Ok, so Session is less than desirable, at least that's what I'm always
reading. So what are real, practical alternatives? Querystrings? an
endless chain of hidden form fields??
Here are the things I'm looking for specifically... .
1). I need to identify users uniquely as clients in some kind of
maintainable state.
2). I need to track anonymous user page views, etc. I'm guessing
Application level but don't know how to track users individually doing this.
Page views maybe, but not the succession in which they're viewed
Is there a way to do this without Session that isn't a pain in the a#*? Or
is Session just not that bad? I've used it a lot with users that manage
their "own" content but now I need to manage "all" users.
Oh, and how "safe" is Session? I need to know how hackers get into sites
that use the plain old "If userID <> Session("userID ").....". Is there a
way that hackers can create their own session and get by this?
Thanks! 6 1697
On Fri, 04 Mar 2005 13:11:06 GMT, "John"
<no***@amIgivin gitouthere.com> wrote: Ok, so Session is less than desirable, at least that's what I'm always reading. So what are real, practical alternatives? Querystrings? an endless chain of hidden form fields??
Why are sessions less than desirable?
Here are the things I'm looking for specifically... .
1). I need to identify users uniquely as clients in some kind of maintainable state.
2). I need to track anonymous user page views, etc. I'm guessing Application level but don't know how to track users individually doing this. Page views maybe, but not the succession in which they're viewed
Is there a way to do this without Session that isn't a pain in the a#*? Or is Session just not that bad? I've used it a lot with users that manage their "own" content but now I need to manage "all" users.
Oh, and how "safe" is Session? I need to know how hackers get into sites that use the plain old "If userID <> Session("userID ").....". Is there a way that hackers can create their own session and get by this?
Okay, that's not sessions. That's security. If your issue is
maintaining security state through sessions you have a different set
of questions. Though you may find that hackers get into sites without
having to spoof a session a lot easier.
Jeff
"John" <no***@amIgivin gitouthere.com> wrote in message
news:K7******** **********@twis ter.nyroc.rr.co m... Ok, so Session is less than desirable, at least that's what I'm always reading. So what are real, practical alternatives? Querystrings? an endless chain of hidden form fields??
Sessions are not undesirable. It's only that the scalability gets limited if
you store the session in RAM.
If you use 'hidden form fields' you'll have something like ASP.NET which
uses a ViewState mechanism. If you start talking about that, there are
people that swear against :)
--
compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
Here are the things I'm looking for specifically... .
1). I need to identify users uniquely as clients in some kind of maintainable state.
2). I need to track anonymous user page views, etc. I'm guessing Application level but don't know how to track users individually doing this. Page views maybe, but not the succession in which they're viewed
Is there a way to do this without Session that isn't a pain in the a#*? Or is Session just not that bad? I've used it a lot with users that manage their "own" content but now I need to manage "all" users.
Oh, and how "safe" is Session? I need to know how hackers get into sites that use the plain old "If userID <> Session("userID ").....". Is there a way that hackers can create their own session and get by this?
Thanks!
RAM-based ASP Session state is not good in circumstances such as "recycling"
in IIS 6, and web farms. These newsgroups are full of posts such as
"...help!.. .all my session variables have disappeared" due to people being
suckered into the simplicity of ASP Sessions.
Tony Proctor
"Egbert Nierop (MVP for IIS)" <eg***********@ nospam.invalid> wrote in
message news:#T******** ******@TK2MSFTN GP12.phx.gbl... "John" <no***@amIgivin gitouthere.com> wrote in message news:K7******** **********@twis ter.nyroc.rr.co m... Ok, so Session is less than desirable, at least that's what I'm always reading. So what are real, practical alternatives? Querystrings? an endless chain of hidden form fields?? Sessions are not undesirable. It's only that the scalability gets limited
if you store the session in RAM. If you use 'hidden form fields' you'll have something like ASP.NET which uses a ViewState mechanism. If you start talking about that, there are people that swear against :)
-- compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
Here are the things I'm looking for specifically... .
1). I need to identify users uniquely as clients in some kind of maintainable state.
2). I need to track anonymous user page views, etc. I'm guessing Application level but don't know how to track users individually doing this. Page views maybe, but not the succession in which they're viewed
Is there a way to do this without Session that isn't a pain in the a#*? Or is Session just not that bad? I've used it a lot with users that manage their "own" content but now I need to manage "all" users.
Oh, and how "safe" is Session? I need to know how hackers get into
sites that use the plain old "If userID <> Session("userID ").....". Is there
a way that hackers can create their own session and get by this?
Thanks!
ok, this is stuff I need to learn. Suggestions where I can learn more
thoroughly about Session? And not just a MIcrosoft documentation please.
Those are great for reference but they are NOT good teaching materials. I'm
not a"beginner" either so I don't need my hand held. Is there anything in
the middle?
Thanks
"Tony Proctor" <tony_proctor@a imtechnology_No MoreSPAM_.com> wrote in message
news:uT******** ******@TK2MSFTN GP14.phx.gbl... RAM-based ASP Session state is not good in circumstances such as
"recycling" in IIS 6, and web farms. These newsgroups are full of posts such as "...help!.. .all my session variables have disappeared" due to people being suckered into the simplicity of ASP Sessions.
Tony Proctor
"Egbert Nierop (MVP for IIS)" <eg***********@ nospam.invalid> wrote in message news:#T******** ******@TK2MSFTN GP12.phx.gbl... "John" <no***@amIgivin gitouthere.com> wrote in message news:K7******** **********@twis ter.nyroc.rr.co m... Ok, so Session is less than desirable, at least that's what I'm always reading. So what are real, practical alternatives? Querystrings? an endless chain of hidden form fields?? Sessions are not undesirable. It's only that the scalability gets
limited if you store the session in RAM. If you use 'hidden form fields' you'll have something like ASP.NET which uses a ViewState mechanism. If you start talking about that, there are people that swear against :)
-- compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
Here are the things I'm looking for specifically... .
1). I need to identify users uniquely as clients in some kind of maintainable state.
2). I need to track anonymous user page views, etc. I'm guessing Application level but don't know how to track users individually doing this. Page views maybe, but not the succession in which they're viewed
Is there a way to do this without Session that isn't a pain in the
a#*? Or is Session just not that bad? I've used it a lot with users that
manage their "own" content but now I need to manage "all" users.
Oh, and how "safe" is Session? I need to know how hackers get into sites that use the plain old "If userID <> Session("userID ").....". Is
there a way that hackers can create their own session and get by this?
Thanks!
Why do you post this? Did I -say- that sessions in RAM are OK?
I do have a product that solves this problem very elegantly. But every
solution has it's drawbacks. So is a session in a DB demanding a lot of
resources for the DB.
--
compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
"Tony Proctor" <tony_proctor@a imtechnology_No MoreSPAM_.com> wrote in message
news:uT******** ******@TK2MSFTN GP14.phx.gbl... RAM-based ASP Session state is not good in circumstances such as "recycling" in IIS 6, and web farms. These newsgroups are full of posts such as "...help!.. .all my session variables have disappeared" due to people being suckered into the simplicity of ASP Sessions.
Tony Proctor
"Egbert Nierop (MVP for IIS)" <eg***********@ nospam.invalid> wrote in message news:#T******** ******@TK2MSFTN GP12.phx.gbl... "John" <no***@amIgivin gitouthere.com> wrote in message news:K7******** **********@twis ter.nyroc.rr.co m... > Ok, so Session is less than desirable, at least that's what I'm always > reading. So what are real, practical alternatives? Querystrings? an > endless chain of hidden form fields??
Sessions are not undesirable. It's only that the scalability gets limited if you store the session in RAM. If you use 'hidden form fields' you'll have something like ASP.NET which uses a ViewState mechanism. If you start talking about that, there are people that swear against :)
-- compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
> Here are the things I'm looking for specifically... . > > 1). I need to identify users uniquely as clients in some kind of > maintainable state. > > 2). I need to track anonymous user page views, etc. I'm guessing > Application level but don't know how to track users individually doing > this. > Page views maybe, but not the succession in which they're viewed > > Is there a way to do this without Session that isn't a pain in the a#*? > Or > is Session just not that bad? I've used it a lot with users that > manage > their "own" content but now I need to manage "all" users. > > Oh, and how "safe" is Session? I need to know how hackers get into sites > that use the plain old "If userID <> Session("userID ").....". Is there a > way that hackers can create their own session and get by this? > > Thanks! > >
My apologies Egbert. I obviously misread your post and replied too soon
Tony Proctor
"Egbert Nierop (MVP for IIS)" <eg***********@ nospam.invalid> wrote in
message news:Ol******** ******@TK2MSFTN GP09.phx.gbl... Why do you post this? Did I -say- that sessions in RAM are OK?
I do have a product that solves this problem very elegantly. But every solution has it's drawbacks. So is a session in a DB demanding a lot of resources for the DB.
-- compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
"Tony Proctor" <tony_proctor@a imtechnology_No MoreSPAM_.com> wrote in
message news:uT******** ******@TK2MSFTN GP14.phx.gbl... RAM-based ASP Session state is not good in circumstances such as "recycling" in IIS 6, and web farms. These newsgroups are full of posts such as "...help!.. .all my session variables have disappeared" due to people
being suckered into the simplicity of ASP Sessions.
Tony Proctor
"Egbert Nierop (MVP for IIS)" <eg***********@ nospam.invalid> wrote in message news:#T******** ******@TK2MSFTN GP12.phx.gbl... "John" <no***@amIgivin gitouthere.com> wrote in message news:K7******** **********@twis ter.nyroc.rr.co m... > Ok, so Session is less than desirable, at least that's what I'm
always > reading. So what are real, practical alternatives? Querystrings?
an > endless chain of hidden form fields??
Sessions are not undesirable. It's only that the scalability gets
limited if you store the session in RAM. If you use 'hidden form fields' you'll have something like ASP.NET
which uses a ViewState mechanism. If you start talking about that, there are people that swear against :)
-- compatible web farm Session replacement for Asp and Asp.Net http://www.nieropwebconsult.nl/asp_session_manager.htm
> Here are the things I'm looking for specifically... . > > 1). I need to identify users uniquely as clients in some kind of > maintainable state. > > 2). I need to track anonymous user page views, etc. I'm guessing > Application level but don't know how to track users individually
doing > this. > Page views maybe, but not the succession in which they're viewed > > Is there a way to do this without Session that isn't a pain in the
a#*? > Or > is Session just not that bad? I've used it a lot with users that > manage > their "own" content but now I need to manage "all" users. > > Oh, and how "safe" is Session? I need to know how hackers get into sites > that use the plain old "If userID <> Session("userID ").....". Is
there a > way that hackers can create their own session and get by this? > > Thanks! > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Mark |
last post by:
Ok, I know that .net inherently does not share session data across asp.net
projects, but is there any decent work around to this.
We already have a big chunk of our application using the asp.net session
object (using state service). I'd like to start breaking out
our functionality into component projects, but I'd like to get this session
issue worked out first.
Any ideas??
I found this article , but it sounds like kind of a pain.
|
by: VB Programmer |
last post by:
I often use session variables to store the user's security level, and other
important info. How secure are session variables? Can someone decrypt it
and get the information? (This would be especially important to know if the
session vars contain things like credit card numbers.)
Any better, more secure alternatives? How would you store credit card
numbers etc... temporarily if not using session vars?
Thanks!
|
by: Andy G |
last post by:
I have a registration page that captures 75% of the users data. After they
enter that info they are redirected to one of two pages depending on how
they answered a question on the registation page. My question is would it
be better to store all of the fields(15 or so) from the first page in
session variables and reference them from the next page and run ONE stored
procedure OR would it be better to run a stored procedure the first page...
|
by: Gerald |
last post by:
Hi,
Is there any know problem using session variables ?
My website won't have more than 20 simultaneous connections, and i would
like to use 5 session variables containing strings...
I know than with ASP, it was not really recommended, what about ASP.NET ?
Thanks !
|
by: Arnt O. Kvannefoss |
last post by:
Hello,
We have an asp.net application to manage events. Some users get their
session values overwritten because they open a second instance of their
browser with File > New > Window. These two instances will now share the
session values. When they move to another event in the second instance this
event's data will be overwritten when they update data for the event in the
first instance. How can we code around this problem?
Best regards...
| |
by: Schraalhans Keukenmeester |
last post by:
I am stomped with the following problem:
I have a script start.php and a second script proceed.php
Relevant (and working) sections of the code:
start.php
<?PHP
start_session();
|
by: davidkoree |
last post by:
I mean not about cookie.
Does it have something to do with operating system or browser plugin?
I appreciate any help.
|
by: greek_bill |
last post by:
Hi,
I'm interested in developing an application that needs to run on more
than one operating system. Naturally, a lot of the code will be shared
between the various OSs, with OS specific functionality being kept
separate.
I've been going over the various approaches I could follow in order to
implement the OS-specific functionality. The requirements I have are
as follows :
|
by: Samir Chouaieb |
last post by:
Hello,
I am trying to find a solution to a login mechanism for different
domains on different servers with PHP5.
I have one main domain with the user data and several other domains that
need a login to show data.
I want the user to login only once when he visits any of my domains.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |