://www.asp101.com/resources/apps_sessions_gasa.asp
>
>Jeff


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies? _Who ASP .Net 7 09-18-2008 07:49 PM
Persistant cookies and non-persistant cookies. archana ASP .Net 1 05-25-2007 08:43 AM
Session Timeout problems-web.confg session state and IIS session s =?Utf-8?B?Um9iSEs=?= ASP .Net 4 04-11-2007 04:52 PM
Build a Better Blair (like Build a Better Bush, only better) Kenny Computer Support 0 05-06-2005 04:50 AM
Persistent Cookies vs. session cookies Andy Fish Java 3 11-06-2003 10:44 AM



Advertisments