473,735 Members | 2,116 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Cookies , Session Which is Better ? and Global.asa Question

Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.

I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.

Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.

which is safe and better .. creating cookies or creating session
variables.
can anyone give me the comparision
Jul 19 '05 #1
2 3344
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo .com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.
That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.
Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.
Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.
Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff
Jul 19 '05 #2
A little addition to Jeff's well thought out response:
COOKIES:
Cookies are best used when storing information that is generic like
browser settings, colors etc. for ( in most cases ) a longer amount of
time.

YOU SHOULD NEVER STORE PERSONALLY IDENTIFIABLE INFORMATION IN A
COOKIE!!!!!
The main reason for this being is safety, most people would store a
user name in a cookie name like uname or user or username or
user_name. I could write code that would run through those
combinations and the combinations of any other bit of information,
email, pw's ip's where they've surfed etc. and steal that information
to use for what ever purpose I needed.

If you needed to store personal information in a cookie use non
standard naming conventions and think about encrypting any specific
personal information you need to store. But like I said use as a last
resort.

Cookies (in most cases) can be called from multiple sites depending on
what you store in the info and know how to access it.

One advantage of using cookies is that the persons machine bears the
brunt of setting the cookie, storing that information etc. Unlike
sessions where the server takes the hit for having to store that
information.

SESSIONS:
Sessions are just as dangerous when storing personal information but
the danger is lessened if the server is "secured" etc. Although not
impossible - its much harder for me to hijack session information from
a user then it is for me to hijack cookie information. The server that
..asp file is running on bears the brunt of storing session information
in memory. Meaning, if you have a lot of people hitting your site at
any given time - server performance is reduced becuase the server is
using more memory to store session information.

The average time a session lasts is 20 mins. So, when your browser
hits the site the sessions starts counting down from there.

Sessions (in most cases) are site specific. It is possible to transfer
sessions to other sites but its not very practical.

Sessions do not die after the browser has closed down. If you have a
logout button on your site - make sure you use session.abandon to
kill any unwanted and unused sessions.

Rules of thumb for deciding which is better for your sites needs.
1. hi-traffic sites - use cookies
Moves some of the load off the server onto the persons browser

2. e-commerce sites - use sessions
quick and easy and doesnt store any personal information the persons
computer - can be killed once transaction is complete and the person
moves on to other websites.

3. site customization - use cookies
usually information like this is innoculous and is of no use to anyone
but your website.

Hope this helps a little
- Bastard
On Sat, 24 Jul 2004 13:56:19 GMT, je*********@zin a.com (Jeff Cochran)
wrote:
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo .com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.


That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.


Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications . But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.


Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.


Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantage s in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff


Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
1775
by: TG | last post by:
How can I test to ensure a visitors browser allows for cookies? When I recently setup my browser to not allow cookies and I visited my website my global and session variables stopped working between pages. Once I set allow cookies back on, it started working again. Thanks in advance.
2
3505
by: kublai khan | last post by:
I am coming from (an elementary-level) javascript background. I set cookiesin select pages to see where the users are coming from and where they are going. It works quite nicely except that I'd like to write the data into a file and look at it. I have reached a dead end with JS it seems. I have thought about implementing the same with PHP (I know nothing about it but I'm willing to learn) but the disadvantage of PHP as I understand is that...
1
2821
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am missing the big picture. Is it like this: 1. user comes to site 2. user does something (e.g. a search) that may be useful later => session
9
2536
by: | last post by:
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?
0
2712
by: bb | last post by:
Hello In my Session_OnStart in Global.asa, I am setting some cookies. One of them, I set as follows: dim UserID UserID = Request.ServerVariables("LOGON_USER") Response.Cookies("User")("ID") = UCASE(UserID) When I immediately log the cookie value retrieved from
3
3850
by: Joey Powell | last post by:
This message was originally posted to the aspnet.security newsgroup, but no one there has ever heard of this before. That is why I am posting this message here, so that more people will see it... On my asp.net application, suddenly the forms authentication cookies for clients have quit expiring. This results in users being able to access the site from day to day without having to log in, even if their browers are closed and reopened...
3
7875
by: Peter Row | last post by:
Hi, I better get the background stuff out the way first, so here goes: - Porting a VB6 webclass app to VB.NET using HttpHandlers and FormsAuthentication - When someone visits my site unbeknown to them they are automatically logged in as a guest via the .NET forms authentication.
0
2202
by: Mach Runner | last post by:
I am implementing a secure website using the ASP.NET FormsAuthentication model. I have taken the simplest code examples from MSDN (login.aspx,default.aspx, web.config) but cannot get proper behavior on my machine. As an unauthenticated user, I navigate to the website http://localhost/XXX. global.Authenticate_Request considers sending default.apsx but cannot find any authentication cookie in the Context object, so the request is...
10
1665
by: _Who | last post by:
Given Request.Cookies and Response.Cookies in asp.net is there any reason to ever use javascript or any other method to use cookies? Thanks
0
9466
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9327
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9253
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9201
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6747
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6049
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4564
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4823
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
2190
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.